Sunday, September 17, 2006

Be evil: Gmail, spam, data lock and a digital identity bill of rights

My Gmail acount is dying of dysfunctional spam filtering. Too bad. Well, I can just delete it and start over. After all, I've always been careful to keep a local repository of all my email -- I don't have to try to download via POP tens of thousands of messages. I don't even need my Gmail address, I only ever give out personal email addresses that redirect to Gmail. I've been so careful to maintain a layer of indirection ... or have I?

Ahh. Not so fast. Google checkout (purchase records), Picasa Web Albums (just paid $30 for the 9GB storage), Google Earth (I have the upgrade account, also $30 or so), my search history, my Google spreadsheets, my Google Apps -- there's are now 15 services inextricably linked to my Google digital identity -- and Gmail is the core of that identity. Soon my blogs, including this one, will move to that identity. Some of this data can be extracted, much cannot.

So can I keep the Gmail account in a sort of moribund state, setting spam filtering to an extreme level? No, Gmail doesn't allow one to control spam filtering. Yahoo email does, Gmail does not. You get the default.

It's a nasty situation. I'm wed to Google, but my bride is demonstrating sociopathic tendencies. Divorce is very expensive. Such are the perils of "data lock", but ownership of digital identity is worse than conventional "data lock" -- it starts to smell a bit like indentured servitude.

We need a digital identity bill of rights. I'll write more on this, but here are two a list off the top of my head:
  1. Digital identity must be portable using a well defined public standard.
  2. Digital identity must be independent of services. In other words -- there's a layer of indirection between my digital identity and my email account, my credit card account, my eCash account ...
Only two requirements, but it's a start. It means that neither Google nor Microsoft nor my credit card company nor my checking account can own my digital identity. They may host my digital identity, but I need to be able to migrate it, with appropriate authentication, to another host without breaking the associated services.

Google, unwittingly or with full knowledge, is now Evil. How can Google become less evil? They could adopt the Digital Identity Bill of Rights. The first step would be to separate a user's Gmail address from Google's digital identity, the next step would be to adopt and define an open standard so that Google customers could opt to migrate to another Digital Identity host.

If Amazon, Yahoo, or even Microsoft were to adopt this Bill of Rights, they'd get my business. I think Amazon would be my first choice.

Update 9/22/06: But then things began looking better ...

No comments: