Tuesday, September 25, 2007

If I keep it all in my wallet, where's my backup?

Michael O'Connor Clarke writes
I'm still not quite sure where I'm going with this, but I feel the need for some secure, personal repository that would hold all of my connections and "whuffie" together. I want to keep my whuffie in my wallet - but not in a Microsoft Passport/Hailstorm kind of way. Ack, no.
And here's the dilemma. On the one hand, if I carry all my connections with me physically, I had better have a backup somewhere. Maybe I have it on a machine at home, and maybe I keep backups of that on DVD or something in a safe deposit box at the bank?

That's not so good. It puts me in the data integrity/security business, which I'm almost certainly not as good at as the next guy. It's essentially equivalent to keeping my money in cash under my mattress. Some people do it, and they have their reasons, but most of us don't.

Another option is to let one of the major players keep track of everything for you. I agree: ack, no. A major player has too much of a vested interest in trying to steer me towards its products and making it more difficult to use those of other players (major and minor). To that end it would like very much to know every little thing about my buying and browsing habits, those of my friends and so forth.

How about my ISP? It's a neutral party, and I pretty much trust it not to lose my data. I don't, however, trust it completely not to let anyone else access my data, either by accident, through a disgruntled employee, or to malicious hacking. I can mitigate that at least a bit by encrypting the data I keep on the ISP. The tools are there, at least mostly, but not as robustly or seamlessly is I'd like.

If nothing else, the pipe between me and my ISP's servers is just too thin right now to, say, keep all my music, photos, videos and such online conveniently. Right now I could probably get away with things like passwords, profiles and other metadata, calendars, contacts and such but then I have to keep that sequestered from everything else. It's much simpler just to keep everything in one place.

If the problem is cash under the mattress, the solution is banks, at least in some form ("databanks" ... what a concept). These would probably be more like ISPs than anything else currently around, but with some significant differences:
  • Regulation: Banks are tightly regulated (though not as tightly as they used to be), with requirements for things like reserves and accounting standards. ISPs are market-regulated, which works fine for QoS matters like uptime and storage cost, but if they're going to store the keys to the kingdom, I don't think that will be enough.
  • Liability: If I'm going to trust someone else with my highly personal details, I want to know that someone's butt is on the line if they screw up and leak it. I'd also like to know I'd be compensated, but I'm more interested in prevention than redress. This could happen either through market forces or legal requirements, but either way it needs to happen.
  • Access: Ideally, I'd like to a have high-speed, secure pipe between me and my databank at all times, whether I'm at my laptop or on a plane without it (like that would happen). If I buy a new phone, I want to know that whatever brand I go with it will Just Work reliably and securely with the databank. This is just part of the 4G vision.
  • Access control: I want to be able to grant other parties access to selected pockets (more on that later) but be sure that no one has access outside what I want to share. I want to do this simply and securely, without having to mount special file systems, futz around with keys all the time or whatever.
We can certainly get a lot done without databanks of this sort, but it seems to me that something like this is going to happen sooner or later, and a lot of cool stuff will be enabled when it does.

No comments: