FDA Hacked | When Is a Database Nothing More than a Digital Filing Cabinet? (Part 2)

We start Part 2 of “When is a Database nothing more than a digital filing cabinet?” where we left off in Part 1. According to Wikipedia, “a database is an organized collection of data.”
If we truly embrace this definition of data, then we can completely redefine the issues of security, privacy, interoperability and identity. However, there are two essential words in this short definition of a database. One of them is data; the other key word is “organized.” Nowhere in the idea of organizing data is a further definition of when it must be organized. We used to organize data by carving information into wet mud that then dried into tablets. We progressed to scribes replicating information with ink on papyrus and really accelerated things when Gutenberg rethought the wine press and moveable type with the printing press. Unfortunately, for all the horsepower and capacity of our databases, our organizing principles remain paper-based. Continue Reading →

FDA Hacked | When Is a Database Nothing More than a Digital Filing Cabinet? (Part 1)

The title of this post is a well worn meme for CLOUD, but the recent hacking of the FDA’s systems forces yet another revisiting of the topic. Rather than asking lawmakers for the FDA to launch a third-party audit of its recent breach, “FDA Hacked, Drugmakers Want Proof that Proprietary Data is Safe,” PhRMA and BIO should ask that the architecture of data on the Internet itself be revisited. The current notions of a database are antiquated, and until we rethink the problem, we will have breaches like this one, the 40 million credit cards of consumers at Target and many, many others.
The simple problem is this. Current security models for databases are akin to building moats around castles, with the digital analogs of wider moats and more alligators used to increase security.  I am certain there are many definitions for a database, but I went  to trusty Wikipedia for this one. “A database is an organized collection of data.

Nowhere in this brief definition does it mention that the database has to be managed by a DBMS. Continue Reading →

A View from the CLOUD – Has Communication Really Changed? (Part 2)

There was a wonderful show in the late 1960s and early 1970s called Laugh-In. As a young child at the time, it was my first memory of watching television with my mom and dad. I can’t remember if it was shown on the same night as the Muppet Show, but they both seem to go together in my memories. They were both quick and witty, and they made me laugh, even at the jokes only my mom and dad seemed to get.

Laugh-In featured many guests in addition to its hosts Dick Martin and Dan Rowan. One of those guests was Lily Tomlin who played Ernestine the Telephone Operator. She was famous for the line, “one ringy dingy.”

That line kept popping up in my mind as I prepared to write a follow-on blog post to A View from the CLOUD: Has Communication Really Changed (Part 1)  The Laugh-in video of Ernestine the Telephone Operator is worth a quick watch now, both for a good laugh and to frame the rest of this blog post. In addition to laying the foundation for a piece on communication, it quite surprisingly also raised issues of privacy and security… Lily calls it omnipotent (that’s potent with an omni in front). I’ll tackle those in a separate post… Continue Reading →

CLOUDDimensions: Monetary Instruments Though the Lens of WHO, WHAT, WHEN & WHERE (Part 2 – Credit & Debit Cards)

Since the first installment of monetary instruments through the lens of CLOUD Dimensions, I’ve had the pleasure of attending both SWIFT’s Operations Forum of the Americas and am in the midst of the South by Southwest Interactive. Earlier today, I attended two panels at SXSWi. One was on the topic of consumer lending, and the second was on the topic of bank innovation.  Each of these events have added to my thinking on this topic, as well as reinforced my belief that we need to dig below our conceptions of money and banks to truly understand where the advance of technology is taking both us and our future economy.

Throughout the second panel, ably led by Brett King of Banks 2.0 fame, I found myself repetitively tweeting the same meme that is developing here on monetary instruments. “Money has always been mobile.” We once moved it around by stagecoach. With the advance of technology, we’ve added checks, debit and credit cards to the mix. And, as was pointed out during the bank innovation panel at SXSWi, we are now adding mobile devices to the mix, too.

Whether by stage coach, card or mobile, however, each of these mechanisms is simply a distribution mechanism for the money itself. Mobile hasn’t reinvented money, it has just become the stagecoach of the 21st century. So, to understand the future of banks and monetary instruments, we must continue to think about the ways in which we use money as a medium of exchange, unit of account, and a store of value. Because it is in its role as a store of value, that the magic of money can be advanced in the 21st century. Money began as commodity money. Early coins, like shekels, had value based on the weight of a commodity. In the case of shekels, that commodity was barley (citation to wikipedia). Of course, money is now digitally recorded, so we must ask ourselves, how do we ‘weigh’ the value of money in the 21st century?

I began this journey over the meaning of money at Sibos in Amsterdam, and the conversation continues at Chris Skinner’s blog at the Financial Services Club in his post on “Money is meaningless.” CLOUD has added some additional comments on this topic at the FSC blog. The other comments are also worth your attention.

To be continued….

CLOUDDimensions: Monetary Instruments Though the Lens of WHO, WHAT, WHEN & WHERE (Part 1 – Checks)

As I was reading through my opinion piece from Sibos 2010, so graciously included by the editors in the latest SWIFT Dialogue magazine, a number of additional thoughts began to strike me about our monetary instruments and the sheer number of tags that intersect through them.

Late last year, I put together a series of posts in the standards section of our CLOUD website on the dimensions of CTML, outlining the basics of WHO, WHAT, WHEN and WHERE I Am™.  Each of these individual posts looked at these dimensions through the lens of an individual, however, these axes can extend beyond people.  They are equally capable of being applied to other physical artifacts, like our monetary instruments, the most common of which are check, debit cards and credit cards.

The goal of this discussion is to explore these four dimensions and how they intersect through our monetary instruments, starting with the most traditional of instruments, a check and then building on this same exercise with other instruments like credit and debit cards.  These individual posts on monetary instruments will lay the foundation for a broader whitepaper on payment systems and how they could work in a future CLOUD-enabled Internet.  I’m looking forward to the work session on the payments landscape in 2011 at SWIFT’s Operations Forum – Americas in NYC next week to get a better sense of the industry’s current thinking on the topic.

As you read through this thinking, it may be useful to pull out a check from your wallet, purse, briefcase or office drawer and take a look at it from the view of CLOUD’s dimensions. The first thing I noticed when I looked at one of my own checks was the fact that there are three separate instances of a WHO tag on this piece of paper.  One of these WHO tags is in the top left and bottom right corners of most checks.  In the case of my check, my name, my wife’s name and our address is in the top left corner.  This same exact tag is also found in the bottom right corner. Of course, in this case, the WHO tag is represented as a machine-readable number, my account number, but in essence, it represents the same information that is found in the top left corner.

The next set of WHO tags is found in the bottom left-hand corner of the check and not far above it in the same region of the check.  This WHO is both the human-readable and machine-readable tags representing the bank that holds my account. The machine-readable tag is commonly known as a routing number.  The final WHO tag is the one which we write on the “Pay to the Order Of” line.  It indicates to whom these funds will be remitted.

Before moving on to the WHAT I Am and WHEN I Am™ tags found on our checks, it is important to point out that a check is not actually money (obvious but worth restating).  In a sense, it is a distribution tag that states how my funds are to be moved.  The same is true of debit and credit cards.  They aren’t money either.  They, too, are distribution mechanisms that state how, when and under what terms money is to be exchanged.  I won’t dwell on the topic here, but it is possible, and very likely, that we each have not only checks that we use for our banking relationship but debit cards and credit cards that come from the same institution.  In the case of the debit card, it really isn’t a different monetary instrument at all but simply another distribution tag that streamlines the paper process of a check.  And, for that matter, the credit card is the same as the debit card, except I’m not moving the underlying funds from my own account but “borrowing” them under specific credit and interest terms for the money that I will have available to me in the future, just not now.  More on this line of thinking later…

So, let’s return to our check and the CLOUD Dimensions associated with it.  In the top right hand corner of our check, we have a line for the date, something we call WHEN I Am in the language of CTML.  This WHEN I Am could be today or a date in the future.  It is a way of saying to the payee and the bank when the funds can be exchanged. We also have a place for a WHAT, which we represent both numerically and in words.  Of course, I’m referring to the amount of funds to be exchanged.

