John Battelle blogged today about a topic he’s covered in the past, a Data Bill of Rights. He makes the case for greater transparency from search and other online service companies. And he outlines a list of terms for the use of consumer attention by these organizations.

- Data Transparency. We can identify and review the data that companies have about us. A sticky issue is whether we can also identify and review data that is made about us based on other data the company might have. (IE, based on your behavior, we at Amazon know you might also like….)
- Data Portability. We can take copies of that data out of the company’s coffers and offer it to others or just keep copies for ourselves.
- Data Editing. We can request deletions, editing, clarifications of our data for accuracy and privacy.
- Data Anonymity. We can request that our data not be used, cognizant of the fact that that may mean services are unavailable to us.
- Data Use. We have rights to know how our data is being used inside a company.
- Data Value. The right to sell our data to the highest bidder.
- Data Permissions. The right to set permissions as to who might use/benefit from/have access to our data.

While this isn’t directly in line with what Trufina does, it’s certainly in step with our corporate mission and our perspective that users should control their information, and should be able to protect their privacy online.

There’s at least one Dot-Org taking a look at this issue: AttentionTrust. The brainchild of one of the brainiest people I’ve ever known, Seth Goldstein, who’s launched several companies with the intention of shaping and monetizing the “attention economy�.

‘The recent spamacornucopia means more than $10 BILLION DOLLARS OF YOUR DATA IS BEING EXCHANGED AMONG BUYERS AND SELLERS THAT YOU DON’T CONTROL, starting with DoubleClick (and H&F their private equity owner) and Google, and then Right Media (Redpoint) and Yahoo!, and then 24/7 and WPP, and now aQuantive and Microsoft.’

Between recent ad network acquisitions, the report from Privacy International which ranked Google at the bottom of a list of major internet companies for privacy, and the Apples iTunes debate, the issue has become a hot topic again among professionals.

‘Privacy can be a touchy subject; generally people want their privacy maintained and yet the delivery of many services from Internet startups is dependent on personal data to deliver personalized content. It has long been known that Google gathers more personal data than any other company, yet Google’s growing marketshare would seem to indicate that people are willing to ignore these privacy concerns. From an industry perspective, personalization is a defining quality of the new Internet – without this data we would be winding the clocks back to 1999.’

It’s great to see some of the smartest people in our business thinking and talking about these issues. It would be just as interesting to hear what the rest of the community has to say about it. There are any number of companies, individuals and organizations committed to issues of consumer privacy protection. Beyond that, there are folks taking care of “family identity management� and using ecommerce and online services daily. We’d love to have greater insights into their needs and concerns.

There’s an active discussion among privacy and digital rights management groups about the recent disclosure that Apple is embedding some identifying information in songs purchased from iTunes. Apple is embedding its customers’ names and email addresses in the clear (e.g. without encryption) into files purchased from the iTunes Store. The ostensible rationale for this is to discourage people from sharing music purchased on iTunes via P2P networks.

Randy Picker of the University of Chicago Law School posted about this yesterday, with a thoughtful analysis from the legal perspective. He examines various possible justifications for this practice, and questions the need for open disclosure of the identification information, versus encryption. Picker concludes that Apple should tread carefully in this, and clarify its intent.

‘So far, Apple doesn’t seem to be saying much about what it is doing. It needs to be careful. As the Sony BMG fiasco—also discussed in the paper—emphasizes, content owners may not get that many opportunities to establish technological protection schemes. Each one they get wrong makes it that much harder to try another scheme later, given the adverse public relations fallout.’

The EFF reacted more stridently to the situation, saying that there was no justification for this undisclosed invasion of privacy.

‘But there is simply no good excuse here for Apple to embed PII in the clear into every song purchased from the iTunes Store. Especially when they didn’t inform customers that they were doing so.’

And even popular Apple blogs have questioned the rationale behind this approach to DRM.

‘The big question, of course, is what might Apple do with this information? Because it can be spoofed, it’s not exactly the best way to determine who is sharing music …’

We’re big fans of Apple here at Trufina. Most of us are devoted Mac users and we admire their insight into consumers and brilliant marketing and product design strategies. That’s why it’s truly strange they would begin such an anti customer-centric practice.

Apple isn’t saying much about this issue. I hope they clarify things soon. Piracy prevention is one thing. Privacy invasion is another.

Update:

Kim Cameron posted on this issue several times over the weekend. There’s not a tremendous amount of analysis, but he ends with one interesting question:

‘I would have thought that in light of their previous experience, Apple would have been very up front about the fact that they are embedding your name and email address in the files they give you. After all, it is PII, and I would think it would require your knowledge and approval.

I wonder what the Europeans will make of this?’

He’s right, that will be interesting.

There’s a terrific article by J. Nicholas Hoover in Information Week that outlines the current landscape of online identity management. Hoover concisely explains some of the toughest issues facing the IdM community: verification, authentication, user-control, and portability, just to name a few. He sums it up well:

“Most people don’t want their personal information–name, e-mail address, accomplishments–available for anyone to see at any time. One of the challenges of digital IDs and credentialing systems will be to give users control over what gets shared, when, and with whom. The Web’s cloak of anonymity must stay in place unless we tell it otherwise.â€?

As Hoover explains in his article the current online identity landscape is somewhat fragmented as folks debate which technologies will surpass others. There are identity verification services and identity management platforms. There are reputation systems and ways to gather your online information. And there are ways to do background checks or to monitor your credit status.

At Trufina we talk about these issues every day. And we don’t have all the answers. But there are a few values we’re committed to. These form the basis of our product strategy and guide our decisions when we consider new ideas for products or services.

We believe that you should be in control of your personal information online. We believe that you should have confidence in online transactions. And we believe that you should be able to protect your privacy (and your children’s privacy) online.

We think the conversation needs to shift, and that we should spend less time talking and more time listening to what people actually need and want. The explosive growth of the Internet and so-called “Web 2.0� sites and services like MySpace, YouTube and eBay means that issues of online privacy, security and trust have become critical. As a community we need to solve them. I suggest that we take a page from the Web 2.0 handbook and collaborate with our users to figure out the right solutions.

Just a quick post to let you know that we revised our website, with a new look, and more information about the product, and how it can be used to improve your use of the internet. We’ve also spent a lot of time improving our back end support/email tracking systems. We hope that if you have any questions, comments, or feedback, you will write into us.