Identity Woman

Independent Advocate for the Rights and Dignity of our Digital Selves

Big Ideas

Speaking at Blockchain Summit India

· ·

I am in India as a New America India-US Public Interest Technology Fellow. My topic of study is Aadhaar the country’s national digital Identity system.
This Friday I am speaking at the Blockchain India Summit on a panel:
Aadhaar on Blockchain, a potential solution for continued innovation

The rapid march of Aadhaar came to a sudden halt with its declaration on acting unconstitutionally and violating fundamental Indian rights! This also halted new ways of innovation happening in FinTech. Is it time to redesign Aadhaar while ensuring the data ownership resides with the citizen and yet safe, secure and effective.

  • Vishal Gupta CEO, Diro
  • Sarang Bhoyar, Blockchain Program Manager, Infosys
  • Kaliya Young, New America India-U.S. Public Interest Technology Fellow
  • Dinesh Prasad, Asia Head, Ex- Qualcomm
  • Saurabh Katiyar, Program Head, NIIT
  • Moderator: Vaibhav Vardhan, Founder and CEO, Inc42 Media

It will be a bit of a challenge to explain/get across the new decentralized Identity and Self-Sovereign Identity tech without any slides and what will likely be one question. For those coming to find this site after hearing me talk here are some good resources.
Internet Identity Workshop – please join us to dive into the deep end of the pool with the community building the goals.
The W3C group on Decentralized Identifiers is in the Credentials Community Group 
The specification for Verifiable Credentials.
There is also this Comprehensive Guide to Self Sovereign Identity. If you are interested in it but can’t afford it just fill out this form. 

Here is some more about the conference from their web site:
The Summit is targeted towards enabling Indian government and ministries to speed up the process of developing a flourished Blockchain and Cryptocurrency ecosystem. Global Blockchain brands and government bodies are joining to make India, a Blockchain capital.

Vision Blockchain 2030!

Started with a vision to bring full transparency in Governance and a flourished economy for India in coming 10 years.

Blockchain Summit India 2019 is first edition in series of Vision Blockchain 2030. Indian Government, various ministries, country’s premium academic institutes and country’s most influential people are participating to support the initiative.

https://blockchain2030.co.in/agenda.html

Exciting SSI announcement was not well received by some

· ·

The Microsoft-Mastercard SSI alliance is great news, but some thought it was a bad thing.

By all accounts, Fast Company’s Cale Guthry Weissman is a good reporter who knows his audience. Informed that Microsoft and Mastercard were partnering to create a new kind of digital identity, he went to get some answers, assessed the situation, and wrote an article that called the alliance “frightening”

But the solution they offer–a one-stop, universal identification for any and all applications–would mean that every citizen would be entering into a system built by private companies that centralizes all of their personal data. Every digital company wants to be a data hoover, and this program seems to underscore the extent of this pursuit.
[…]
Overall, this announcement speaks to a common tone-deafness among large companies when it comes to privacy. While proving digital identity can certainly be onerous, some solutions may only imperil us even more.

  • Microsoft and Mastercard have a frightening plan to create “digital identities”, Fast Company 12/04/18

Weissman can be forgiven for such a sentiment; tech companies have a well earned reputation for turning their users into unwitting laborers  on data farms. But it should be noted that Mastercard isn’t “a tech company”. When Weissman reached the global credit card company for comment they explained their bold new venture with excitement, emphasising that they’re going to use trusted sources to give control to the user, who will “share only the information needed to conduct their transactions,” but it didn’t really seem to take. They came off like someone who walked into a party wearing a set of Google Glass, then tried to use the uncomfortable pause that it created to explain how his dork goggles weren’t just a mass surveillance tool, they were also going to change the world! The spokesman would have done better to explain that SSI applications are explicitly NOT “centralized” as Weissman came away understanding, but they appear to have got a bit carried away.

“The next update will let me see into your soul, but it’s nothing to worry about.”

