The first is Lawrence Lessig, author of Code And Other Laws of Cyberspace . His thesis is that technology allows us to build systems that operate differently from the real world, so in many cases we can't blindly apply real world laws. I'd always written off that line of thinking with "shuddup and pay for your music, ya lazy bum!" but he puts it in a completely different perspective. Computer systems can be built that will cause massive loss of privacy in ways the real world couldn't dream of, and we should be ever-vigilant against it happening--code (programs) are the reality of the net, and if we blithely let evil (my pejorative) code be installed and standardized then we'll all suffer the consequences. Buy his book--he does a much better, much more reasoned job than I ever could.
The other is Clay Shirky. Clay's a venture capitalist, so he's putting his money where his mouth is. This week his mouth is at openp2p.com , talking about Microsoft's Hailstorm and Passport technologies. He gives an excellent introduction to the business and the technology behind them.
After reading Shirky's piece, I realized that Passport is one of those evil pieces of software that Lessig describes. Once it's in place, companies will make it hard for you to buy things on eBay, rent cars, book plane tickets unless you use Passport (much harder to forge identities if Big Brother is managing them). If you don't surf with a Passport identity, then you're like a bum on 5th Avenue--confined to window shopping. It'll be worse than using Lynx on today's web sites ("sorry, you must have Internet Explorer 3+5i or better to use this site").
And don't think Government is going to come to the rescue. Hell no, they'll love it. Taxation becomes much easier if the merchant really does know who you are. Microsoft are setting themselves up to avoid Government complaints about the service, touting parents' ability to lock kids out of porn sites, and prevent personal information on their kids being gathered by web sites.
And don't believe the bollocks about "you decide how much information to reveal about yourself." That doesn't work today! Web sites simply won't let you in unless you give them certain bits of information about yourself.
That's not the worst part, though. That's just how spreads.
The worst part is that once your identity is locked up in a neat tidy ball and able to be automatically parcelled out to web sites, the inefficient tracking by companies like doubleclick will be replaced by highly efficient tracking through Passport. No more guessing at unique identifiers and all that bollocks. The last pretence of privacy and anonymity will disappear.
So even if Microsoft's Passport database isn't hacked. Even if they open it up to Linux servers. Hell, even if this was done in a distributed peer-to-peer no-central-Billopoly fashion, it would still be a bad thing. Knowledge is power, and Passport is all about giving Them knowledge about Us.