Hope x talk from Kaliya

I am going to put the links about joining the IDESG up front. Cause that was our intention in giving the talk to encourage folks coming to HopeX to get involved to ensure that the technologies and policies for for citizens to use verified identity online when it is appropriate and also most importantly make SURE that the freedom to be anonymous and pseudonymous online.

Given that there is like 100 active people within the organization known as the Identity Ecosystem Steering Group as called for in the National Strategy for Trusted Identities in Cyberspace published by the White House and signed by president Obama in April 2011 that originated from the Cyberspace Policy Review that was done just after he came into office in 2009. Here is the website for the National Program Office.

Links to us:

Aestetix –  @aestetix –  Nym Rights

Kaliya – @identitywoman  –  my blog identitywoman.net

     Aestetix’s links will be up here within 24h

We mentioned Terms and Conditions May Apply – follows Mark Zuckerberg at the end.

In the early 2000’s I was working on developing distributed Social Networks  for Transformation.

I got into technology via Planetwork and its conference in 2000 themed: Global Ecology and Information Technology.  They had a think tank following that event and then published in 2003 the Augmented Social Network: Building Identity and Trust into the Next Generation Internet.

The ASN and the idea that user-centric identity based on open standards were essential – all made sense to me – that the future of identity online – our freedom to connect and organize was determined by the protocols.  The future is socially constructed and we get to MAKE the protocols . . . and without open protocols for digital identity our ID’s will be owned by commercial entities – the situation we are in now.

Protocols are Political – this book articulates this – Protocols: How Control Exists after Decentralization by Alexander R. Galloway. I excerpted key concepts of Protocol on my blog in my NSTIC Governance Notice of Inquiry.

I c0-founded the Internet Identity Workshop in 2005 with Doc Searls and Phil Windley.  We are coming up on number 19 the last week of October in Mountain View and number 20 the third week of April 2015.

I founded the Personal Data Ecosystem Consortium in 2010 with the goal to connect start-ups around the world building tools for individual collect manage and get value from their personal data along with fostering ethical data markets.  The World Economic Forum has done work on this (I have contributed to this work) with their Rethinking Personal Data Project.

I am shifting out of running PDEC to Co-CEO with my partner William Dyson of a company in the field The Leola Group.

Aestetix and I met just after his talk at HOPE 9 around the #nymwars (we were both suspended.

So where did NSTIC come from? The Cyberspace Policy Review in 2009 just after Obama came into office.

#10 Build a cybersecurity-based identity management vision and strategy that addresses privacy and civil liberties interests, leveraging privacy-enhancing technologies for the Nation.

#13 Implement, for high-value activities (e.g., the Smart Grid), an opt-in array of interoperable identity management systems to build trust for online transactions and to enhance privacy.

NSTIC was published in 2011: Main Document – PDF  announcement on White House Blog.

Trust Frameworks  are at the heart of what they want to develop to figure out how navigate how things work.

MY POST the Trouble with Trust and the Case for Accountability Frameworks.

cybersecurity-framework  (paper)  Obama Administration just outlined . NSTIC is not discussed in the framework itself – but both it and the IDESG figure prominently in the Roadmap that was released as a companion to the Framework.  The Roadmap highlights authentication as the first of nine different, high-priority “areas of improvement” that need to be addressed through future collaboration with particular sectors and standards-developing organizations.

The inadequacy of passwords for authentication was a key driver behind the 2011 issuance of the National Strategy for Trusted Identities in Cyberspace (NSTIC), which calls upon the private sector to collaborate on development of an Identity Ecosystem that raises the level of trust associated with the identities of individuals, organizations, networks, services, and devices online.

The National Program Office was launched in  January 2012 and Jeremy Grant leads it.  You can read Commerce Secretary Locke comments at the announcement at Stanford.

I wrote this article just afterwards: National! Identity! Cyberspace! Why we shouldn’t Freak out about NSTIC   (it looks blank – scroll down).

Aaron Titus writes a similar post explaining more about NSTIC relative to the concerns arising online about the fears this is a National ID.