It seems like a good solution because it is a good solution, but Mastercard won’t be able to sell it themselves

We have no reason to doubt that Mastercard’s excitement is earnest. Credit card companies live the third-party verification problem every day, because they’re third party verifiers. Mastercard sees ease-of-use and fraud prevention savings in this project that are meaningful, and are excited about being able to achieve them without having to handle customer data. They’re telling their merchants and cardholders: “Look! You’re going to FINALLY have control of your own verification process! No more 2 pieces of ID with a credit card, and we don’t even have to hand the process over to a data-harvesting behemoth to get it done! (You just know Facebook or Amazon would have underbid anyone to get their hands on card verification contract, and for all the wrong reasons.) But Fast Company isn’t inclined to take them at their word. After all, they are partnering with Microsoft, who would surely know what to do with a bunch of cardholder and merchant data.
Microsoft, for their part, declined comment, which is interesting since they have so many good people working on this project who could comment eloquently including Daniel Buchner, Pamela Dingle and Kim Cameron among others. Perhaps from the PR department the silence is born of experience. Microsoft is the butt of the funniest tech jokes, and is aware of the shadow they cast. There isn’t anything they say to the general public to convince them that an identity play they’re making isn’t just another way to sink their tentacles into their users a bit further. The process knowledge just isn’t out there. Best say nothing until it’s ready.

Microsoft have good reasons to be this helpful.

The Microsoft that dominated the 90s and early oughts got their lunch eaten by Google, Facebook and Amazon, who cornered users into a Faustian bargain that they didn’t even know they were making. Microsoft’s unbreakable hold on the enterprise software market financed attempts to compete in the data and advertising realm, but it’s clear by now that beating data harvesters at their own game isn’t in the company’s DNA. This identity play may be Microsoft doing the next best thing: taking them out at the knees by giving the data control back to the customers.
Facebook is able to give access Cambridge Analytica and others access to user data by virtue of the fact that they have it. They could (and still do) broker access to users via their data, because they have ongoing user consent. If the user revokes that consent, nobody is checking if they’re honouring that revocation.
But they can’t sell what they don’t have. A user-centred permissions system would allow individuals to give Twitch streaming access to their X-Box ONE account, or not. LinkedIN could offer seamless work history verification, which would allow for an easy transition into the corporate HR services business, handling payroll, insurance and benefits for enterprises – all newly simplified user centric verifiable credentials. There are all sorts of places Microsoft can organically grow their core software business once the framework is in place to allow users and organizations to provide and revoke data from each other… once they can get over concerns people have over how the system actually operates.
There is not yet an SSI killer app. While Microsoft would no doubt like very much to develop one, they’re probably just as happy having someone else strike the discovery vein that gets the public’s attention. Once the user base gets wise to their new-found control, a self-sovereign-ID-enabled Microsoft will be in a position to enter the 2020s as a major player in this new market place of decentralized identity and credentials under the true control of the user.
(With files from Braden Maccke. Feature image courtesy Humans Unlimited Blog.)

My Talk at New America on Self-Sovereign Identity & the Domains of Identity

· ·

The Future of Property Rights a program at New America just published a new report The Nail Finds a Hammer: Self-Sovereign Identity, Design Principles and Property Rights in the Developing World. I commented extensively on the paper before publication and they included the Domains of Identity within the report. It turns out that many of the Domains of Identity include registries. This whole perspective that registries as the root of many of our systems is very eye opening. Just like when one finds identity one sees it everywhere, it turns our registries are everywhere too.
Mike invited some key contributors to the paper to talk at New America. I presented about both Self-Sovereign Identity AND the domains of Identity … enjoy!!!
https://www.youtube.com/watch?v=U8bZ4GYFwKY

Three new SSI papers I helped Review

· ·

Last week was the Internet Identity Workshop and also in the past week there were two new papers released about Self-Sovereign Identity both of which I had a hand in reviewing.  ( A third just got released and it was added below in early November.)
They are both good papers and I recommend them.
The first one to be released by by the Future of Property Rights program at New America Foundation was A Nail finds a Hammer: Self-Sovereign Identity, Design Principles and Property Rights in the Developing World.  From the Introduction:

Our interest in identity systems was an inevitable outgrowth of our earlier work on blockchain-based1 land registries.2 Property registries, which at the simplest level are ledgers of who has which rights to which asset, require a very secure and reliable means of identifying both people and properties. In the course of investigating solutions to that problem, we began to appreciate the broader challenges of digital identity and its role in international development. And the more we learned about digital identity, the more convinced we became of the need for self-sovereign identity, or SSI. This model, and the underlying principles of identity which it incorporates, will be described in detail in this paper.
We believe that the great potential of SSI is that it can make identity in the digital world function more like identity in the physical world, in which every person has a unique and persistent identity which is represented to others by means of both their physical attributes and a collection of credentials attested to by various external sources of authority. These credentials are stored and controlled by the identity holder—typically in a wallet—and presented to different people for different reasons at the identity holder’s discretion. Crucially, the identity holder controls what information to present based on the environment, trust level, and type of interaction. Moreover, their fundamental identity persists even though the credentials by which it is represented may change over time.
 

The Second is by the Identity Working Group of the German Blockchain Association Self-sovereign Identity:  A position paper on blockchain enabled identity and the road ahead. 
From the Introduction:

Digital Identity is a field that matters to a seemingly infinite number of stakeholders from diverse backgrounds. Confronted with this extensive scope, we decided to structure this position paper around two major objectives:
First, to provide our readers with a structured overview of the identity field from the perspective of self-sovereign identity, and second, to motivate stakeholders in the identity community to embrace the idea of a universal identity layer and join us for the road ahead.
As a result of our collaboration in the identity working group in the German Blockchain Association, we propose the SSI model as a way to enable an identity ecosystem that is capable of solving many inefficiencies in existing identity solutions and addressing novel demands on identity in the emerging decentralised web. Whilst SSI systems can be constructed without the need for any blockchain system, blockchain systems can add significant value to SSI systems, as this paper will show. Ultimately, the universal identity layer that we describe is required to enable blockchain based decentralised systems and business models to reach their full potential.
Our aim is to present an overview that is independent from any one company’s product offering. We instead present an industry-wide consensus on the model of SSI that is geared towards the establishment of a truly interoperable and modular identity system that utilizes open standards. The paper can thus be understood as the baseline of agreement between all represented businesses from the identity space. The paper is an attempt to describe the universal identity layer from a high-level perspective with a focus on shared positions and agreement instead of going into technical implementation details that certainly matter but need to be discussed further on in the debate we intend to initiate with this position paper.

The Third report was pulled together by folks at GovLab NYU. BLOCKCHANGE: Blockchain Technologies for Social Change. FIELD REPORT: On the Emergent Use of Distributed Ledger Technologies for Identity Management

This is from page 54 which is part of a two page pull out by me :).

THE BLOCKCHAIN IDENTITY PARADIGM CHANGE
During our analysis, some have suggested that the above (enterprise) ID lifecycle is not representative of how blockchain can transform Identity. They have subsequently called for a new paradigm.
According to Kaliya “Identity Woman” Young: “The mental models of how identity is “managed” whether by an employer relative to an employee or by a government relative to a citizen or by an individual just logging into to a web service is disrupted by the new emerging standards of DIDs and Verifiable Credentials.

The authors did a literature of existing Identity Management research from academia that is not really familiar with current industry frames (a read a lot of this literature while I was in the Master of Science in Identity Management and Security and it was stale and out of date).  The case studies built on these existing frames rather then engaging from the current literature frames rather then new ones.
 
 
 
 

Interview: Voices of VR Podcast

· ·

I got to speak with Kent Bye on his voices of VR Podcast. We were together at the DWeb Summit and that set the context for our conversation. I hadn’t listened to this interview ever until today – it is fun. I laugh a lot. Enjoy.

Link to the episode website.

MP3

Kaliya Young (aka Identity Woman) has been working on digital identities for the past 15 years including helping facilitate the twice-a-year Internet Identity Workshop. These workshops lead to the Rebooting the Web of Trust workshops and the Decentralized Identity Foundation, which created a W3C specification on Decentralized Identifiers.