What I discovered going through this exercise is that this one ‘monetary instrument’ is basically a large physical tag cloud to use an Internet term.  On this one piece of paper, there are a significant number of tags, each representing not only a unique piece of information but also representing a number of interacting relationships, all of which have “context” because the tag cloud all occurs on this one piece of paper.  The next post on CLOUD Dimensions and monetary instruments will look at this idea of tag clouds and their representation by credit and debit cards.

A View from the CLOUD: Has Communication Really Changed? (Part 1)

Every so often, it is useful not having a computer science degree. As a liberal arts undergraduate, with an MBA and JD, I am liberated to ask questions that may seem trite to the most seasoned veterans of technology. One of those questions is about email, and with Walgreens and McDonald’s email marketing lists being hacked recently and Angela Levin of the Daily Mail asking deeper questions about privacy and Google’s free email, now seems like a good time to think about email from a CLOUD point of view.

The “Hamburgling” of McDonald’s and Walgreen’s email lists speaks to security and where data is stored, while the article on Google’s free email points to far deeper issues about how we view and use the Internet. In the case of Walgreens and McDonald’s, the information for communicating with me is stored in their databases. In the case of Google, not only is my email address stored in their database but all of my emails are on their servers, too. None of this is unique to these specific companies. The problem is we have replicated our approach to information in the paper-based era with similar views of information in the Internet era. The virtual world is simply not the same as the physical world, and this recent incident with emails shows how CLOUD’s view of the Internet can completely change the approach that allowed these hackers to be successful.

The issue to be addressed here is not so much how the hackers were able to succeed in their theft but instead what CLOUD’s future model for the Internet can mean to our communications in general. At the general level, we have a 2 X 2 matrix by which we communicate. There are synchronous and asynchronous conversations, and there are one to one or one to many communications. Whether through physical means or electronic ones, the matrix is still relevant to describing the paths by which we connect and receive messages.The examples in this matrix are not meant to be exhaustive but illustrative.

For each of these communication “vectors,” we have a tag. We may have a phone number, a Skype name, an email address, our physical residence or mailing address, or a Twitter name. Interestingly, each of these tags has one thing in common. Us. No matter what the communication vector or path, the message still leads to us. So, really all someone needs to know about me to communicate with me is me. Call it the ultimate version of ME 1.0!

At this point, you may be asking what any of this has to do with the hacking of the marketing databases at Walgreens, McDonald’s and others. In today’s model for communicating on the Internet, everybody that wants to communicate with me has to store each and every one of my unique tags to do so.  Whether it is email or phone or Twitter, this means that each of my addresses or “tags” has to be stored in every database at every company that wants to send me a message, which leads to the outcomes that McDonald’s describes as a “Unauthorized Customer Data Access.”

What if the various mechanisms for communicating with me were in my control? What if all you needed to know about me to communicate with me was me. In a CLOUD-enabled world, local ownership and use of data extends to our communication vectors. In each case, phone number, Twitter handle, email address or physical address, these “tags” are associated with me and are in my control. As a result, I am able to decide how these tags are managed. Walgreens would never need to know nor store any of this information.

Let’s think through how this might work. Since Walgreens is the “pharmacy that America trusts,” I may have decided to enter into a relationship with them on multiple fronts. Let’s suppose I’ve placed an order for photos. Obviously, photos are physical items, and as a result, Walgreens will need to mail them to my physical address. If I have shared this “tag,” when they print out their mailing label for shipment, my physical address gets printed. No need for them to store it, because I’m managing this communication vector on my terms. Now let’s suppose that I’ve also entrusted Walgreens with my pharmaceutical needs. Depending on the urgency of these communications, I may have allowed Walgreens access to multiple points of access to me. They don’t need to know which ones, because I’m managing it. If there is a recall on a drug, I may choose to have such a message sent to me in three ways: text, phone call and email. Walgreens doesn’t need to worry about which one I have chosen, they just need to send out the urgent message, and, for audit purposes, know that I’ve received the message, no matter which channel I have chosen to receive it through.

