Welcomer applications and services use the open source Welcomer Framework.  https://github.com/welcomer/framework The Framework supports microservices to flexibly automate personal online tasks, putting control of a persons data in their hands.

The web is plagued by a series of data silos, each holding their own slice of a person's data but not giving them the freedom to access, use and share it as they desire. This trend has been slowly changing for the better in recent year with many services now providing API's to access their data, allowing new applications  to thrive. Unfortunately most of these applications are designed in a rigid way to support a narrowly predefined use. People are different and their needs and desires for what an application should do vary. A solution is to provide a flexible, open framework that makes it easy for a person to securely and privately use their data as they see fit.

Why is Welcomer, the Company, supporting the framework?

For a person to take control of their data they need tools to assist them, a safe place in the cloud to store their data and the cooperation of organisations who hold that personal data. To achieve these objectives, applications built using the Welcomer Framework (or other compatible frameworks) must provide value to organisations who hold data about an individual. User centric systems tend to be lower cost, easier to use and friendlier, providing added value to the organisations that utilise them.  With the Welcomer framework organisations can put restrictions on the re-distribution of data they generate.  This is important to some organisations as they wish to control the distribution of data concerning them and their activities.

Welcomer is building applications with the framework and wishes to cooperate with other developers and organisations who have similar objectives. Together we can develop the safe, user centric application ecosystem we all deserve!

Welcome Aboard

The WelcomeAboard application illustrates the ease with which organisations can connect and interact with individuals and how individuals benefit from being able to access data about themselves that they have previously entered.

The first implementation of WelcomeAboard integrates with the Xero cloud based payroll accounting system. Xero provides an API to access the payroll information.  Welcomer Framework provides a way for employees to directly enter information about themselves into the Xero payroll.  In Australia these are typically a form to state where to pay the salary,  a form of contact information, a form to notify the Tax Office, and a form to select a compulsory Superannuation product.

Typically it costs an organisation $50 to $100 to ensure all these forms are filled out, signed, stored and processed. WelcomeAboard charges $5 a year for each active employee using the system.

For the employee they only need fill out any information once.  If they move to a different employer who uses the Welcomer (or compatible) framework any data entered previously is available so reducing the time spent filling out forms.  This enables new employees to become productive more quickly and reduces the frustration level of employees.

Welcomer Framework, Personal Data and Identity

A personal cloud is defined as personal data stored in the cloud.

Whenever an application uses the Welcomer Framework they either create a new personal cloud for a person or they add a component to a personal cloud.  In WelcomeAboard the email address is the identifier that distinguishes whether it is a new personal cloud or an addition.  The individual will be able to have the ability to combine personal clouds with different identifiers, if they so wish.

Conceptually there is no difference between a person and an organisation and there is no difference where the data is stored.

A person's identities are their personal clouds.  There is no token or central registry that identifies a person.  The person is conceptually identified by their online presence.

When personal information is moved from one data store to another it is always done with the person present or under their explicit instruction.

Without an application there can be no personal cloud and without a personal cloud there is no online identity.

In the future there will be many ways a person can identify themselves. email address, device used, phone number, voice print, face, fingerprint, location will be possible ways for a person to identify themselves to an application.

5th January 2015Committee Secretary, Parliamentary Joint Committee on Intelligence and Security Parliament House, CANBERRA ACT 2600

Dear Secretary,

Inquiry into Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014

Thank you for the opportunity to make a submission to this inquiry. This submission proposes an approach to Data Retention that is low cost and high value. It will provide law enforcement with access to any data it requires for law enforcement; not just Telecommunications Metadata.  It will provide protection to Australians from the inappropriate use of data retained and accessed by Government.  In particular it prevents widespread unnecessary and costly electronic surveillance.

The proposal does this by addressing the mechanics of how Data is retained and who has access to it.

The method can be used for the retention of any data the government requires for law enforcement or administrative reasons. It does this by designing Privacy into the Data Retention systems. The method gives individuals the option of retaining their own data through the use of trusted third parties.

