Adventures of an Eternal Optimist

Axel says he’ll fetch you a beer at IIW if you can decrypt the token he has made publicly available on his blog: crypto doubters in the crowd,  this is your big chance!   As someone who was recently burned while copying and pasting encrypted tokens off of a web page and trying to decrypt, I would be careful of the white space though, I bet if you ask really nice he’d even send you a file version.

Are you a Canadian member of the identity or access management community?  In case you don’t know already, there are a number of new venues evolving to service this community, and I’m really excited to be a part of them!

1. The CanadIAM Blog – this blog is dedicated to the Canadian take on Identity and Access  Management, thanks to the organizing efforts of Mike Waddingham over at Code Technology.  It’s just getting off the ground, but I think it will attract a very strong community — make sure you add it to your blog reader!
2. The ICE Conference — this will be the very first Canadian tech conference that I’ve spoken at, I can’t wait to actually meet folks from my own backyard and compare notes and experiences!   The conference is in Edmonton on November 2-4, 2009 – the only sad thing is that it happens to conflict with the Internet Identity Workshop;  as a result I’ll have to split my time between the two rather than getting the full benefit of either, which is such a shame!

It is great to see these kinds of resources evolving, and I think it speaks to the maturity and growth of I&AM practices in Canadian organizations.   I believe that the best way to be successful in many of these ventures is to share – and what better way than to do so than with a group of people who have strong common interests.

Photo credit: http://www.flickr.com/photos/michael40001/1828017204/

I’m tired of yelling and complaining about data breaches.  As a result, I think I’m going to change my tune.

Take, for example, Rocky Mountain Bank of Wyoming USA.  An employee of the bank emailed sensitive details about 1375 customers to the wrong Gmail user, and now the bank is suing Google to discover who this anonymous user is, in an attempt to try and figure out just who they managed to gift their data to, and whether their gift kept on giving.    In the meantime, the Gmail account of a completely innocent bystander has been deactivated by court order.

As I see it, Rocky Mountain Bank is in their own little hell right now – they are being widely ridiculed, they have initiated an expensive legal action that can only partially assuage their fear of exploitation by a third party, they have at least 1375 really pissed off customers, and they have incurred some amount of liability and/or responsibility to those customers should their data be criminally exploited in the future.

You can think of these guys as one more incompetent organization and call them names.  Or you can think of it as one more organization whose eyes have been opened to the cost and danger of playing fast and loose with customer privacy.  Perhaps we simply have to hit a tipping point where enough people are close enough to enough victims that our societal internal risk meter changes.  If you look at it that way, every breach can also be viewed as an education…  and I’m a big fan of education.

So congratulations Rocky Mountain Bank on having your eyes opened as a corporation, serving as an example for others, and personally educating 1375 otherwise clueless end users.  It is appreciated.