I had a chance to catch up with Young at the Decentralized Web Summit where we talk about the Decentralized Identifiers standards and the history of self-sovereign identity.

Self-Sovereign Identity for the Decentralized Web Summit

· ·

Introduction to Self-Sovereign Identity at the Decentralized Web Summit

I gave a presentation, “Introduction to Self-Sovereign Identity” at the Decentralized Web Summit in San Francisco, California, on August 1, 2018. Self-Sovereign Identity helps individuals have control over their own identifier. This talk shares the origins of the work and how it works.

Blockchain vs. CryptoCurrency: BridgeSF Talk

· ·

I was asked to substitute in at the last minuet to talk about the difference between blockchain and cryptocurrency at the BridgeSF conference on their Enterprise Day.
Here are links to what I cover in the talk:
Do You Need a Blockchain. This slide is from DHS S&T and Anil John  who is leading research int his area for that agency.

Supply Chain

Immutable Data

Identity on the Blockchain 

Slide from Anil John DHS S&T explaining Verified Claims.

The Known Traveller : Unlocking the potential of digital identity for secure seamless travel. World Economic Forum Report.
Crossing the boarder involves many parties. The United States and Canadian Government are collaborating in exploring how to improving boarder crossing and customs clearance. 
Coordination across many parties. 

Blockchain and Land Rights – work by Mike Graglia at New America Foundation

Joining the Community to engage further.

Conclusion:

 
Here are the Slides:

Self-Sovereign Identity at RightsCon

· ·

I gave a talk, “Self-Sovereign Identity” at RightsCon in Tronto, Canada, on May 18, 2018.

Self-Sovereign Identity at RightsCon

Self-Sovereign Identity technology has enormous potential to empower individuals and address privacy challenges globally. It uses shared ledgers (blockchain) to give individuals the power to create and manage their own identifiers, collect verified claims and interact with others on the network on their terms.

Identity is Changing: The Rise of Self-Sovereign Identity Infrastructure using Blockchain

· ·

I gave a presentation, “Identity is Changing: The Rise of Self-Sovereign Identity Infrastructure using Blockchain,” at InteroplTX on May 2, 2018.

Identity is Changing at InteroplTX

Identity can seem deceptively simple. We know who we are. Sometimes we have to convince others of that fact and confirm other characteristics: our age, our qualifications, or our right to access some services or tools. This happens every day over the Internet, but in ways that are disorganized, redundant, and risky. The lack of reliable, universal standards puts our private information at risk of public dissemination, fraud or worse.

A new set of standards is emerging that creates an infrastructure for self-sovereign identity that can scale. This talk looks forward to help you think ahead and prepare for this new infrastructure. We will walk through standards that together create a new identity infrastructure that leverages the blockchain. This isn’t about what you can implement tomorrow to solve your employee identity challenges or manage customer accounts. It will instead prepare you for the coming changes and help you play a role in shaping them.

My Identiverse: The Evolution of Digital Identity and Openness, Plenary Digital Identity and Embodied Practice

· ·

I was asked to give this talk at the What is Universe? at the University of Oregon, (on their Portland Campus). I cover the history of the Internet Identity Workshop and talk about its core nature as a torus / bowl a feminine form and how this has resulted in the innovation of Self-Sovereign Identity.

My post on CoinDesk: There is an Alternative to Facebook its Called Self-Sovereign Identity

· ·

I was explaining to my friends Tony Fish and Lubna Dajani  why I was so excited about the new self-sovereign identity. Some things that are exciting to me aren’t even clear to most people they are problems – like the phone home problem. You don’t encounter them until well into building a system.
Enjoy the article over on their site. https://www.coindesk.com/theres-alternative-facebook-called-self-sovereign-identity/
If it goes down ever I will put the text here.
 