Privacy is achieved by retaining data in a place where it is visible and usable by the individual concerned and where Law Enforcement can gain access through an appropriate judicial process.  Cost reductions are achieved by allowing the persons associated with the data to use the data for other purposes. These other purposes can offset the cost of retention.  A simple illustration is the use of Data for Billing purposes. Currently communications metadata is held by Telcos and/or ISPs for billing purposes.  Instead of this data being stored by the Third Party Telco or ISP the data could be stored in storage controlled by the persons concerned with the Telcos having access to the data as and when required. The Telcos and ISP would pay for this storage as they need to have it for billing purposes. If all the data from all the Telcos and ISP are stored by the person then all the records for a particular individual will be stored in the same place and it will be possible for Telcos to access the data as needed for their purposes and it will be possible for an individual to access the data for their own purposes.  An example of why a person might access their own consolidated billing data is for the person to reduce their telecommunications costs by using the information to better negotiate plans and billing.  The person would pay for this service and the income could be used to offset the storage cost.

If law enforcement requires access then they can also pay for the access.  This is particularly relevant to non criminal access to data such as data Piracy.

Data Retention by the Person of their own personal data applies to more than Telecommunications MetaData. It can be applied to other data which will assist the government, reduce costs and provide greater Privacy to Australians.  That is, the same system used for Telecommunications MetaData can be applied to health data, taxation data, social security data, education data etc. All of this data can use the same type of system as Telecommunications MetaData with the same benefits.

The fundamental change in this proposal is that instead of organisations being the only place where personal data is kept the individual is able to keep their own copy of their own personal data - if they so wish.  Organisations, if they have a need, can access the data to which they are permitted by the individual. For Commercial in Confidence reasons organisations can have control over who is allowed to access personal information if that access also identifies the organisation.

The cost of this change will be low and can be achieved incrementally one application at a time.  The software systems required to implement these systems are well known and will require little or no change to existing systems.

Other examples of the use of the approach can be found in the following submissions to the Murray Finance Inquiry

Government Support for a user centric Identity System

Privacy and Cross Border Transfer of Information

The system can be paid for with the use of Tradeable Claims for Infrastructure where the future uses of the data pay for the development costs. This approach will not require government appropriations or an increase in debt by the government to fund the implementation and will not put a compliance burden on private industry.

The approach advocated here does not require any changes to legislation nor does it require the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014. It requires a change in approach from requiring third party organisations to retain personal data and make it available to law enforcement, to allowing individuals to look after their own personal data through third parties.

Kevin Cox

CEO White Label Personal Clouds

Privacy by Design means that by building information systems using certain design principles means the system is private if the principles are followed.  Privacy will only be compromised if an entity deliberately sets out to break privacy laws and regulations. The design principles embodied in Welcomer are:

1. Each entity has a unique id and credential for each entity with which it interacts.
2. Credentials are changed with each interaction.
3. Each entity has access to the information held about them by any entity with whom they interact.

• The first principle makes it difficult for entities to share information about a third entity without deliberately breaking privacy laws.
• The first principle means credentials are distributed and there is no single credential that identifies an entity.
• The second principle means it is difficult for an identity thief to capture all the credentials of a person.
• The third principle means that entities are likely to hold accurate and correct information about each other.

Welcomer implements these principles by

• Entities not sharing ids with any other entity other than the entity referenced
• Creating a graph of interactions where each link in the graph is maintained by a mutual credential formed by a PKI pair.
• Each time a link is activated the mutual credential pair is replaced where-ever possible
• By each entity having access to the information stored by the other entity
• By entities communicating with devices that can hold a credential

Submission by Kevin Cox of Welcomer.

Sent to info@digitalcanberrachallenge.com.au

This is in response to http://www.digitalcanberrachallenge.com.au/DCC_ChallengePack_2.pdf the second challenge.

Challenge Statement

The challenge involves linking various services to a single electronic ID. This electronic ID can be attached to a smartcard-style chip, an ID card or any of a number of other technologies. The challenge has several components:

i) Provide a service to give individuals their own electronic ID that can be used to access ACTION buses, library services, possibly expanding to national level for Medicare and Centrelink cards. This system could allow the use of a single ID card, chosen by individuals, to access services provided by the ACT Government (health – doctor appointments, medication etc.; education – enrolment in schools etc.; transport – car registration, ACTION buses card, parking etc.; cultural & entertainment – library, events ticketing / booking etc.)

iii) Provide a service to give individuals their own smartcard-style chip that can be attached to their electronic ID and be used to access services as agreed by different organisations.

iv) Provide a service to allow individuals to use existing cards issued by different organisations to attach to their electronic ID and be used to access services as agreed by different organisations.

Outcome:

Simplified private personal ID system that integrates existing cards, future cards, usernames/passwords for the individual.  The individual has a standard way of identifying themselves no matter what device they use and with whom they use it.

Addressing the Challenge

MVP Trial

The prototype will provide ways for an individual to create their electronic ID and connect it to a Community Group. A demonstration of WelcomerID can be viewed at http://welcomer.me. In summary WelcomerID allows an individual to verify and authenticate their identity to an organisation.  WelcomerID is not an ID in and of itself, but is a standard way for an individual to verify who they are to an organisation.

When an individual connects with the Community Group they will be registered with the Group and receive a Community Group ID. The registration becomes part of an individual's personal cloud or total electronic ID. The community group will suggest members connect to another ACT government service and check their postal address with Medicare and the ACT Electoral Office. Individual Members will be asked to nominate and send emails to others who might be interested in connecting with the Community Group.

The trial will demonstrate that people can create IDs via a Community Group, that the electronic IDs created can be used to connect to a government service and to acquire information from that government service.

A Community group or club who is already producing ID Cards will be approached to use the ACT ID information to produce their ID Card.

The MyCard organisation will be approached to allow their existing cards to be attached to a person's electronic id so that the person can readily access their MyWay information.

View this YouTube presentation to see an outline of ACT ID.  The text of the presentation is supplied at the end of this document.

Acquiring Users: Creating an acceptable single ID card via community groups

The solution proposed is built on the idea of a person having control over their own electronic identity. An electronic identity (or personal cloud) consists of all the personal information, where-ever held, that can be linked (by the user) to an individual's physical presence and the physical objects they possess, such as an ACT ID card.

Individuals are able to provide their own ID Cards by first creating their own verified and trusted electronic ID.  Once an electronic id, under the control of an individual, is established it is possible for the individual to provide information to create a card and to instruct a trusted organisation to produce the card.  The person will also have ways to attach existing cards and devices to their electronic id. These could include MyWay Cards, Driver's Licences, Medicare Cards, Student IDs, and Mobile Phones. The individual drives this process, and can add services if and when they are comfortable doing so.

Getting individuals to take the first step towards simplified identification is one of the key risks that the trial will address. Rather than require the ACT government to drive adoption, we will look towards established community groups who have a proven record of engaging with citizens. The Community Groups will benefit via the sale of branded ID cards and from the simplified connection with individuals,  Individuals will benefit by reducing the number of cards they hold and passwords they have to remember, while providing them with a way to contribute to Community Groups and Charities they choose to support.

Demonstrating the Technology - Connecting identities via WelcomerID

A key technical requirement is that a person can link multiple identities to themselves in a secure and private manner.

WelcomerID allows an individual to create their own electronic ID and to track its use with any organisation that adopts WelcomerID. Any device can be attached to WelcomerID and used by a person and a cooperating organisation as a way of identifying the individual.

Gaining uptake by government  

The other major obstacle in introducing any identity technology is to get government bodies to accept, use and deploy the technology.  Government systems are large and complex and any innovation has to be simple, self contained, and easy to deploy.  To that end the proof of concept suggested will prove itself with a government system that currently engages with the community.

It is suggested that Canberra Connect's "Fix my street" install Welcomer so that they can recognise that a person is a member of the Gungahlin Community but not the actual person - unless the person wishes to identify themselves.  If a Fix my street request comes in and is acted on, then the ACT government will pay $10 to an approved Charity or Community Body nominated by the person making the first request.  The ACT government will also pay Welcomer the standard fees for connecting to both the GCC and to Canberra Connect.  This is $1 per year per person connecting.

When a person connects to a Community Organisation they will be asked to check their Medicare address.  If this is different they will be asked to update their address. If a Community Organisation member changes their Medicare address to the ACT then the Community organisation of choice will get $50 from the ACT government.

If a person requests a change to their electoral address then the ACT Electoral office will give $10 to the Community Organisation of choice.

All the prize money funds from the Challenge will go towards purchasing Welcomer Balances which will be used pay the Welcomer fees and which will earn Discounts while unused.

While we have suggested Fix my Street for the proof of concept, this could be changed to any of the systems shown below.  An important point is to show that the system can be implemented incrementally and does not require a critical mass to be successful.  It is important to show it is useful on the small scale as well as the large scale, that it can coexist with existing ID systems, and that it can easily integrate with existing systems.

