The focus of computer technology historically has been on the manipulation and communication of data and information. Yes, there’s always been the monstrously obvious admonition of “garbage in, garbage out” when speaking of data. But as our dependence on data grows, the issues of data quality, of making data better, have grown in importance and complexity. Data, it turns out, is endlessly nuanced.

Government Data Generation and Usage

Government has an enormous interest in data. It is an issuer of data when it assigns account numbers, for example, to its citizens to ease service delivery. It is also a considerable consumer of data in order to establish policy, measure program efficiency, support planning, and, just as with any business or individual, for decision making of all kinds.

But this isn’t simple. The term “government” masks the fact that multiple agencies exist, each with its own goals, never mind data handling policies and procedures. Sharing data across industries is as nuanced as data sharing between enterprises or even more so.

Understanding how governments think about the data they consume and generate is key to long term data security and online identity.

Talking with Data Expert Ian Oppermann

In this fascinating and stimulating conversation, Steve and George discuss these topics with Ian Oppermann, the former data director for the state of New South Wales, a director for Standards Australia, and advisor to multiple startups.

Ian shares his insider’s knowledge of government agency priorities and the fact that sharing data across agencies is “extraordinarily hard.”

Just at the Beginning

Standards Really Really Matter

Ian’s participation in ISO standards development comes from his insight that data sharing requires very crisp definitions, detailed use cases, and specific guidance for each use case based on privacy and data custodianship requirements. And he points out that we are just at the beginning.

For example, the latest ISO standards tackle the basics of terminology definition and use cases, ISO 5207, and guidance of data usage, ISO 5212.

These standards do address the use case of AI but even at this stage the standards address the basics.

People Matter

As with many technology management concerns these days, the concerns are rarely about the tech itself. They’re about people, too. Here’s Ian:

“If you want to use [data] for important purposes, you actually need people who know and understand what data is, who know and understand what data governance is, and who know and understand how to actually use the data for appropriate purposes and then put guidance restrictions or prohibitions around the data products you create.”

Ian concludes with:

“But [for] the general use of data, we're only just beginning to understand the power, the complexity, the mercurial nature of data and starting to build frameworks around it.”

Take a listen if you care about data management and governance in large organizations. We are just at the beginning of getting this right.

Dave Birch is an authority and an ambassador for identity systems. And a great conversationalist. With co-author Victoria Richardson, he’s just published Money in the Metaverse: Digital assets, online identities, spatial computing and why virtual worlds mean real business. (US link here).

In this discussion with Steve and George, Dave introduces the book and takes us into their thinking about secure, private transactions in the metaverse. Or metaverses as he points out because it will be a multi-metaverse world.

Dave doesn’t let the slow evolution of 3D hardware or its high price stand in the way of his enthusiasm. We’ve seen similar transitions before, ones that drive ubiquity and precipitous hardware cost declines so it's time to get out ahead of what's coming.

Much of the conversation is relevant to today’s concerns, in advance of widespread metaverse adoption. So take a listen.

A note on their book.

Even if you are slightly skeptical (or more) about metaverse breadth or arrival date, Money in the Metaverse is a very worthwhile read as it discusses so many of the essential components and concerns that apply in today’s world. The challenges, and solutions, to identification and privacy are examined at depth. Victoria and Dave have used the bright light of use cases, stories, and tech from our current situation to explore identity infrastructure that works in the real world and, according to them, may work better in the metaverse.

Lockstep's Steve Wilson just appeared on the NAB Digital Next podcast with host Alysia Abeyratne. NAB has kindly allowed Making Data Better to repost the podcast here.

If you want to understand how to untangle the knots we’ve tied around identity and identification online, take a listen.

Alysia asks important questions and Steve provides really crisp answers and explanations on:

• The evolution of digital identity
• Verifiable credentials
• Commentary on Australia’s Digital ID legislation.

How do we protect data while it’s actually in use? And how can we prove it?

Up until now, that’s been nearly impossible. We’ve addressed securing data in flight and at rest. When done right, they are strong protections. But what about when the data (and code is data, too) is actually in memory or being processed? And how much more complex does that become when everything is in the cloud?

Confidential computing addresses this weak, and hitherto unsecured, concern.

In this episode of Making Data Better Steve and George speak with Mike Bursell, executive director of the Confidential Computing Consortium and author of Trust in Computer Systems and the Cloud, a brilliant examination of trust in digital system.