 

Identity issues: Identity.Foundation vs. Decentralized.id

· ·

So the the Decentralized Identity Foundation has an “identity challenge” with a project pretending to be it – with a very similar domain name and trying to do a token sale.  I have a theory that almost all legitimate projects with real people and real work going on behind them also have fake projects shadowing them.  Anyways.
Here is the REAL Decentralized Identity Foundation Website: http://identity.foundation. Its got working groups and code and a blog on medium.  Its got a whole bunch of real people and projects behind it.
They are working on supporting the emergence of an open standard called DID.
Microsoft just made an announcement about their support and product integration of these emerging open standards.
 

So the FAKE site is Decentralized.id

It looks really polished and the first page says
YOUR ID: DECENTRALIZED
The DID Foundation, Decentraling your ID over the Blockchain. Sounds good right.  Protecting Your ID, Providing Trust, Crypto-Positive. It says one should Join The Foundation – if you do you get DID Tokens!
Then creating a supply 20,000,000,000 of them. They are selling them for .ooo1 USD. They accept BTC, ETH and BCH.
So I checked out their real “address” is at a hot desking space in London.

Decentralized ID is owned by Mr. Sheikh Abdullah Naveed. HE also has a hardware consultancy Torquesol UK Ltd. He has some other companies too – Tapfer Technologies Ltd  and Fry-Wi Ltd
_____
This whole situation highlights the need to have identity verification for organizations too.  The good thing is that this is something that the British Columbia Government is working on with a project called Verifiable Organizations Network 

Deconstructing Blockchain and Identity Projects: Velix.ID

· ·

This is going to be the first in what will end up being a long and ongoing series of posts that deconstruct various “blockchain and identity” projects. I was inspired to get started after getting a min into the video explaining this identity system and at least thinking ‘screaming’ in my head NO! NO! NO! that is a horrible horrible design you can’t do that with people and their ID information in the block chain. So then the next question is WHY and that is why I’m going to start writing about specific systems and really going into the details.  There is just some things that you CAN NOT DO with people’s identity information.
So here we go… Velix.ID Video:
We share our identity information everywhere – check 

  • Examples include, ordering pizza, getting laundry done, shopping online OR filling in KYC forms ok check but really are this all equivalent?

Accessing these many services scatters our ID everywhere Yup when we do businesses with companies they have information about us. 
We loose control of how our information is shared and used – Yep it is in their databases and could end up being sold or traded two third parties (other businesses we don’t transact with) 
We loose time with all that form filling. – Ok. Time that could be better used playing video games – ahh ok but some people actually take care of people and have physical hobbies who wrote this script and who are you appealing to when that is the thing you think people are needing more time for?
With Velix you can access these services instantly while you retain control fo your data and your privacy – Ok and how do you do this for realz?
So how does Velix work – do tell?
A user can create a profile and update all their information on it – ahh ok – where is the profile? 
All of the data will be associated with an 8 digital alphanumeric ID – WAIT STOP – all my information is associated with one 8 digit number? So if I share my number with one business and then go to a different business and share my 8 digit number with them – the businesses can use this information to know that I patronize both of them? My information can be correlated together. This is not a good design choice and is not privacy protecting. 
And this data is stored on the user’s own device, never with Velix. – ah ok and what if I loose my device?
This Velix ID can be shared by the user to access  any member services with any business instantly and securely – Wait, how?
If any business has already verified information of a Velix ID user other businesses don’t have to repeat it. The new business on the Velix.ID can simply request the verified identity from the business organization that has already verified it through Velix.ID blockchain – So this raises lots of alarms, getting verified ID information from one business that I do business with requires I reveal who I do business with and has verified things about me and for them to go to the trouble to releasing the information.
To facilitate these transactions and identities Velix.ID has developed its own native utility token called VLX. During the transaction the business requesting the identity pays VLX and a tiny bite is taken by Velix.ID and a tiny bite is offered to the user for their generous act of giving consent for the transaction to occur and the rest goes to the verified identity provider. – mmm ok but we still have all these challenges of linking and connecting things together. 
This process saves time and money both for consumers and businesses.  And keeps the users identity information secure and private – i’m not really clear how. Individual’s identity information is still shared with businesses I do business with. 
The next time you face  boring and unsafe personal identity verification use your Velix.ID instead. A frictionless experience of identity sharing – mmm…only if the relying party is in this system and accepts these types of identity.  