Milestones for Minimum Viable Product

1. Work with GCC and Fix my Street to specify the overall system structure and objectives.
2. Design the interface to the GCC
3. Set up WelcomerID for the GCC including verification via MyWay, Medicare, and ACT driver's licences.
4. Design the interface to Fix my Street.
5. Design the Medicare Change of Address request
6. Deploy to the Gungahlin Community Council website
7. Deploy to Fix my Street pages on Canberra Connect
8. Deploy to existing ID card producing organisation.

Likely Costs and Benefits

The ACT government would own the implementation and could promote its adoption in other jurisdictions and obtain direct benefits from the system adoption.  Welcomer would provide the service and would retain ownership of the IP so it can be used elsewhere.

The Welcomer business model is to provide the connection and personal cloud platform but to get others to develop the applications using the platform. Welcomer is a tenant of Entry29 coworking space.  If extra resources are needed for any projects other members of Entry29 will be the first ones approached to assist. Welcomer will make its technology available to other entrants in this Challenge.

The cost to operate the system is $1 per connect per year per organisation.  This is paid by the ACT government to Welcomer.  The system can be used by commercial organisations and they will pay to access personal data, with the individual's permission, possessed by the government.  Charging can be arranged so the system is either revenue neutral or will generate a surplus for the ACT government.

It is estimated that individuals would pay $10 for a physical IDCard and $20 for a photoID card. These charges would cover the production and issuing of cards. Individuals pay nothing for their electronic ID.

The funds that go to the GCC and other community organisations may be able to be budgeted as assistance from the government to Community Organisations.

Turning the Challenge into a full scale implementation

Full Scale Implementation will be an incremental deployment of the MVP Challenge trial across ACT government agencies and ACT Community and Charity Organisations.  Funding for the Challenge can come from prepayments for future services through Welcomer Balances.  This could make the budgeting for deployment simpler to achieve. The rate of deployment will be determined by the amount of prepayments provided by the government and commercial enterprises. The minimum time for a whole of Canberra deployment is estimated at twelve months but in practice it is expected to take several years.

The costs of issuing and controlling smart cards will be low because the cards are of no use until activated by the user and that can only happen through the person's electronic id which is controlled by the individual themselves. This is a very important practical consideration for a distributed ID card system.

The ID system can be introduced incrementally for all government functions where identity is required. The introduction of the ID system will reduce the effort required of citizens and will increase the efficiency of government functions.  Some of the functions are:

• The Registration of Births, Deaths and Marriages
• The issuing of driver's licenses
• Use of the ID to assist the introduction of ehealth
• Asking people moving to Canberra to change their Medicare address and so increase the GST received by the ACT government
• The issuing of building approvals
• The change of property titles
• The issuing of government licenses
• Issuing identity cards in ACT Clubs
• Issuing access cards for Community facilities such as swimming pools
• Keeping Electoral Roll up to date with address changes
• Electronic Voting
• Obtaining feedback from the population and governments being able to engage more easily and in an ordered way with citizens
• Use for transport and integration with MyWay
• Use in public libraries
• Use in schools
• Use in events such as sporting events and theatre performances.
• Use in tertiary institutions
• Use by Actew and other government owned institutions

Extension of the Personal ID Card to the Federal Government and Private Business

The Commonwealth Government has had limited success in introducing a multiuse IDCard. Current efforts on ID systems with the eHealthID card, myGov and with the Document Verification System are not getting the takeup desired. The Commonwealth Government is open to new privacy friendly solutions, particularly with the introduction of the new Privacy Legislation.

Other jurisdictions throughout Australia and the world are searching for better ID systems. At the IDNext Conference in The Hague in November 2013 a mobile based ID system for Barcelona won the prize for best ID innovation for 2013. http://www.mobileid.cat/ca.  Edentiti won the prize in 2011 and it is expected that if this Challenge is accepted the ACT ID system will be a strong contender for Innovation of the year in November 2014.

If this application for the Challenge is accepted it will increase the chances of other jurisdictions adopting this ID system. If this occurs the benefits to the ACT will be considerable as a new ID regime brings many opportunities for other ACT businesses to build on the foundation. This is because Welcomer Technology is a platform on which other applications can be produced by any organisation and Welcomer will look first to Canberra organisations to build those applications.

The ACT government could make the ID system available for use in private industry.  Industry will pay for simpler, more reliable IDs. It is recommended that funds obtained from such sales be distributed to the Community and Charity organisations of choice.