A world of ME 1.0 not only changes privacy, security and data portability, but it can change communications, too.  When the Internet starts with us, communications are no longer pushed but pulled.  As a result, there are no longer databases scattered everywhere with my information in it, and no “unauthorized data access customer notices” to send.  Even if a hacker gets one of the tags to one of my communication vectors, it doesn’t matter.  I’m not in relationship with them, so even with my “tag,” they can’t push a communication to me, because I’m not pulling it.

Part 2 will explore this new concept of communication vectors in more detail, as well as unpack the issues raised by Angela Levin with those creepy ads we get when we are on mail.google.com.

CLOUDDimensions: WHO I Am™

During meetings this past week in New York City and Philadelphia regarding CLOUD in both finance and health, two separate questions were raised that help frame a deeper discussion regarding WHO I Am™.  The first question posed was in relationship to Facebook Connect, OpenID and CLOUD’s concept of WHO, and the second was in regards to whether WHO I Am or WHAT I Am would be the container by which various dimensions and data would be stored.


Technology Problem or Time for a Paradigm Change?

Since CLOUD believes the future of the Internet lies in a paradigm shift and not just a technology shift, the initial drafting of CTML (contextual markup language) is still in the future.  Crafting a new standard while the issues are still framed by paper-based paradigms like web pages would be putting the cart before the horse.

However, it is useful to discuss some of the more philosophical underpinnings embedded in these questions from our northeast roadshow. Since log-ins and forms have boxed us in to solutions that mimic how we’ve handled these issues in the past, it is better to not allow them to box in our visions of the future.  Rather than thinking about WHO I Am in the context of web pages or forms, let’s think about this question in a broader way.

Does My Birthday Define WHO I Am?

Each of us is defined by not only our relationships with other people but by a collection of information that is gathered up over a life time.  Does our address or our birth date really define WHO I Am?  Birthdays or addresses, in some ways, are simply tags (WHAT I Am), tags that mark some aspect of our paths through life.  As discussed by our recent posting on WHEN I Am, even birthdays are not fixed in time as evidenced by our own country’s change in calendars in the 1700s that moved us from the Old Style to the New Style calendar, a change that also “moved” George Washington’s birthday by some two weeks.  Of course, the date of our birth is an important mark along any path.  It is “where” we each start.  It is the ultimate expression of two WHO I Ams combining so as to create a whole new WHO I Am, but the birthday as a discrete data element doesn’t define us or define our WHO.

No matter how well OpenID captures my data and enters it efficiently into the multiple web pages and associated forms, it is still entering data into forms.  And, that is the problem.  Even the OpenID foundation web site recognizes this, “OpenID is a safer, faster and easier way to log in to web sites.” But I don’t want to log into websites.  That’s the whole problem.  With all of these websites, I have my data scattered everywhere. Having my birthdate entered into more web silos, faster is exactly the problem.  Why reenter the birthdate at all?

Somewhere on the Internet, there exists a data point that validates that I was born.  I have in my filing cabinet a physical “tag” that proves where I was born, when I was born and to whom I was born.  It is called a birth certificate.  That “tag” is the most valid version of my birthdate in existence.  I’ve certainly written my birthdate down on a lot of forms in my over 40 years on this planet, but not one of them is validated.  The OpenID-style approach makes it easier to further populate the Internet with this same date.  But that completely misses the point.

With the many eGovernment efforts occurring globally (I was born outside of London), it is entirely within reason to expect that my birth certificate, or more importantly, the data and tags contained within it, would be accessible electronically.  This validated birthdate should never be required to “move,” just like web pages don’t move.  It should become one of many tags or threads that intersect to form my evolving WHO I Am.  On my path through life, I have also been tagged by the United States government as a citizen (of which I am very proud), and every ten years, I receive another WHO tag from the US Government in the form of my passport.  None of these tags are part of my identity, but the accumulation of these tags create a very robust “tag cloud” that makes it quite clear that I am WHO I say I am.