Reading the White Paper on their website
A few lines stood out and raise red flags.
In the Abstract: The primary reason why a disruption in the identity-verification (IDV) space has not het happened is the lack of a tested/proven trust-framework on which all institutions, globally can rely on for sharing costs and liability of identity verification. Velix.ID aims at bridging this gap by building a universal, obscure, transparent, decentralized, time efficient, and cost-efficient ecosystem for identity verification.
So there won’t be ONE global framework for everyone to get all their identity verified. Just won’t the world is to big and there are to many different types of identities, types of transactions and needs of people. 
 
All identity holders on the Velix.ID ecosystem possess a unique identity number to which all fo their data will be associated!!! red flags all over the place all my stuff about me associate with one number this IS the issue we have now. That identity numbers that are universal and point at me. They create massive correlation issues – you guys need to read the Laws of Identity and understand one of those key concepts – the Law of Directed Identifiers
Level 2 Advanced PII – the platform will be capable to store nonstandard and industry specific data for an Identity on the Blockchain – WAIT HOW? NO PII  should ever be store anywhere on a block chain. 
In the Appendix: They want to issue Velix.ID cards to people, with their 8 digit number. They say this will let you check-in to airports and hotels – but ONLY if these institutions accept the Velix.ID as an identity provider. 
How can this be a universal ID system if there aren’t even a Billion Numbers in the 8 digit name space. Is that the main giveaway that this is just a total scam?
So there is also  plan to have an NFC reader that would would be able to manage access control to physical spaces. – Ok…but really? Cause this problem is mostly solved for employees and students. 

Is putting hashed PII on any immutable ledger(blockchain) is a bad Idea

· ·

I decided to open a thread On Twitter for ID & security professionals to share why (/if) putting hashed PII on any immutable ledger(blockchain) is a bad Idea.
Not everyone agreed that it was bad if certain things were done right.
There were 15 direct responses and then a whole lot of subthreads. I have pulled out all the subthreads. All tweets are linked to. Yes…all of them. Let me know if i missed a thread and I will pull it in. Let me know if you post about this thread on your blog – I will post a link. Also I am giong ot share this with the identity gang list – you can join it here: https://lists.idcommons.net/lists/subscribe/community
Jeff Lombardo also made a summary of the conversation on his blog. https://x-iam.com/can-blockchain-solves-the-privacy-of-identity-connundrum.html
 
[Read more…] about Is putting hashed PII on any immutable ledger(blockchain) is a bad Idea

What is Self-Sovereign Identity?

· ·

Here is me on a the Creative Futurism podcast talking about Self-Sovereign Identity.  We don’t go into the technology details but stay with the big picture concepts. What is happening is we finally have the pieces coming together for an identity layer of the internet where people are in control of their own identities.
This technology will have significant implications for how people interact with governments, how people manage their relationship with businesses, how we do banking, how we manage our medical and educational records and how we relate to each other peer to peer.

Self-Sovereign Identity is now possible because of these technologies.

Probably the most important one, that is often not recognized or observed that often because we focus so much on technical technologies rather then the social technologies that makes their innovation possible.  I just wrote an article about this for Open Democracy.
The Social Human Fabric: This is critical to why we actually are having these breakthroughs woven together to create the open standards for self-sovereign identity to become real.  A dedicated group of individuals that have been actively meeting face to face twice a year for over 12 years at the Internet Identity Workshop, and other industry events like the RSA Conference, Cloud Identity Summit and the new kid on the collaboration block Rebooting the Web of Trust.
Smart Phones: The iPhone is 10 years old and is key to supporting the individual having a computer in their pocket to manage their identity attributes and private keys.
Cloud Computing:  Key for individuals having  cloud agent and wallet
PKI – Public Key Infrastructure: This is not new either first created over 25 years ago. It is the basis of encrypted communication but there have been huge usability challenges that have prevented usage
Shared Ledger Technologies (also called Distributed Ledgers or Blockchains): Key for storing Decentralized Identifiers and the public keys associated with them. This creates the framework for decentralized yet globally resolvable
Open Standards for Decentralized Identifiers – DIDs: Community leadership worked hard to support those working on decentralized identifiers on block chains to actually collaborate on a minimally common set of protocols.
PairWise or Directed Identifiers: For each relationship with each person or entity in the system individuals create a pairwise identifier – a unique identifier a new DID just for that relationship. This means they don’t leak information by using the same DID for different connections / relationships.
Open Standards for Verified Claims: This work has been going on for many years at the W3C and leverages the Decentralized Identifier standard to empower issuers to issue verified claims to individuals. These include courses taken or degrees issues

