Every day it seems there is a new story about new "big data" systems are going to make things better ... The latest news like this came from inBloom Inc. ... The records can be comprehensive and inBloom doesn't need students' parents to consent to have their records in the database. ... We need to empower students with their own personal clouds. They must be able to download their own student learning records. They must be able to share them with companies and services that will work on their behalf.
Another very disconcerting piece of news about onine identities and their use. I wrote something about this for the first time almost 2 years ago (http://tiny.cc/cdiktw), pointing out that there are two things to be afraid of, the Big Brother-like use and the Kafkaesque use. In the former case, it is just a company or government body sitting on a large body of data and doing with it whatever they want. In the second much more disconcerting case, it is such companies or governemental bodies acting as intransparant bureaucracies and making inferences on the bases of those data that we are not privy to. In the inBloom case, Kaliya is referring to the Big Brother aspect, but once iBloom sits on those data, the Kafka scenario is not far away. So, kids could be denied access to some college because of data provided by inBloom combined with data from other sources, and the victim will never learn what exactly was the reason behind the refusal. Parenthetically, this kind of scenario becomes the more likely in a world in which education becomes privatised as companies have a lot of discretionary powers.
So, even if inBloom's purposes are beyond reproach and entirely laudable, building massive database of such datanot is not a good idea. It isn't needed either. The first step to a solution is sketched by Kaliya: everybody keeps his or her own data in a 'personal cloud' as she calls it, only to make them available to 'the market' via a trusted organisation. This is only a first step as the problem of how to manage these trust relationships comes next. This is not trivial as people will have an increasing number of those relationships to manage, that is, establish, monitor and update. A year ago I wrote a blog, summarising the findings of a then recent PhD thesis, which outlined how these policies could be made manageable (http://tiny.cc/7qiktw). Without spelling out the details, public-private pair encryption plays a key role, on top of which management policies are defined that are somehow embedded in the keys. By carefully distributing keys to (groups) of parties, data access can be made manageable.
So, in the present case, inBloom could request access to al the data they want, they could be given access keys to allow that, but it would be under the permanent control of the parents of the children involved to what data they are given access, for what purposes and for how long. Keys can be revoked or access rights attached to them can be changed. So if inBloom were to make uncontractual use of the data, it would be easy to make it impossible for them to continue doing so. It is in this direction the management of our online identities, consisting of data, should go, not in the direction of big databases. (@pbsloep)