WHO I Am and Digital Weaving

So, WHO I Am is a really a tag cloud and not a data container.  It is a cloud formed by our connections to other people and other experiences.  These connections are much like the threads of a weaver (discussed further in my End of LInearity blog), and these threads/tags “flow” through my WHO I Am.  The richer these connections; the richer and more colorful is the fabric that is woven by the “flow” of my tags.  As a result of the distributed nature of information in a CLOUD-enabled Internet, the idea of “logging in” goes away.  It is entirely within reason to envision a CLOUD-enabled web page or other presentation layer that allows me “to pierce my fabric” (in the words of a recent lunch companion) to see my connections to other WHOs or my other WHATs (from health to education to finance and beyond).  No logging in necessary, because that is just not WHO I Am.

CLOUD Dimensions: WHEN I Am™

Time is the greatest innovator.  — Francis Bacon, “Of Innovations” 1625

We live in a world measured by time.  The earth has always moved around the sun; the earth has always rotated on its axis; but we have not always measured WHEN in the same way.  We’ve gone from sun dials to sands through the hourglass to uranium clocks and Greenwich mean time.  This makes thinking about WHEN I Am™ an interesting issue, not only from a metaphysical perspective but especially with respect to both the way in which WHEN captures the specific aspects of time and how WHEN impacts our WHO, WHAT and WHERE.

A History of Time

Before delving deeper into WHEN I Am, it is important to brush off some aspects of the history of time, a topic eloquently considered in detail by Daniel J. Boorstin in Book One of his tome, The Discoverers.  As Mr. Boorstin captures in his preface to Book One — Time in the Discoverers: “The first grand discovery was time, the landscape of experience.  Only by marking off months, weeks and years, days and hours, minutes and seconds, would mankind be liberated from the cyclical monotony of nature.  The flow of shadows, sand and water, and time itself, translated into the clock’s s staccato, became a useful measure of man’s movements across the planet.  The discoveries of time and of space would become on a continuous dimension.  Communities of time would bring the first communities of knowledge, ways to share discovery, a common frontier of the unknown.Continue Reading →

CLOUDDimensions: WHERE I Am™

Places, the recent introduction by Facebook, has opened another vector in the ongoing privacy discussion, a discussion sparked not only by Facebook, but by Google and others.  Google’s Street View is another actor in this on-going privacy debate and Eric Schmidt’s own comments about privacy reveal a distorted view of the key component of the Internet, ME.

WHO, WHAT, WHEN & WHERE in World of ME 1.0

As was mentioned in yesterday’s post on CLOUD’s Dimensions, Who, What, When and Where look different in a world of ME 1.0, as opposed to a world of Web 2.0.  This post looks specifically at one of these four axes, WHERE I Am™, and provides more detail on CLOUD’s thinking on this particular dimension.  To frame our discussions on dimensions, the diagram to the left will become more prevalent in CLOUD’s public facing conversations about its work.  In this case, WHERE I Am is shaded to indicate that for the purposes of this conversation, WHERE is a fixed vector or axis.

As one unpacks the idea of WHERE I Am, there are actually several components acting in concert.  There is, of course, my physical presence, but there is also the dimension of geography. WHERE I Am is actually a combination of two places:  mine and the geographic location I happen to be occupying at any given moment.  With or without ME, the geographic location still exists.   Continue Reading →

CLOUDDimensions: WHAT I Am™

As was pointed out in the first post on the topic, there are four dimensions to the future CLOUD “hypercube”: WHO, WHAT, WHEN and WHERE, and it has been several weeks since I posted some thoughts on the third dimension in this series on WHEN.  WHAT I Am has been left until last, because as I’ve discovered, it is the hardest one.  Fortunately, during my flight over to Brussels for the Sibos conference in Amsterdam a week ago, the reasons for the difficulty started to dawn on me.

Data Versus Databases
 As we point out in our video vignette on Separating the WHO and the WHAT in the CLOUD, there is a significant difference between data elements, the entities collecting the data elements and the databases in which they are stored.  Nova Spivack of Lucid Ventures made an excellent comment about this part of the semantic web during Sibos in Amsterdam. In his words, “In the semantic web, databases wrap themselves around the data.”  That is a wonderful framework by which to go deeper in to my thoughts on the final dimension of CLOUD:  WHAT I Am™.