How does it work?

This is still being figured out.
I have seen working wallets in the lab.
Individuals have to get an Edge Wallet – an application on their smart phone and set up a relationship with a service provider to support their cloud wallet. Wait a second they have to trust another service? Yep think of this like a bank account – we have a network of service providers that help us store and manage our money – but it is our money – not theirs. We always have the right to move service providers to change who we trust to work on our behalf in this ecosystem.  Then using these tools we create a Decentralized Identifier a DID and this gets published into a distributed ledger. Its a really really long number that we prove we own because attached to it in the DDO (DID Document) is a public key.  In your wallet is a private key that proves you are the owner of the public key in the DDO and thus the owner of that identifier.
All identity information is stored in the cloud agent.  NO IDENTITY INFORMATION IS EVER STORED on CHAIN.
Individuals who want to maintain separation between all their different identities will be able to do so because each relationship has a different DID associated with it.

What can it Do?

This is the infrastructure for individuals to start sharing and collecting identity information that they collect and manage without third parties seeing where they share it/how they transact.
It is also the infrastructure for individuals to start connecting to each other one-on-one to connect with secure encrypted channels for sharing and connection.
It is new infrastructure for social sharing and collaboration providing a place to root individuals identities that provide the opportunity for real alternatives to centralized networks like Facebook.

Identifiers: A Field Guide

· ·

Tim Bouma wrote a post about Trusted Digital Identity.
In it he unpacks several terms including this one

Identifier: Anything (name, numbers, symbols, etc.) that uniquely distinguishes a member of a population from another member.

I don’t think this definition gets at the complexity of all the things that can be identifiers and how to distinguish them from one another.  In 2014 I began working on what I called a field guide to a whole bunch of aspects of identity.  This is the section that I wrote about identifiers.  I am republishing it here and would love feedback – which I will incorporate into this version of the post.   A complementary post is up that looks at a very nuanced discussion of what an identifier actually is What is an Identifier?.
I should say that the frame of a field guide is intentional. We are in a landscape of a range of identifier types – that we need to understand and distinguish among just like the autobahn society created the field guide to birds so we could understand them and their characteristics in different ecosystems.

Identifiers

For people Names are a special class of Identifiers. They are both self-asserted by people and are used to refer to them and acknowledge them in social context.

System Identifiers

In systems, bureaucratic, digital and techno-bureaucratic identifiers are alpha numeric string pointers at/for people in systems.
This may seem simple but their are many different types and a person with a record in a system will likely have more then one type. To get these different types of identifiers I will share different examples.

Persistent Correlateable Identifiers

This type of identifier is re-used over time within contexts and across multiple contexts.
Examples
Student Number – When I enrolled at my university I was assigned an 8 digit student number. This number was persistent over my time as a student at the school. When interacting with school institutions I was asked to share this number so that activity could be linked together across different facets of the institution.

