Privacy is a funny thing.
On one hand, we don’t want our secrets to be revealed, and there’s a lot of concern over the ability of technology today to mine and disseminate them. On the other hand, not only does technology enable massive distribution of information, but it’s amazing what most people will share today when they believe they can benefit from that sharing. So how do we resolve this tension?
I believe this is done by managing three factors that lead to trust: 1. Control; 2. Disclosure; 3. Error-proofing
Some people value privacy more than others. And I think they should have their way. I know there are some people who will never use Spendbot because they will never put personal information on the internet. And by personal information, I mean their name. Like people who would rather store their money in their mattress instead of a bank, they’re more comfortable storing their information in a desk drawer. But both are more prone to risks of loss if their house catches fire or someone gets into their desk, and after many decades, so much technology has been developed to create internet security that information breach almost requires someone to go pretty far out of their way to do something wrong; computers don’t do it on their own. And while there are many examples of data being mishandled, the incidence has dropped and damages controlled to the point that there is a great deal of trust. This has led to massive adoption of online… everything: education, shopping, banking, health and legal records, and the most private of communications.
For those people who would be willing to do even more online, ” if only”… well, I want to give them their “if only”. Whether it be multi-factor authentication or hardware locks or display personalization, we want to provide what customers want. This presents a couple problems. First, too many choices can create too much complexity, so we need to make sure our offerings are well thought out. Second, there is some cost associated with providing these options. The good news is that when it comes to software, you just need to get it right once and you’ve sunk most of your cost. We’ve developed a patent-pending secret status feature that will allow users to understand their cash position without having to log in to anything- and without the ability of a bystander to snoop. And there’s no extra cost to this feature.
These optional privacy features, including hardware and human methods, will take a bit of time to develop, test, and deploy. But they’re on our roadmap, because I think control is important.
With Spendbot, we use email addresses for our systems to keep track of our customers’ entries and activity in a Spend Plan. We use passwords to control access to this data, and these passwords are encrypted. We don’t collect any other personal data until we are asked to actually help move money, at which point we have to comply with numerous state and local regulations. At that point, we make it obvious how we will use this data… and or how others could use this data (if subpoenaed by the government). And should that ever change, for any reason, including regulatory requirements, we’ll let our customers know, in as plain language as possible. And anytime we ask a user to do something involving entering data, we will tell them how we’ll use that data and ask for their express permission to do so.
Third, mistakes happen- if you let them. I used to run a microelectronics manufacturing company. We built millions of fiberoptic, wireless, and sensor devices, and I’d wager that if you’re using the internet now, you’re using one of them. They were designed to last for a minimum of 20 years, and if we had even one fail- years after we shipped it- we’d get it back to do root cause analysis, and then error-proof that process using a variety of techniques.
So how do we error-proof Spendbot? First, we use mature, proven architecture and technology commonly used in the financial industry. We write our own code. We test, and test some more. We brainstorm every possible problem, we pay others to help up brainstorm every possible problem, and then we figure out how we can error-proof every possible problem. This may mean that we do not using some of the latest internet methods, like using OAuth (another vulnerability patched today, I see) authentication, or requiring passwords to be so complex that it’s a certainty that users will forget them, have to write them down (guh, on a sticky note) and frequently reset them. It also means keeping our interface as intuitively simple as possible and detecting errors at input and using DNSSEC and enhanced SSL (coming soon) and… the list goes on.