Privacy And Security Conflicts


There is a conflict in the Consumer of services and the Provider of services (ie the Identity Provider (IDP) or SP.

The Consumer of services wants to provide as little information as possible and the Provider would like to have as much information as possible.

The Consumer's Fears#

The Consumer, in his desire for Privacy and/or Anonymity does not usually desire to provide any more information than absolutely necessary to perform the transaction.

The Consumer in his desire for Security from financial loss or not relieving the service they are paying for would like to be Secure that the Provider will provide the services or goods that the consumer is providing payment.

In addition, the Consumer must be Secure that the Provider is indeed the provider and not a "trick" site portraying the Provider.

Finally, with all the Press of stolen Identity Information, the Consumer has concerns that the Provider has adequate processes in-place to protect any information the Consumer would provide.

The Provider of services Fears#

The Provider of services, in his desire for Security from financial loss, wants as much information as possible to enhance his security.

Government Surveillance #

Government Surveillance is hampered by the use of Encryption and there are several cases where End-to-end Encryption is not permitted by Jurisdictions (Governments)

"Security enhancements to the virtual world should not make us more vulnerable in the physical world," the letter reads. "Companies should not deliberately design their systems to preclude any form of access to content, even for preventing or investigating the most serious crimes."

More Information#

There might be more information for this subject on one of the following: ...nobody