[WEB4LIB] Re: customization is a double-edged sword

Eric Hellman eric at openly.com
Mon Oct 23 11:22:03 EDT 2000 

It is technically quite easy to securely verify membership in a group 
while retaining a user's anonymity; it is much, much harder to secure 
the cooperation between interested parties which is required to make 
such a system work.

Of course you have to verify identities at some point. But while you 
can trace forward to determine that a user has been validated, the 
validation can be constructed in such a way that the reverse trace is 
computationally impossible.

We have a weak version of this in place for LinkBaton; a library can 
mark its users for us without any individual being identifiable. 
Strong systems using digital certificates are being worked on by a 
number of groups in the Digital Library community. I think that the 
issue of user-identifiability will become an increasing point of 
contention between users, libraries and publishers, because the 
information is so valuable.

Eric

At 7:44 AM -0700 10/23/00, Eric Lease Morgan wrote:
>Thomas Dowling (tdowling at ohiolink.edu) wrote:
>
>  >> The disadvantage is privacy. It is possible to know what individuals are
>  >> using and what individuals are interested in. While, as a profession, we
>  >> regularly purge our circulation records, we can not regularly purge our
>  >> "MyLibrary" profiles. Doing so would defeat the purpose of the 
>entire system.
>  >> What are we going to do when the FBI comes knocking on our door 
>asking to see
>  >> the profile of an individual who is making death threats?
>  >>
>  > It seems to me that part of the answer should be addressed in 
>software; design
>  > the customization program so that it either cannot, or can be 
>configured not
>  > to, associate an individual's identity with the profile (at least 
>not on the
>  > server side).
>
>If I understand this correctly, then I don't think this is (completely)
>possible because of our licensed data.
>
>In order to provide access to licensed data we, as a profession, must make
>sure individual users are a member of our community. It is not possible to
>retain a person's anonymity *and* validate their existence in a user group.
>Is it?
>
>--
>Eric Lease Morgan

Eric Hellman
Openly Informatics, Inc.
http://www.openly.com/           21st Century Information Infrastructure
LinkBaton: Your Links that Learn     http://my.linkbaton.com/

More information about the Web4lib mailing list