Novell digitalme – a privacy can of worms?

Novell has leapt into the profiling technology business with its digitalme announcement yesterday at Internet World in New York, seemingly without looking for landmines first. The consequence may be that it finds itself attacked by privacy advocates, when all it was really trying to do was to show that NDS was a secure product that could be used to limit information voluntarily disclosed by users to e-businesses. The digitalme extension to NDS, Novell says, is to allow users to "take control of how their personal information is shared, used and maintained on the Net, and results in a more dynamic and intimate relationship between businesses and their customers". The service Novell is offering requires a user to have a (virtual) "meCard " that contains different levels of personal information, depending on what the user wishes to disclose. Businesses, Novell says, will be able to use digitalme "to extend their brands and offerings... by giving customers more personalised channels and access to their services" with any browser supporting SSL and JavaScript. Novell claims that the advantages to users include not having to remember passwords and user names, and to determine how much information they release. No software needs to be downloaded to activate digitalme, which is described as a "zero-byte technology" that is platform-independent (supporting NetWare, NT, Solaris, IBM and Linux). Users can register on the digitalme website. It also seems somewhat far-fetched when Novell suggests that users might "only allow their favourite e-tailer [yuk] to see certain demographic information in exchange for product discounts". A few partners have lined up with Novell - AOL (with "Instantme", which allows digitalme users to send messages to Instant Messenger users), Citigroup and Compaq among them. Novell evidently sees the pay back being from e-businesses, portals, ASP/ISPs and retailers. Novell cites research from Business Week/Harris that suggested that 77 per cent of current Internet users (presumably in the US) had not purchased anything online, and that of these non-buyers, 86 per cent cited privacy fear as the most important reason for their restraint. We wonder whether "privacy concerns" was offered as the easy-to-choose option in the poll, and if so, whether this is really true. The possibility that users might not want to buy online, or may have no spare money, or just want to use email is something that many vendors do not want to consider. The In-the-Net services group set up by Novell will be run by Steve Adams, late of Citrix. Novell has plans for a digitalme logo for companies that agree to privacy rules, but it will require digitalme to reach a critical mass before it can be implemented. This announcement is a development of the open profiling standard (OPS) proposed in 1997 by Netscape, VeriSign and FireFly, which received wide backing, except from Microsoft of course. FireFly had developed some profiling software, which Microsoft acquired when it bought FireFly/Hotmail and used the technology for MS Passport, which so far can only be used on MSN sites - a somewhat limiting factor. In W3C, OPS influenced what is now called the Platform for Privacy Preference (P3P), in which Microsoft but not Novell is active. Microsoft submitted its own submission to W3C a month or so after the OPS proposal, citing the P3P work (which was called P3 at the time) and advocating a prominent role for XML. digitalme also ignores the issue of cookies. W3C/P3P has only half-baked ideas on the subject, admitting to being uncertain as to whether P3P would supercede the need for cookies, and noting that P3P will not solve all privacy concerns. A small embarrassment is that W3C itself uses HTTP log activity. So far as European issues like the Data Directive and data protection legislation are concerned, Novell is silent. W3C says it's not exactly clear about implementation issues, although it points out that the data practices part was an international effort. So far as browsing web sites in other countries is concerned, W3C says "Issues related to privacy protection across jurisdictions are complex; this is why we designed P3P as we did" which sounds a touch enigmatic. It is expected that P3P will become a W3C Recommendation in mid-January. Novell appears to have been somewhat naive on the privacy front. While extolling the security features of NDS and its "respect for personal privacy" and "less intrusive marketing", it makes no mention of P3P in its announcement. The suspicion lurks that this is something of an e-commerce recruiting campaign to persuade users to sign up for advertising onslaughts. ®