Eligibility for Selection

Welcomer is an ACT based SME with 6 FTE. Five team members for the Challenge are ACT residents and one is a Queanbeyan resident. Two individuals are student interns from University of Canberra.

Welcomer is currently being implemented commercially with development based in Canberra.  The Challenge will be a user of the technology.

Welcomer is a member of Entry29 coworking space.

Text of YouTube Presentation

This presentation shows how a person creates their own ACT Electronic ID. A person only has to do this once and they could do it on any participating Website. Once they have connected to one Website they will be able to reuse what they have entered on other websites.  Different websites may have extra criteria and require extra information but the information is added incrementally.  The system will  allow a person to change their information.

Gone will be the days of a username and password for every different organisation.  A person will be able to connect to another organisation with one or two clicks plus confirmation of their identity with a biometric from a trusted device.  

At the top of this screen for the Gungahlin Community Council the person viewing is unknown and they are invited to connect to the GCC website.  If they were known their name would be shown along with an invitation to be forgotten. 

They click on Connect and are taken to the one time enrolment screen.

Here they enter their name, date of birth and address.  This combination identifies them uniquely.

They are then taken to the next screen where they will provide ways to connect to their ACT ID.  Initially these will be email and/or mobile phone.

They will confirm they control their email address and/or mobile phone by entering codes as shown on this screen. After confirmation they are taken to the next screen where they will show they have a record with different ACT or Federal Government Organisations.

Let us say they choose the ACT drivers licence and let us assume their entered address details are different from the those recorded at the Motor regisitry.  If this is the case they will be asked if they wish to change their address.  If they wish to do this then they will be taken through a process defined by the Motor Registry on changing their address.

This process of choosing existing connections or establishing new ones continues until the organisation from which the connection was made is satisfied that the person is identified.

This process will be a once only process for any ACT ID connected organisation.

Once a person has an electronic ACT ID they can link  it to other existing identifiers they might have such as a My Card.  They will be able to request that the ACT government supply them with an ACT ID card to be used with all participating organisations.

Gone will be the day of a wallet full of cards.

http://www.wnyc.org/story/using-your-personal-data-change-world/ This is from the author of Hacking Happiness: Why your Personal Data Counts and how tracking it can change the world

This post sketches the approach to a National Identity System in NZ, Great Britain and Australia.  All countries have an aversion to an ID Number and all are attempting to create an ID system without an Identity Card.  It is the opinion of Welcomer that the best way to achieve this is to create an Identity System where the individual looks after and controls their own electronic identity.

As far as is know this is not the current approach of any government.  In this post a way of creating a robust National (and International) Identity system is proposed. The proposal is based on the idea of a connected personal cloud where a personal cloud is information held about a person no matter where it is held and includes only those items that the individual and organisations requiring identification deems relevant.

Identity Systems

Identity systems have two main parts.  The first is establishing a unique id or name for a person when a person first presents themselves. In this paper this is called verification or Identity Assurance. The second is proving that the name represents the same person when ever it is used. In this paper this is called authentication.

Method 1 - Identity Assurance provided by the government - NZ government approach

The NZ government is providing Identity Assurance through the NZ Post Office Real Me service.  A person creates a Real Me account and verifies their identity.  This is done at no cost to the individual.  Organisations pay the NZ Post Office when a person uses Real-Me to verify their identity.

Method 2 - An Identity Assurance issued by for profit organisations for the government - The UK Government Approach

This is a variation on 1 but instead of the government being the only issuing authority private organisations offer the same identity assurance services.

Method 3 - Identity Assurance by giving private organisations access to government credentials - The Australian Government Approach

The Australian government is offering access to government credentials through the Document Verification Service.  Approved private service providers can are given access to government credentials and only organisations that have a legislated need can use the system for Identity Assurance. The Identity Assurance income is divided between the organisations supplying the credentials and the service providers.

Method 4 - Identity Assurance by giving individuals access to their own government credentials through approved service providers.

Instead of organisations offering Identity Assurance services, individuals can prove their identity themselves through the use of approved service providers who provide them with access to government and other reliable trusted credentials. The individual uses these services to provide Identity Assurance to organisations who pay for the assurance. The funds received can be divided between the holders of trusted credentials, the service providers and the individuals.

Beyond Assurance

To encourage take up of Method 4, individuals can nominate one or more Community Organisations, to whom they belong, to receive any fees due to the individual when they provide Identity Assurance. The Community Organisations uses the Identity Assurance for their own organisation. This confirms the identity within the Community.  Community Organisations will encourage members to use the Identity Assurance service with other organisations, and the government, provided the Community Organisations get a direct cash benefit from the repeated use of the Identity Assurance.

