That was perhaps true 10 years ago in the early naive days of internet with web 2.0 etc.

But the assumption of a linear progress is mistaken - the future is not determisitic. It DOES matter enourmously what choices we make and HOW we create support for human actions and interactions hae a direct infucen on society progress or degression (yes going backwards and repeating the many mistakes which Europe have a strong tendency in doing).

Getting this wrong and we will see a degression into e.g authoritarian regimes once again or preventing them BECAUSE of HOW we design infrastructure technology.

Similar there is a naive view of promoting everything that MIGHT be good, e.g. crowd sourcing. But the discussion on hysteria and social media tendency to reduce the intelligence and sensible voices in crowds are ignored as "unpleaseant" or undesirable.

What we are essentially seeing is a radical departure between two alternatives - both with social networks - with radially different consequences.

a) Social networks is controlled and used by the few to control and profit from the many.

Control of relationships are serverside and commercialised (even worse bureaucratized) in processes that are inherently directe to benefit the controllers. Social networks are abused by bureaucrats for monitoring, controlling and propagandizing (ensuring the right opinions).
What is especially characteristic is that these social networks are for the ignorant talking about what they dont have competences in - the knowledge people saty out as they know very well that these networks are not compatible with their work. The only exception is the Professional Selfpromoters, who for profit try to "brand" themselves as "someone".

An example - when Facebook force payments to be done using Facebook$, what we see is nothing but epxpropriation of market processes in a walled garden. The same Facebook that drive people to vaste endless hours on work to chitchat through sending constant Attention stealers. The same Facebook that through the destabilising network effects eliminate other social forums because Facebvook actively work against handling social relations klient-side.

Identification IS THE PROBLEM enabling profiling, systemic opinionmanipulation (e.g. invisible filtering and optionion ghettos), make peoples job position dictate their opinions and in general seems to degress debate to the less competent sharing their ignorance and emotional ideosyncracies.

b) Social networks enabled as direct connections and goups without any centralised commercial or bureaucratic controller.

When sharing e.g. debates online for a wider audience, ensure no linkage to WHO as that is how you eliminate profiling, release competence to participate, reduce ad hominem and in general isolate and focus social networks to the purpose allowing many different networks to operate in parallel without destabilising network effects.

Example dating. Without pseudonymsation, these structures would not work.

In other words - this is not about digital social network or not, but about HOW TECHNOLOGY DESIGN influence power, processes and society as such.

I see numerous logical phallacies in this debate mainly about arguments that use their implicit assumptions as conclusions without any rational or meaningfull questioning of causality and consequences.

E.g most App makers do no make money - they are not in a market but taking the risks for walled gardens by working freelance and only getting paid a share of the unlikely success mostly from abuse of personal data collected.

In short - where is the innovation on social media instad of merely pushing a centralsied badf version of social media assuming it has ANY possitive value creation.

I would - both as devils advocate and because I think rational analysis say so - suggest that present design of social media UNDERMINE the economy and fundamental european values despite the claims of the opposite. Proving me wrong would perhaps cast some light on HOW social media CAN create value instead of merely assuming this. I will however claim that e.g. Facebook "succes" is proof that I am right in the destabiising effects and urgent need for change.

Sourveillance do not work as it does not balance power. Instead it worsens the situation and legitimize surveillance.

Instead you must eliminate surveillance - also by e.g. Facebook itself - both by creating alternatives and by enforcing against the lack of security.

Eliiminate identification server-side in order to empower citizens and distribute controls.

I am NOT talking about anonymity, but eliminating the power concentration and about isolation and security validation.

The problem is that the funding models (the market for solutions) is preventing byu regulation, infrastructure gatekeepers and distorted funding models based on abuse of personal data. You have some very powerfull lock-in models when someone comemrcialy control and thereby own your relationthips - you cannot shift to better soluitions without loosing your network.

Together it makes restoration of social networks a particular tough problem to solve.

It say that the strategy is Dis-empowerment !!!

Esignature shold have as its absolute top priority to enable not identification, but Citizen-controlled pseuonymisation. And we are talking commerce, Govenment incl. eHealth first and foremost.

But in structures respecting that transactions can only proceed if necesary risk assertions are provided.

E.g. Accountability as one Identity building block does NOT mean that citizens are identified upfront in the conext, but that they - provided negotatiated and suitable proofs exchanged as part of the contract establishment - can be non-reputable identified if they do no abide to their part of a contract.

Security Standards and especially communicatio protocol standards should NOT dictate a certain balance, but create a structure for resolution of new and future security assertions according to security policies that can be changes and context-specific.

The present strcuture are not only primitive byt growth destructure .

Oh no. Don't set the question as "Big Brother" or "Big mother" - it is a false dichotomy and certain failure either way. It is time to do Empowerment to address the problems.

