A certain gentleman who once worked at BBN on an NSA contract for key management system production had the unfortunate responsibility to refuse to answer simple technical questions – since he didn’t know whether the answer had been classified or not. Often, it’s the terminology that is classified (not the method) – meaning one violates laws even by using the codewords or even specialized technical terms with non-cleared folks. Finding this all rather ridiculous (but doing it anyway), he would listen to non-cleared folks ‘conjectures” about the meaning of or operation of some technical widget – particularly if it was transitioning from military to civilian applications. They would often quite wild and overly ambitious (not that he could deny or confirm this). But, they were often humerous – as folks found “inner meaning” in glimmers of interpretation of this or that.
So let’s play the game.
Let’s imagine that the US is committed to privacy (finally), and this means enforcing it. (It also means everyone ELSE has to enforce it similarly, so the US doesn’t suffer harm through it taking on more responsibility than others; everyone must suffer the pain equally!)
To take such a political hit (since this means the last 20 years of “market-led doctrine” failed, with the final end of Thatcherism and the last 10-years of gunboat diplomacy and wars of humiliation), the US has to get something else it wants – more desperately than giving up its “free market” privacy dogma. Of course, it cannot ADMIT it wants what it wants… (since it classified! to prevent folks getting a negotiating advantage!)
And of course that is the centralized gathering and scanning of “cybersecurity logging” records (purportedly to measure attack patterns by having lots of sensor nodes out there…). BUt, in the space of consumer privacy, this means having a mostly centralized directory service – that LIMITS who gets the directory record of users as the they wander out to some half-baked SP app site (that may not really give a damn about how it handles your privacy). The directory operator becomes the “privacy-policy” enforcement point – limiting who gets what, of personal identity attributes.
One sees in the Azure AD rollout EXACTLY this element of policy control, though Microsoft are going to some pains to hide the bigger picture. (Remember the palladium and Passport scandals!)
Now I cannot say that the bigger picture is exactly unwanted or socially undesirable; and is clearly no longer technologically difficult using webby technology. Actually it never was particularly difficult, as we proved in the Allied and US-internal-services shared military Directory(s) world 25+ years ago – using earlier forms of the signed-tokens now being contemplated in the world of OpenID Connect.
privacy – security – trust (by spying on the logs) :– the eternal braid group.