Staff for National Program Office

They put out a bid for a Secretariat to support the forthcoming organization and awarded it to a company called Trusted Federal Systems.

The plenary was and is open – to anyone and any organization from any where in the world. It is still open to anyone. You can join by following the steps on my blog post about it.

At the first meeting in August 2012 the management council was elected. The committees they decided should exist ahead of time had meetings.

The committees – You can join them – I have a whole post about the committees so you can adopt one.

So after the #nymwars it seemed really important to bring the issues around Nym Rights and Issues into NSTIC – IDESG.  They were confused – even though their bylaws say that committees. I supported Aestetix writing out a charter for a new committee – I read it for the plenary in November of 2012 – he attended the Feb 2013 Pleanary in Pheonix. I worked with several other Nym folks to attend the meeting too.

They suggested that NymRights was to confrontational a name so we agreed that Nym Issues would be a fine name. They also wanted to make sure that it would just become a sub-committee of the Privacy Committee.

It made sense to organize “outside” the organization so we created NymRights.
Basically the committee and its efforts have been stalled in limbo.

Links

Year 1 – announcement about the FFO , potential applicant Webinar – announcement about all the grantees and an FAQ.

• Daon, Inc. (Va.): $1,821,520
  The Daon pilot will demonstrate how senior citizens and all consumers can benefit from a digitally connected, consumer friendly Identity Ecosystem that enables consistent, trusted interactions with multiple parties online that will reduce fraud and enhance privacy. The pilot will employ user-friendly identity solutions that leverage smart mobile devices (smartphones/tablets) to maximize consumer choice and usability. Pilot team members include AARP, PayPal, Purdue University, and the American Association of Airport Executives.
• The American Association of Motor Vehicle Administrators (AAMVA) (Va.): $1,621,803
  AAMVA will lead a consortium of private industry and government partners to implement and pilot the Cross Sector Digital Identity Initiative (CSDII). The goal of this initiative is to produce a secure online identity ecosystem that will lead to safer transactions by enhancing privacy and reducing the risk of fraud in online commerce. In addition to AAMVA, the CSDII pilot participants include the Commonwealth of Virginia Department of Motor Vehicles, Biometric Signature ID, CA Technologies, Microsoft and AT&T.
• Criterion Systems (Va.): $1,977,732
  The Criterion pilot will allow consumers to selectively share shopping and other preferences and information to both reduce fraud and enhance the user experience. It will enable convenient, secure and privacy-enhancing online transactions for consumers, including access to Web services from leading identity service providers; seller login to online auction services; access to financial services at Broadridge; improved supply chain management at General Electric; and first-response management at various government agencies and health care service providers. The Criterion team includes ID/DataWeb, AOL Corp., LexisNexis®, Risk Solutions, Experian, Ping Identity Corp., CA Technologies, PacificEast, Wave Systems Corp., Internet2 Consortium/In-Common Federation, and Fixmo Inc.
• Resilient Network Systems, Inc. (Calif.): $1,999,371
  The Resilient pilot seeks to demonstrate that sensitive health and education transactions on the Internet can earn patient and parent trust by using a Trust Network built around privacy-enhancing encryption technology to provide secure, multifactor, on-demand identity proofing and authentication across multiple sectors. Resilient will partner with the American Medical Association, Aetna, the American College of Cardiology, ActiveHealth Management, Medicity, LexisNexis, NaviNet, the San Diego Beacon eHealth Community, Gorge Health Connect, the Kantara Initiative, and the National eHealth Collaborative.In the education sector, Resilient will demonstrate secure Family Educational Rights and Privacy Act (FERPA) and Children’s Online Privacy Protection Act (COPPA)-compliant access to online learning for children. Resilient will partner with the National Laboratory for Education Transformation, LexisNexis, Neustar, Knowledge Factor, Authentify Inc., Riverside Unified School District, Santa Cruz County Office of Education, and the Kantara Initiative to provide secure, but privacy-enhancing verification of children, parents, teachers and staff, as well as verification of parent-child relationships.
• UniversityCorporation for Advanced Internet Development (UCAID) (Mich.): $1,840,263
  UCAID, known publicly as Internet2, intends to build a consistent and robust privacy infrastructure through common attributes; user-effective privacy managers; anonymous credentials; and Internet2’s InCommon Identity Federation service; and to encourage the use of multifactor authentication and other technologies. Internet2’s partners include the Carnegie Mellon and Brown University computer science departments, University of Texas, the Massachusetts Institute of Technology, and the University of Utah. The intent is for the research and education community to create tools to help individuals preserve privacy and a scalable privacy infrastructure that can serve a broader community, and add value to the nation’s identity ecosystem.

