Chris Kranky

Recent Posts

Rights on M2M interfaces? Whose data is it?

Chris KoehnckeChris Koehncke

The discussion about M2M (Machine-to-Machine) interfaces has been a hot topic of late. Many of us already use these interfaces, we just don’t realize it., for example, consolidates all my financial information for easy viewing on their web portal., another financial  company, allows you to add outside accounts to their web portal which is automatically updated. I’ve used these services for months if not years with no issue.

Recently, a wrath of new travel services that provided consolidated information about your frequent flyer miles, activity and status. Helpful if you fly a bunch of different airlines and often forget where you have accumulated miles. I happily signed up with and provided it with the appropriate logon information for my various frequent flyer accounts. It quickly assembled a consolidated view of my activity.

However, just today, sent me the above email, informing me that American Airlines has asked them to “cease and desist” from accessing my data. Sadly, is now having to do some stupid browser extension (just what I don’t need).

The question is what right does American Airlines have to say who accesses my data. I gave my information and I’m not sure how different this is than me giving the same information to say an assistant or friend to look up my information. Now clearly there is a potential security risk, perhaps I have my credit card information on file with American Airlines. Likely, American will cite this as the primary reason they’ve taken this action.

But more likely, American Airlines wants me to come to their website to see my account information, providing them data on how often I access the data and opportunity for them to promote whatever they want. Now of course, if they said that, I’d be rightly upset. Well, I’m upset anyways because despite what they’ve said, I’m not stupid.

The whole issue of data privacy in a M2M interface is clearly going to arise. Who owns my data and who can access it? What’s ironic, the financial institutes seems to have found a solution, for what, I would argue, is much more valuable and information in need of security.