Identity Assurance systems typically do not go beyond Assurance. Every organisation needs to set in place its own Authentication System.  In Australia in the Federal Government is doing it using Single Signon Technologies such as myGov or eHealth id.

However if the individual has control over their own electronic identity they can use it to authenticate themselves for their online transactions with organisations who have used a standard Identity Assurance service.  The individual can keep track of all their interactions, through approved service providers, and can protect themselves from identity fraud.

Such systems remove the need for usernames/passwords and single sign ons. They achieve authentication of identity with the devices used to connect.

Once an individual has access to multiple organisations the individual can Federate their own data across organisations, as required, and provide a low cost privacy friendly method for the sharing of personal information.

Once an individual has an Assured electronic identity this identity can be attached to any device agreed by any particular organisation for use with the organisation.  Identity Assurance is independent of the device used.  Devices can be identity cards, such as an Ehealth card, or it can be a passport, or it can be mobile phone, or it can be a credit card, or a travel card or even a national, state, or city identity card.

Deployment of Method 4

The Australian government can deploy Method 4 incrementally for low cost to both the government and the community.  The reasons are:

• There is no need for any changes to legislation to deploy it.  The new privacy law that became enforceable on March 12th can be used to allow holders of trusted identity credentials, such as Births Deaths and Marriages, to provide the individual access to their own records using the individual's own choice of method and using an agent of the individual's choice.
• There is no need to change any existing identification system to deploy Method 4.  Method 4 can coexist with any other existing scheme and can be introduced incrementally to any organisation. Method 4 can use the Federal Government Document Verification Service to provide immediate access to government trusted credentials.
• There is no need to change any existing IT system to deploy Method 4.  The only requirement is for organisations using the system to expose an API to service providers.  Opening up an API is technically equivalent to creating a webpage that can only be visited by service providers.
• The holders of credentials systems, can, if they choose, charge for access to their credential systems.
• There can be many service providers providing competition.
• There is unlikely to be opposition from privacy advocates because identity will remain siloed and under the control of the individual while providing access to law enforcement through the use of appropriate court orders.
• Community Organisations who have the goodwill and trust of their supporters will drive adoption; provided they benefit from the introduction of the system.  That is, instead of the service providers and governments being the main beneficiaries in terms of income and efficiencies the wider community can share in the benefits through support of an individual's community organisations of choice.
• Some Commercial Organisations, such as the large banks, are likely to support the initiatives because they do not compete on Identity Assurance and they gain from a common Identity Assurance System.

Opposition to Method 4

Opposition to Method 4 will come from those who currently benefit from the existing inefficient system or who see ways they can exploit the existing system and obtain a quasi monopoly or duopoly.  There may be opposition from foreign security services as Method 4 makes covert spying activities more difficult.  There will be opposition from the identity tracking industry who profit from tracking individual behaviour. There will be opposition from centralists who believe the government should monitor the citizenry for the citizen's own benefit.  There will be opposition from some IT security providers who believe that security has technical solutions independent of social structures.

It is difficult for organisations to change the way they communicate electronically with customers.  For the past twenty years technology and advertising models have lead organisations down the path of treating customers as cows to be milked rather than customers with whom to engage.  Big Data and the efforts to guess the needs of customers through personalisation has paradoxically lead to de-personalisation because it works by categorising people. Privacy Laws give organisations a once in a generation chance to move back to treating customers as partners in the exchange of goods and services.  The Australian Privacy Laws in particular have given organisations an opportunity to move to a true personalisation model of interacting with customers. Each customer can be treated as a unique person rather than a stereotype based on age, sex, income, ethnicity and occupation.  The Australian Legislation achieves this by allowing customers to suggest how they would like to view their personal information and to specify an electronic agent to facilitate the interaction. Organisations can choose to give customers access in other ways but they must justify their choice if it is different to that requested by the customer.

Welcomer has been designed to fill the role of an electronic agent acting on behalf of both parties.  The underlying premise of Welcomer is to provide a way for organisations to give customers the same access to their personal information as the personnel within the organisation.  This makes sense from an organisational point of view as they only have one way for data to be viewed. It builds trust in the customer as they know the organisation has nothing to hide.