No serverside Big Mother "hub account" - that is a worst-case scenario of near-total concentration and basically what they intend to do in UK.

Commercial players love that role as your "Digital Landlord" and "super-trusted" party - the ultimate Intermediator in control of everything and from a security perspective one unsecure place to collect everything about you by anyone so inclined.

We do NOT want technology and infrastrcuture to dictate society or dis-empowerment - that is the failling model.

We need to truely re-empower citizens - both people and organisations - to act and interact without destabilising concentration in infrastructure.

I am not just suggesting a replacement for PKI/SAML, but even to move beyind one-size-fits-all to truly interoperable secyrity/identity models.

We need to make identity a set of semantically comparable security bulding blocks logicall oriented to different security aspects (Accoutnaiblity, Authenticiation, Authorization, Accreditation etc.). Not a one-size-fits-all illusion like PKI, but a dynamic and enabling inclusive structure.

For true empowerment, we are talking client-side key, identity and data management in and across both private and public sector.

You should see "federation" in two layers.
1) Extra-context or across-purpose "federation" is 100% client-side so the citizens can filter and delink context. SAML is NOT providing this as there is no isolation.
2) Intra-context is transaction support across multiple systems and thus risk linking. SAML federation technology is fine for this - as long as no trusted parties are involved such as an "Identity Provider".

A trusted party with backdoor knowledge should not be considered trustworthy. SAML or WAYF establish backdoors and are thus NOT Security by Design, but linking transactions.

E.g. WAYF move a little step but contain no protection against gateway linking. This could be replaced by a blinded ticket model to secure the transaction.

I would politely reject the existence of your "unconcerned" population - nobody likes the idea of Single market collapsing into an oligopoly of walled gardens and identity gatepeekers. "unconcerned" is a convenint "myth" created by interests.

But each citizens have different ways of coping with the problems accepting by necesity and lack of choice ever-bigger risks.

What can you do when no secure payment or communication method is available but you want to buy the product? You choose - and sometimes the benefit is considered worth the additional risk - and sometimes it is not.

What if we enabled empowered trade? Ie. where you can sign the purchase order, pay, communicate and receive goods WITHOUT ever surrendering control?

Oh no - the paranoia goes - then WE CANNOT. Cannot what?
a) Check for tax avasion - sure we can.
b) Prevent e.g. money-laundering and black market - sure we can. These are welldefinable security issues.
c) Check for terrorism if you purchase something that go boom - comeon, have extra security checks for amonium-nitrate, but lets not kill the economy over buracratic paranoid.

What is hard is to overcome the implicit assumption that digital worlds must, should or unavoidable will be dis-empowering despite the exponential damage to the economy.

Somehow the process do not put the effort where the mouth is.

Terms matter

"The basic gap seems to be between the ideas of user-centric design and those of ensuring the user's privacy. As Enberg says, getting the balance right here is paramount if we are to see the development of inter-institutional 'public' services."

The term "user-centric" should rightfully be "system-centric", ie. some systems profile of a user.

The term "privacy" is so undefined, that I prefer to replace it with "Security from one stakeholder perspective". However, most Security by Design challanges are multi-stakeholder and most transactions require security validations.

The term "development of inter-institutional 'public' services" isnt it just either
a) extra-contextual transfer of validated data/security assertions from one context to another or
b) intra-contextual linking of sub-processes in distributed systems to form a more complex process?

In both cases we need semantic onthology support and 3rd party assurance-providers to validate and "rate" claims.

We start talking Empowerment, when we have Assertions Providers (trustservice providers that can associate e.g. PKI with not just "Identifying", but also classifying PKI with some rating as both "Dis-empowering", "Authenticating" and "Accountability Creating".

Then we can start creating empowering identity as combining non-invasive security building blocks. E.g. an "Authorization" such as a "Doctor" can be a 3rd party proof of group membership using a blinded cryptographic proof.

Why? Because linking which doctor does the drug prescription in e.g. a cloud database makes it a target database for Pharmaceutical Marketing and thus highly sensitive information even if the patient cannot be identified.

And it makes the patient easily identifiable as the Doctors set of patent is probably too small just as the Doctor would then be targetted first and then the attack would scale to attack patients.

In other words - in order to be able to classify all or part of a "Drug Prescription System" as "Cloud ready", we need to know if it is based on Security by Design or perimeter-security only.

We have lots of technologies to make this - Problem is competences understanding why, what and how - Security Economics is complex.

Look towards e.g.
Mixnets, 2nd. generation
Identity paramterization Standards (missing)
Device virtualisation
Credential Based Access control and blinded crypotography, e.g Digital Cash.
Model-driven Device Interoperability, e.g. Linksmart
Zero-knowledge based RFID encryption
Biometrics Chip-on-card
Polymorpchic encrypyotion
True peer-to-peer adressing
One-time-only identity
Etc.