Inflexible security? Lighten up

Fellow Americans, it's time to ask ourselves if we are tired of living in a world defined by fear and mistrust. How much more freedom and liberty will we sacrifice in this never-ending quest for security?

Online security, that is.

Like when you just want to share a snapshot with Grandma. Should you have to remember passwords, navigate registration hoops and be sure she's on your sharing safe list?

It's a snapshot, not plans for a bomb. If it falls into the wrong hands, it's not the end of the world.

As more of our casual lives are spent online, we need to find a middle ground on security and privacy. Not every transaction and gateway needs the digital equivalent of a scowling paramilitary guard demanding to see our papers. Yet most of us aren't comfortable letting it all hang out online.

That's why I'm intrigued by an easy-access control system called Friendbo, which is being developed by a group of students and professors at the University of Washington.

It started in early 2007 as a classroom research project by Michael Toomim, a mustachioed 28-year-old Ph.D. candidate from Oakland, Calif. Professors saw potential and helped arrange a $50,000 grant from the UW's tech transfer program. Now Friendbo's a company with patents pending that may release its first application, for Facebook, in a few weeks.

Friendbo lets users put photos and other files in "safe boxes," which others can access by answering a simple question based on shared knowledge within a group of friends or family.

To see pictures from a party, you might have to know, "What was Joe wearing when he danced?" Toomim said a rugby player could give his team access to photos by asking, "On whose roof we celebrated beating Stanford?"

The goal is to "enable more semiprivate social content to go online," he said during a recent presentation to supporters of the UW Computer Science & Engineering Department. It's an alternative for times when "industrial access control systems" are overkill.

Online security systems use cryptographic locks and keys passed to trusted parties.

"We're simply giving you a prompt to get the key you already have," said associate professor James Landay, Toomim's adviser.

The security strength depends on the question, but in testing, at least 70 percent of the questions couldn't be guessed. It won't work for banks but might be fine for photo sharing.

Friendbo is also playful, so it may appeal to social networkers wanting more control over who sees material they post online.

Landay said it's aiming for a sweet spot: providing enough privacy without the hassles of current access-control systems. That could make people more comfortable sharing material online.

Friendbo is not just a security play. It's also intended to help people manage their online-friend lists. That's getting complicated, now that people have hundreds of friends on various sites. It gets even trickier to keep track of whitelists, blacklists and other systems for managing privileges.

The market for Facebook applications has cooled, but Toomim thinks Friendbo will find a niche there and elsewhere on the Web.

"If we provide people with actual value, let them do something they care about," he said, "it doesn't really matter what the state of the ecosystem is."

Brier Dudley's column appears Mondays. Reach him at 206-515-5687 or bdudley@seattletimes.com.