Year 2 – announcement about the FFO, potential applicant webinar, annoucement about the grantees.

• Transglobal Secure Collaboration Participation, Inc. (TSCP) (Va.): $1,264,074
  The TSCP pilot will deploy trusted credentials to conduct secure business-to-business, government-to-business and retail transactions for small and medium-sized businesses and financial services companies, including Fidelity Investments and Chicago Mercantile Exchange. As part of this pilot, employees of participating businesses will be able to use their existing credentials to securely log into retirement accounts at brokerages, rather than having to obtain a new credential. Key to enabling these cross-sector transactions will be TSCP’s development of an open source, technology-neutral Trust Framework Development Guidance document that can provide a foundation for future cross-sector interoperability of online credentials.
• Georgia Tech Research Corporation (GTRC) (Ga.): $1,720,723
  The GTRC pilot will develop and demonstrate a “Trustmark Framework” that seeks to improve trust, interoperability and privacy within the Identity Ecosystem. Trustmarks are a badge, image or logo displayed on a website to indicate that the website business has been shown to be trustworthy by the issuing organization. Defining trustmarks for specific sets of policies will allow website owners, trust framework providers and individual Internet users to more easily understand the technical, business, security and privacy requirements and policies of the websites with which they interact or do business.Supporting consistent, machine-readable ways to express policy can enhance and simplify the user experience, raise the level of trust in online transactions and improve interoperability between service providers and trust frameworks. Building on experience developing the National Identity Exchange Federation(NIEF), GTRC plans to partner with the National Association of State Chief Information Officers (NASCIO) and one or more current NIEF member agencies, such as Los Angeles County and the Regional Information Sharing Systems (RISS).
• Exponent (Calif.): $1,589,400
  The Exponent pilot will issue secure, easy-to-use and privacy-enhancing credentials to users to help secure applications and networks at a leading social media company, a health care organization and the U.S. Department of Defense. Exponent and partners Gemalto and HID Global will deploy two types of identity verification: the use of mobile devices that leverage so-called “derived credentials” stored in the device’s SIM card and secure wearable devices, such as rings and bracelets. Solutions will be built upon standards, ensuring an interoperable system that can be easily adopted by a wide variety of organizations and companies.
• ID.me, Inc. (Va.): $1,204,957
  ID.me, Inc.’s Troop ID will develop and pilot trusted identity solutions that will allow military families to access sensitive information online from government agencies, financial institutions and health care organizations in a more privacy-enhancing, secure and efficient manner. Troop ID lets America’s service members, veterans, and their families verify their military affiliation online across a network of organizations that provides discounts and benefits in recognition of their service. Today, more than 200,000 veterans and service members use Troop ID to access benefits online. As part of its pilot, Troop ID will enhance its current identity solution to obtain certification at Level of Assurance 3 from the U.S. General Services Administration’s Trust Framework Providers program, enabling Troop ID credential holders to use their solution not only at private-sector sites, but also when interacting online with U.S. government agencies through the recently announced Federal Cloud Credential Exchange (FCCX). Key project partners include federal government agencies and a leading financial institution serving the nation’s military community and its families.
• Privacy Vaults Online, Inc. (PRIVO) (Va.): $1,611,349
  Children represent a unique challenge when it comes to online identity. Parents need better tools to ensure safe family use of the Internet, while online service providers need to comply with the requirements of the Children’s Online Privacy Protection Act (COPPA) when they deal with minors under the age of 13. PRIVO will pilot a solution that provides families with COPPA-compliant, secure, privacy-enhancing credentials that will enable parents and guardians to authorize their children to interact with online services in a more privacy-enhancing and usable way. Project partners, including one of the country’s largest online content providers and one of the world’s largest toy companies, will benefit from a streamlined consent process while simplifying their legal obligations regarding the collection and storage of children’s data.

