ntouk.com - Jerry Fishenden's technology policy blog

I trust a PhD researcher somewhere is digging deep into the psychology of the whole debate around identity, privacy, security and issues regarding civil liberties and societal safety. It's a rich vein of the kind not seen since gold was struck in the Klondike.

So it's day 2 here at eSmart 2006 which sees a wide range of continuing streams on eID, smartcards and related issues. No wonder so many policymakers find it hard to make sense of the multitude of claims made about different technologies: it's hard to distinguish between marketing and evidential issues, hard to separate hype from reality. And that's for those of us in the industry long experienced with distinguishing between aspiration and sales claims versus evidence.

Interesting things are happening in the convergence of traditional "smartcards" and the use of mobile phones as trusted devices, using nearfield communications. I'm left in little doubt that future mobile phones will provide the functionality and security that previously smartcards claimed as their own. They have the potential to be our identity devices, enabling us to identify and authenticate ourselves. Let's just hope they also comply with the laws of identity.

So after a day in and out of sessions on a variety of technologies and projects, and discussions over coffee and wine (this is France after all), I find myself debating on the closing panel of the day. The topic is broadly about whether smartcards will follow the same trajectory as PCs - which I take to mean will become ubiquitous, commonplace and part of the daily fabric of our lives. Betrand, who is running the session, cleverly sets it up as a series of questions with binary answers: which we, as the panel, have to respond to and ultimately answer "yes" or "no" - and which is then opened to the floor. When we get it "wrong", humiliation from the floor.

The questions are awkward ones - such as which of Google or Microsoft will most impact the future "smartcard" market. And whilst we as a panel are 80% in favour of Microsoft, the audience are 50/50. Sobering. And good to hear in terms of understanding how we are still perceived as a company. I spend so much time on the frontline, feeling just how much people judge our company. Which is healthy and good - we need to understand the reality, the way in which both consumers and those in the industry view us. That doesn't always make it easy at the personal level. But I hope over time that people will begin to listen to and understand where we come from: history is a cruel master. But we have learnt, continue to learn. I think in the work of Kim Cameron and others you have an insight into the true nature of Microsoft today.

And then in my closing call - when finally as a panel we can make our own speech - I aim to be brief and pointed. We may as an industry be fixing the "micro" level issues about security, but we're in danger of losing the "macro" level. People are the key component in everything we design. If we forget that, we forget everything. Kim's "laws of identity" are not just some abstract concept, but something the whole industry needs to bear in mind in everything it does.

It would be disappointing indeed if people let past prejudice against Microsoft prevent what could be a rich, privacy-aware, secure and citizen-centric architecture come into being. History may be bunk - but it's not if you learn from it. And that's precisely what Microsoft has done. Take a breath and take the time to check us out with open, not blinkered, eyes.

I hope that's not too much to ask.

security identity privacy technology policy Microsoft