To that end Welcomer is approaching the Privacy Officers of organisations who have strong Privacy Policies with a proposal to strengthen their Privacy Policies even further. This is achieved by treating customers as the same as Organisational staff with respect to access to personal information.

Following is an outline of an email we are sending to Privacy Officers after we have viewed their Privacy Policies and we agree that the organisation has a strong policy.

On the 24th of March 2014 at Entry 29 in Acton Kevin Cox presented to an audience how he got to where he is today at Welcomer.  From starting off as an engineer in Tasmania to founding Edentiti and now the CEO of Welcomer, where the team is creating a new product aimed at giving individuals access to personal information held by organisations. Event Info: https://www.eventbrite.com.au/e/e29-founders-series-kevin-cox-edentiti-powered-by-westpac-tickets-10970060747

In November,2013 Rory Ford represented WLPC and Welcomer Technologies at the Finovate Spring Product Launch, which is a demo-focused conference series in financial technology. It was here that he presented the idea of Welcomer to an audience and here is part of what he had to say: "WLPC's first product is Welcomer. Welcomer will initially be focused toward ecommerce sites and the technology is intended across a range of different segments. Welcomer removes the need for websites to have user codes/passwords to identify returning customers. Websites that deploy Welcomer can - with the person's permission - allow the person to move personal data securely between websites. This includes personal details such as name and address, preferences such as clothing size or preferred seat and also a person's cards and accounts."

Rory Ford - Product Manager at WLPC, November, 2013

The full presentation can be viewed at: http://finovate.com/white-label-personal-clouds/

The updated Privacy Act in Australia is pushing businesses to modernize their information systems. Failure to comply with the latest amendments can result in fines of up to 1.7 Million dollars.  Few, if any, businesses comply with a strict interpretation of the Act. The 18 months given to prepare for the change of policy has expired and most organisations fail to comply.  The Snowden revelations have provided a wake up call and we can expect organisations to be under pressure to update their systems.

The traditional approaches where organisations take full responsibility for user data is not scalable in a connected world.  A new paradigm that includes the individual is needed to make it feasible for organisations to comply with the Act.

Welcomer is one of an emerging group of companies who put individuals on a par with organisations so that individuals can help take some of the burden of protection of personal data.  It becomes possible for organisations to comply with the Act with these technologies whereas it is difficult to see how organisations can comply with business as usual where individuals are treated as objects not sentient beings.

According to Gartner, the authentication market represents a $2.2 billion industry for 2013. They also predict that by the end of 2016, about 30 percent of enterprises will have chosen cloud-based services as the delivery option for new or refreshed user authentication implementations.  This statistic is a 10 percent increase from current figures and Welcomer has the ability with it's Privacy Dashboard functions to provide organisations and individuals with simple scalable privacy friendly methods of connection and authentication.

Read more at:

http://www.arnnet.com.au/article/540973/privacy_laws_pushing_businesses_modernise_it_oracle_/

http://www.broadwayworld.com/bwwgeeks/article/Entersekt-Earns-Honorable-Mention-in-Gartner-Magic-Quadrant-for-User-Authentication-20140203#LzFwVE7p2i3bR1RC.99

Forbes Magazine online published an article based on Gartner research which outlines the ten strategic technology trends for 2014. Link to Gartner Report: http://www.forbes.com/sites/peterhigh/2013/10/14/gartner-top-10-strategic-technology-trends-for-2014/

The 10 directions are as follows:

1. Mobile Device Diversity and Management
2. Mobile Apps and Applications
3. The Internet of Everything
4. Hybrid Cloud and IT as Service Broker
5. Cloud/Client Architecture
6. The Era of Personal Cloud
7. Software Defined Anything
8. Web-Scale IT
9. Smart Machines
10. 3-D Printing

From this list there are three trends where Welcomer fits. Personal clouds, the Internet of Everything, and Hybrid Cloud and IT as a service broker.  Our latest project is a Data Privacy Dashboard, which will works with our Welcomer application.  The Dashboard and Welcomer work together by creating a personal space in the Cloud, where the individual is able to access and control personal information no matter where it resides.

Welcomer products, along with apps, add functionality and enable the Internet of Everything for individuals.  The Internet of Everything makes relationships between Individuals and Organisations and other Things transparent by remembering the connections between Things no matter what they might be and where the Things might be.  Welcomer technologies provides electronic representations of individuals in their different contexts in ways that preserve privacy, safety and security.