PII's Journey - Chapter 1

From the “What do two identity architects chat about while waiting for the plane to board” department.

Companies large and small gather personally identifiable information all the time (never mind that they rarely really need to, other than to fulfill their ill-conceived belief it will make my experience better or their wallets thicker). The data they get (lies, generally, unless it's important business) might be sent over TLS and the like, and may be covered by one or more privacy policies conveniently referenced far-far-away from the 'Submit' button... but there is never any mention what really happens to that data, after it's collected. Follow PII on it's epic journey through networks, servers and tapes in 'PII's Journey - an EPIC tale'.

It's a sad sad story....

Once upon a time, somewhere in one of the happier nooks of the internet, there was a little bit of data, named PII, just leaving it's owners computer, destined for important tasks at www.example.com. It was carefully sent, nice and snug under the covers of it's good friend TLS, and informed by some pleasing P3P policies, whereby it was assured no harm would befall it upon arrival at it's destination.

Feeling emboldened by anticipated loving care, it speed into the warm embrace of www.example.com's host, which was clearly identified by the DNS and the subject of a certificate upon which it's TLS road was paved (where said cooboration was of course carried out with the greatest of care).

Little PII, arriving in it's new home, is passed most respectfully to WWW's close friend and helper, apps.example.com, who generally assists in matters more complex than simple HTTP. PII looks backward, somewhat forlornly, at it's companion and confidant P3P and TLS, who accompanied him on the begin of his epic quest to conduct some important business.

PII arrives at apps (well it thinks that's her name, anyway), and is quickly swished through memory and swapped about a bit in apps file system, while apps performs what PII is certain is most difficult and arduous work. Variables and arrays and other structures serve as short stopping places. PII sees all sorts of other, unfamiliar and unrelated data too. Some seemed to be in classes, and PII wondered what instruction they were getting, and if they too were there for the same purpose.

PII doesn't mind so much the jostling and bumping about, knowing that it's mission is vital. At last, after what seemed like thousands of milliseconds, it is instructed to rest, with some other PII, at database.example.com... well, apps told PII that was his name... he arrived at a somewhat anonymous-looking dotted quad. Poor PII, not knowing what to do, and wishing to go home after recent mishandling, finds a row to rest in, and closes it's weary eyes.

PII dreams of the good times it spent with TLS and P3P, all the frolicking about, obediently following the directions of BGP and IP. It fondly remembers the comforting covenants of Jurisdiction and Purpose... of Recipient and Remedy. As the dream grows somewhat dark in nature, a shadow of database is seen in the distance, and PII sees itself moving slowly towards it, completely detached from Purpose and Reason, and with no special protections for its' journey. After fading into the distant ether, PII can no longer see itself, and hope's it's copy can remember all the promises made when it first began it's epic voyage.

Stayed tuned, for the continuing (mis)adventures of PII...