Year 3 – ? announcement about FFO – grantees still being determined.

Big Issues with IDESG

Diversity and Inclusion
I have been raising these issues from its inception (pre-inception in fact I wrote about them in my NOI).
I was unsure if I would run for the management council again –  I wrote a blog post about these concerns that apparently made the NPO very upset.  I was subsequently “univited” to the International ID Conf they were hosting at the White House Conference Center for other western liberal democracies trying to solve these problems.
Tech President Covered the issues and did REAL REPORTING about what is going on.  In Obama Administration’s People Powered Digital Security Initiative, There’s Lots of Security, Fewer People.
This in contrast to a wave of hysterical posts about National Online ID pilots being launched.
They IDESG have Issues with how the process happens. It is super TIME INTENSIVE.  It is not well designed so that people with limited time can get involved.  We have an opportunity to change tings becoming our own organization.
The 9th Plenary Schedule – can be seen here.  There was a panel on the first day with representatives who said that people like them and others from other different communities needed to be involved AS the policy is made.  Representatives from these groups were on the panel and it was facilitated by Jim Barnett from the AARP.

• NAACP
• Association of the Blind
• ACLU

The Video is available online.

The “NEW” IDESG

The organization is shifting from being a government initiative to being one that is its own independent organization.
The main work where the TRUST FRAMEWORKS are being developed is in the Trust Framework and Trust Mark Committee.  You can see their presentation from the last committee here.
 

Key Words & Key Concept form the Identity Battlefield

Trust

What is Identity?  Its Socially Constructed and Contextual
Identity is Subjective
Aestetix’s links will be up here within 24h
What are Identifiers?: Pointers to things within particular contexts.
Abrahamic Cultural Frame for Identity / Identifiers
Relational  Cultural Frame for Identity / Identifiers
What does Industry mean when it says “Trusted Identities”?

• Datacard Group Announces Agreement to Acquire Entrust Inc. to Strengthen Trusted Identities and Transaction Security 
• IDology Supports Healthcare Organizations in Establishing Trusted Identities for Secure Access and Exchange
• IBM trusted identity initiative
• Telco Opportunity: Become Trusted Identity Brokers
• CSC Trusted Identity Enterprise Suite™ is an integrated approach which blends the latest technologies, systems, policies, and business processes to deliver solutions that are secure, efficient, and increase business value.
• Daon Trusted Identity Services (Formerly Known as SBCN) Wins Alabama Criminal History Check Contract
• Daon Trusted Identity Services (DTIS)
• Building Trusted Identity Networks

What is Verified?

AirBnB
Verified ID in the context of the Identity Spectrum : My post about the spectrum.

Reputation

In Conclusion: HOPE!

We won the #nymwars!

Links to Google’s apology.
Skud’s the Apology we hopped for.
More of Aestetix’s links will be up here within 24h

The BC Government’s Triple Blind System

Article about & the system  they have created and the citizen engagement process to get citizen buy-in – with 36 randomly selected citizens to develop future policy recommendations for it.
Article about what they have rolled out in Government Technology.

Join the Identity Ecosystem Steering Group

Get engaged in the process to make sure we maintain the freedom to be anonymous and pseudonymous online.
Attend the next  (10th) Plenary in mid-September in Tampa at the Biometrics Conference

Join Nym Rights group.

http://www.nymrights.org

Come to the Internet Identity Workshop

Number 19 – Last week of October – Registration Open
Number 20 – Third week of April