Thursday, November 20, 2008

LinkedIn or MySpace for Security Clearance Checks #risk #linkedin

I went over to visit Peter Went this week, his company WCC Group produces a Fuzzy Logic Database which amongst other things used for matching Biometric Data. He said he was going to be in Milan today giving a talk to start discussion on the following point.

Governments only really know about 5-10% of their population, a few because they have had a security clearance check performed and the restbecause they have a criminal record. The remaining 90-95% of their population they have no clue about, they only know whether they paid there taxes. (Percentages may vary slightly.)

A portion of the population does currently has a Social Networking account with a profile showing you who their friends are, so what if we assume guilt or innocence my association. My friend Peter Went, a connection on LinkedIn, is quite highly graded, I don't think he has NATO Blue Clearance, but it will be pretty high. One of my friends who works for Peter also has pretty good security rating, although maybe not as good as Peter. In this system I would get 7 points for knowing Peter and 5 for knowing my friend, which would give me a current average rating of ( 7 + 5 ) / 2 = 6. I also have a friend who fell on some bad times and spend a little time as a criminal, although he is now reformed his criminal past and is on LinkedIn he brings down my average rating to ( 7 + 5 + 2 ) / 2 = 4 2/3. Calculating all the way through my +4000 LinkedIn contacts you could discover that I am either good enough to even start a clearance procedure or not.

Added to that you could also weight people more or less based on the type of friendship we have, Peter I know, but have no real contact with besides from the occasional job offer. :) So we can weight Peter's score against mine giving me only a percentage of the points I received before. ( 7 * 1 ) I used to work with the friend who works for Peter, which you can extract from LinkedIn, so his rating should count higher against me. ( 5 * 2 ) In fact he gave me a recommendation on LinkedIn, which adds even more to my score. ( 5 * 3 ) When we then calculate the scores you see that Peter's score is less of an influence on my score than my friend. ( ( 7 ) + ( 5 * 3 ) ) / 4 ) = 5.5. Adding my reformed criminal friend will further affect my score.

This can be taken even further, the score of my reformed criminal friend has an effect on my score so it also effects Peter's, but not as much as it effects my friend who works for Peter. Depending on the depth of your algorithm this could effect Peter's score for a second time as my friend has a lower score, all because of the past actions of my reformed criminal friend. Any different algorithms will further alter the effect of the weights on those in my network.

There is no question something like this could be done, the question is whether it is morally correct to judge somebody not on their own actions, but on the actions of the friends of their friends? I know we are what we eat, but are we who we hang out with, or even who our friends hang out with?
Technorati technorati tags: , , , , , , ,