Monday, 7 January 2008

The Onwards Delegation Problem

At the heart of the recent Scoble vs Facebook problem we see one of the big potential evils of the Web; insecure onwards delegation. A real tough nut to crack.

Would you like to come rifling through my filing cabinets? Perhaps take and copy a few things you think are interesting? There's very few people I'd trust to do that, maybe just my bookkeeper. What risks am I exposed to if my bookkeeper and I share data in, say Google Spreadsheets? Because we can. Because it's there. Because it's free.

(B-oo-kk-ee-p-e-r incidentally, is the only word in the English language I'm aware of with three double letters in a row. I'd love to be shown others...)

Google Docs, and similar applications which work in the internet security domain often have these super-cool collaboration features, which enable me and my numbers guy to do work together so much more easily, with so much friction removed, like, snail-mail. It wasn't very long ago folks, not really, that most post that turned up in your house was actually important, and not just paper copies of stuff you could see, at your leisure, online. You used to run your life through things that arrived by post - statements, bills, magazine subscriptions you didn't see any other way

Any data I share on this inter-web 2.0 thing, is not secure from vindictive behaviour by my chosen collaborators. If a so-called-friend turns on me; or maybe I don't pay a bill, then someone might start forwarding copies of my data, and maybe even delegated rights to change stuff along with it. In some industries, such as banking or health, there's a good deal of control over delegation; consequently even with someone on the inside, it's increasingly hard to hack a bank. Meaning sadly another possible childhood "what I want to be when I grow up" dream bit the dust.

All this modern social software though, it makes it pretty easy to share stuff, consequently maybe too many folk can get at some pretty personal details now.

I think it's quite possible we have a couple of high profile privacy scandals coming up soon, where a new kind of phishing attack appears that gets virally into some social network and starts leaking "innocent" peoples data to nasty people as it spreads. How many of you, if you're in my Facebook friends list, and I tell you to add a seemingly cool application, go ahead and do that? Do you click all the defaults for security, and maybe let it then act as you and send itself to your list? How identifiable does that make you? How many links, on or off facebook does the agent need to follow - with the delegated rights to your profile - in order to do damage to your online reputation, or worse, in real-i-tea. Let me ask you, before you added the evil app I seemed to recommend, did you think that my account could be compromised?

What we need is some system that says and checks up. For sure, ok, you can see the names of all my girlfriends, but don't tell anyone else (they get jealous). And if you do I curse you with my fiery daemons and my killer LISP attack.

I need to have full visibility of what people do with their access to my data, so that I can analyse it for security breaches - in real time, probably using a highly trusted agent that someone else wrote... (ad infinitum).

Better still, i need to have full control of delegation rights, where I can specify user rights such as canReadUntil, canWriteUntil, canTransferRights, and use them for specifying delegation tokens. Course it needs to be user understandable - and therein lies the conundrum. As social software becomes easier to use, across devices and networks, and with the flexible mashability that is so useful for avoiding context switching (between applications), people will release more and more data into a collaborative cloud without second guessing the consequences. Early adopters are vulnerable especially if they think themselves invincible.

What we have right now just isn't good enough for a world of consumers who want software agents to act on their behalves. Not that they've realised yet that it already happens...

So, guys at oAuth, SecPal, or anyone else with some interesting delegation work going on, please tell me, how's the plumbing going? And how on earth do we surface it to the novice so that they can use it, without it feeling like a big step backwards just for the sake of security (perhaps like Vista does)?

Am I missing a trick, are we seeing instead a natural evolution towards a universal mind meld, and the inevitable, painful, data leaks just a way of bringing us closer to full Gaian consciousness?

Whatever, I'm sure it would all be fine as long as we could just be excellent to each other


DE said...

I used to play EVE (while I was legitamtely researching MMORPGs of course).

This has a social unit like a clan, called a corporation. And one of the nasty social attacks that became prevelant were players that joined corporations, behaved themselves, gained trust, and then when given access to the stores raided everything and disappeared.

And this was considered to be part of the game. Hence it may well be that MMORPGs, being a bit ahead of the curve with respect to social network maintanence, may come to the most appropriate solutions first.

JayFresh said...

"Am I missing a trick, are we seeing instead a natural evolution towards a universal mind meld, and the inevitable, painful, data leaks just a way of bringing us closer to full Gaian consciousness?"

Whatever measures we put in to secure systems, you will still get the accidents. The more our communications become broadcast in nature (Twitter, Facebook), the amount of information we reveal about ourselves is multiplied by the size of the audience.

What happens when you Twitter "my boss is a c*nt" when you meant to send it to your girlfriend?

Society will have to adapt I guess, or we'll suddenly find a lot more people being fired, dumped or locked up...

Tim Stevens said...

I guess what I'm wondering is if we need some sort of signing and tracking framework for digital data. Or is this just putting DRM madness on to our personal data?

Would this be a good thing or a bad thing, even it it were achieveable?

The recent high profile case of the lost UK government child support records, which we haven't even begun to feel the consequences of, is even scarier than Scoble exporting a bunch of data from Facebook, but probably more preventable.

Inside organisations we have data classification rules, and hard-to-enforce policies about what can and can't be done with that data. Do we need that for consumer data too?

Nigel Pepper said...

wow - some really good points raised here. It will indeed be interesting to see what the oAuth guys come up with to solve this. I was musing today on how easy it would be to write a bot which would iterate over my twitter friends and theirs and so on spending them a direct Message and hence (in most cases) an SMS. Free direct marketing?

With the likes of applications which provide more complex social interactions and relationship models (friends, girlfriends, lovers, colleagues etc) the potential for nefarity (is that a word?) is even greater.

Tim Stevens

Tim Stevens
Be Silent