Confidential computing gives enterprises a way of securing their operation’s data and code in the face of rising threats and compliance demands. It provides attestation, the ability to prove in an auditable fashion how data has been handled, right down to the metal.

Mike’s clear that this is the future of computing. We already know the future is in the cloud. Now it needs to be secured. He’s hardly alone in that view. Indeed, Microsoft already uses confidential computing to protect its multi-billion dollar payment processing transaction system.

So take a listen. Confidential computing makes data better.

In this Making Data Better episode, Steve and George discuss the multiple challenges of making better security approaches available and, critically, used by relying parties and suppliers.

This is a hugely non-trivial problem. Functional product features nearly always receive priority over basic security. IoT manufacturers compete on features and cost where even a single dollar’s worth of cryptographic hardware impacts competitiveness.

With incentives as they are, taking steps to secure digital operations will continue to be viewed as a cost of doing business, a cost to be minimized if not avoided.

The answers are multiple but a huge market shaper is regulation. Regulation shapes how competitors prosper, or not, by focusing incentives on safety. That’s worked for automobiles; it’s worked for aircraft. We believe the internet needs similar treatment (remember the phrase “Information Superhighway”?).

Regulation can remove the cost avoidance temptation and establish the minimum capabilities for all parties. And, as we discuss, ubiquitous participation is essential.

We are also bullish on the business model that could emerge around verifiable credential sharing.

So take a listen!

Privacy has been a major casualty of the Internet. Twenty five years ago Silicon Valley leading light, Sun’s CEO Scott McNealy said we “have zero privacy. Get over it.” And that has been the truth ever since and the profits basis for AdTech behemoths Google, Meta, and more.

The good news is that, in the quarter century since advertising became the Internet’s business model, few have gotten over it, including powerful national and regional regulators.

In this wide-ranging discussion with Steve and George, Michelle Finneran Dennedy, CEO of PrivacyCode, Inc. and Partner at strategy consulting firm Privatus.Online
speaks to this shift toward restoring online privacy and what her company is doing to streamline implementation of privacy enhancing practices.

In this Making Data Better episode, Michelle addresses:

• The immorality of Data Subject Access Requests
• Ethics vs. zero trust
• The impossibility of privacy regulation compliance
• AdTech’s shifting model
• The liability tornado about to strike data hoarding enterprises

This is an important and exciting conversation. Take a listen.

A key actor in risk assessment is the data provider. These commercial operations aggregate and analyze the data produced by governments, enterprises, individuals, and even other data providers. All to feed today’s insatiable appetite for understanding who it is we are dealing with online.

In this Making Data Better episode, Steve and George are joined by Cindy Printer, Director, Financial Crime Compliance and Payments, at LexisNexis Risk Solutions. The company is a major data provider to government and enterprise; Cindy focuses her work on financial services firms and their need for regulatory compliance.

We discuss the granular nature of the data LexisNexis Risk Solutions offers its customers and the breadth of sources used to meet their needs. It’s astonishing.

Cindy makes the point, one we heartily agree with at Lockstep, that risk is specific, a concern for each individual entity and that the data required by each entity varies based upon its specific concerns. And that’s why LexisNexis Risk Solutions tunes the data services it provides to the industry segment and individual firm.

Sitting on top of such vast data resources and knowing the complications associated with deriving meaning from it all, LexisNexis Risk Solutions also provides analytical services that saves an enterprise from having to analyze the data itself.

This is a great conversation if you want to understand the data provider role, the scale of its operations, and its priorities. So take a listen.

In this quick take, Steve and George discuss the idea of a single digital ID through a review of the proposed bill currently in front of Australian legislators. We being by comparing that approach to two very different models: India's Aadhaar program and the "shadow IDs" as employed by commercial data providers.

We are excited by the steps Australia is taking to secure the online activity of its citizens. This is serious work with many of the required elements for success already in place. And connecting those elements into a strong chain will be challenging.

We conclude with a discussion on the quality of the data feeding into any system performing identification. How do you know that the data is authentic when it is presented through plaintext? Like chip cards and passkeys, we posit that device-bound data is required for secure online interactions.

This concern isn't just about what's happening in Australia, of course. The problems of data authenticity and how to integrate a new digital attribute into KYC processes are non-trivial. So take a listen and get in touch.