Session: Aspects of Identity

Fri, 2011-09-30 11:00 - 12:30

Concise Description:
This workshop covers the balance between privacy and security for Internet identity and the governance of online identity required to achieve this.
It addresses various debate points that are critical to the success of the Internet as so many aspects rely on the effective registration and authentication of individuals using digital identities.
It uses a panel debate to solicit discussion on 3 primary questions but aims to address other areas too:
1. When identities are used on the internet, how can the balance between privacy and national security be achieved?
2. How can trust in remote identities on the internet be achieved and maintained?
3. What Governance model would be appropriate for managing identities on the internet?

We have held workshops on this topic in the UK at Infosec, at EuroDIG in Serbia and now here at the IGF in Nairobi. We want to understand what this international audience, steeped in the complex issues of Internet Governance thinks. So our workshop facilitators will speak for a couple of minutes on three key topics. Each will pose a question and then open the floor to all for input and interactive discussion. We hope that we can move forward together to improved governance of identity on the internet for the benefit of individuals and service providers. The results and conclusions from the debates will then be published as a report and made freely available.

The British Computer Society (BCS), the Chartered Institution for IT has consulted its 70,000 professional members worldwide to determine what they consider to be the most important IT related issues facing organisation in delivering savings, stimulating innovation and enabling e-commerce over the Internet. One of the key issues is Identity Assurance.
EURIM as an advisory body to the UK Government has reached much the same conclusion and has a specific workgroup looking at Identity Governance.

Trusted reliable identities are needed for the safety and security of citizens and underpin many transactions, particularly where money changes hands or valuable service and entitlements are provided to citizens meeting defined nationality, age, or other status tests.
There are intrinsic risks associated with the creation of identity data, maintaining its integrity, security and non-repudiation that demand the highest standards of governance. However there is no central governance of the Internet so how can governance of Identity on the internet be achieved?

Is it essential that governments lead the way in providing and using identity assurance that is trusted by its citizens and international partners and is fit for a wide range of purposes? If not who should? Governments need to be able to: identify their nationals; collect taxes and deliver a wide range of services efficiently without fraud; warrant transactions and contracts within government and with its suppliers nationally and across borders; and ensure that the global internet is a safe and trusted place to do business.

The workshops will explore the key underpinnings of internet identity principles, assurance and management, rights and responsibilities, including information rights and privacy, in an interactive format. The key points for discussion will be:
1. Security v. Privacy, The Balancing Act:
• What principles need to be in place to ensure an individual’s right to freedom of opinion and expression (and why)?
• In the context of Information assurance what are legitimate National Security Interests (and why)?
• What safeguards should be in place to ensure that personal privacy is protected whilst not compromising national security?
• The whole concept of Identity Assurance is a bit “big brother” so how do you go about ensuring that Jack and Jill Doe “Trust” the process? For example, how do we ensure that raw seed information that feeds into the registration process and thus through to the Information Provider AND the Attribute Provider is both accurate and pertains to the specific individual (or persona)?
• How can we ensure that an individual (or persona) is who they say they are when they request a service, and if something goes wrong will there be a speedy restitution and redress process?

2. Remote Identity, Registration Authorities & ID Assurance:
• What is a root identity, what attributes make it up?
• Should biometrics be used as part of an identity, if not what else would offer an immutable link between the person and the identity?
• Who should have the authority to register a root identity and perform the level of background checks needed to establish identity beyond reasonable doubt?
• Will it be up to the individual to ensure that any information held by an Identity Provider is up to date and accurate (a responsibility), or is an individual’s “right” that the information is correct in the first place? Is it a case of ignorance is no defence!
• When we identify someone, we sometimes want to establish that they are a unique biological being as recorded on their birth certificate and sometimes that they are the same “persona” who did something at a different time. - What are the implications of this for the successful running of a multi-level Identity Assurance scheme?
• How can an individual control access to their biographic data (and biometric data) after enrolment in an identity scheme?
• What responsibilities should the citizen (identity subject) accept to ensure the Identity Assurance information held by the provider remains accurate and “current”?

3. Governance
• Why do we need governance of internet identity?
• Who should have control or should multiple organisations work together?
• How much should government and legislation be involved in online identity?
• What governance model will work?
• How do organisations establish a culture of privacy, to ensure that clients’ privacy needs are properly addressed from initial system proposals through to end of life decommissioning?

An short presentation on the topic will be given by a panel. For each key point of discussion the chair will then lead an interactive debate so participants can discuss the major discussion points under each question above.
The whole interactive seminar will then be fed back to all delegates and recorded for later dissemination. These workshops are being run at a UK, a European and a UN event to collect national and international views. These will then be collated and fed back to all participants and at a European event to be held in the UK and a report published for the IGF.

From twitter...

DamnThaSOPAMan (DamnThaMan)

Domain name seizures: The end of the dot com dominance? #in #icann #igf11 #cdntech #c30 #sop... cc @lamarsmithtx21

2 years 26 weeks ago

JoonasD6 (Joonas Mäkinen)

RT @asteris: Online identity panel seemingly p0wned by Paypal, preoccupation w strong ident for law enforcement; no privacy whips? #igf11 #153

2 years 47 weeks ago

asteris (Asteris Masouras)

Online identity panel seemingly p0wned by Paypal, preoccupation w strong ident for law enforcement; no privacy whips? #igf11 #153

2 years 47 weeks ago

asteris (Asteris Masouras)

#igf11 SOP #153 Aspects of identity room 14, Green ICTs & Innovation room 6 (where's the vid?), Youth safeguards room 13 #111

2 years 47 weeks ago