Social Security Number – This number is issued by the federal government to those born in the US as part of the standard process for being born. It is meant to help those who submit money to the SSN system and when they retire be able to collect money from the system.
Aadhar Number – This created by Indian government for each resident of India. To get a  number and individual enrolls all 10 finger prints, two iris scans and a photograph – 13 biometrics. Their is a check to see that this person has not registered already and then a number is issued to them.
Phone Number – People today often have a personal number that they use across many different contexts. It is common place to ask for a phone number to be able to contact a person. What people don’t know is that those are used to look people up in data broker services. The phone number is used to link together activity across contexts.
E-mail Address – Many people have one personal address and use it These are often used across different contexts. What people don’t know is that those are used to look people up in 9data broker services like RapLeaf.

Assigned Identifiers

These are assigned to individuals by systems of government and businesses to support them being re-identified when they return to an entity to interact again.  This is from section 7.4.2 of the PCIM Validation Standard.

Once associated with a person, an assigned identifier uniquely distinguishes that person from all other persons in a population without the use of any other identity attributes. Examples of assigned identifiers include birth registration numbers, driver’s license numbers, and social insurance numbers. The following considerations apply to the use of assigned identifiers:

  • Assigned identifiers may be kept internal to the program that maintains them. Examples of internal assigned identifiers are database unique keys and globally unique identifiers.
  • Assigned identifiers maintained by one program may be provided to other programs so that those programs can also use the assigned identifier to distinguish between different persons within their program/service population; however, there may be restrictions on this practice due to privacy considerations or legislation.
  • Certain assigned identifiers may be subject to legal and policy restrictions. For example, the Government of Canada imposes restrictions on the collection, use, retention, disclosure, and disposal of the social insurance number.

 

Directed Identifiers

A directed identifier is created to support individuals using different identifiers in different contexts. The purpose of this is to inhibit the ability to link records across contexts.
Examples
The British Columbia eID System – This system enrolls citizens and issues a card to them. When the card is used to access different government systems by the citizens. It does not use one identifier for the citizen. Rather for each system it uses a different identifier for the system – an identifier directed for a particular system.

Decentralized Identifiers, DIDs this type of identifier can be easily created and therefore can be directed – meaning that individuals only use a particular DID for interacting with a particular institution.  The reverse is also true. Institutions can created a separate DID for each connection they have to each individual.  Sovrin and Veres One are working on creating ways for directed identifiers being accessible to individuals and institutions to manage their connections to one another.

Defacto Identifiers

By combining a name names, and key attributes together systems use this combination to create a defacto identifier which uniquely identifies a person often in the context of a whole society. An example is the us of “name” “birth date” and “birth place”. It seems innocent enough to be asked for one’s name, birthdate and place but this becomes a persistent correlateable identifier to link and track activity across many systems. The creation of defacto identifiers that are persistent and correlateable limits people’s ability to control how they present in different contexts.

In the process of creating a feedback loop related to this article Tim pointed to section 7 of this work under development by thePan Canadian Identity Management efforts. Now his definition above makes more sense. In section 7.4 they talk about identity this way.  They are oriented to defect identifiers to ensure uniqueness.

A property or characteristic associated with an identifiable person is referred to as an identity attribute or an identity data element. Examples of identity attributes include name, date of birth, and sex. For any given program or service, identity information is the set of identity attributes that is both:

  • Sufficient to distinguish between different persons within the program/service population (i.e. achieve the uniqueness requirement for identity); and
  • Sufficient to describe the person as required by the program or service.

Section 7.4.1  says this:

The set of identity attributes that is used to uniquely distinguish a unique and particular person within a program/service population is referred to as an identifier

Opaque Identifiers

An opaque identifier is one that does not give away information about the subject it identifies.
Examples of Opaque Identifiers
The BC Government eID program has at its core an opaque identifier on each card – it points to their card record. It is just a number with no meaning. If they loose their card a new opaque identifier is issued for their next card.
Examples of Non-Opaque Identifiers

Examples of Non-Opaque Identifiers

National Identity Number in South Africa contains a lot of information it is a 13-digit number containing only numeric characters, and no whitespace, punctuation, or alpha characters. It is defined as YYMMDDSSSSCAZ:

  • YYMMDD represents the date of birth (DoB);
  • SSSS is a sequence number registered with the same birth date (where females are assigned sequential numbers in the range 0000 to 4999 and males from 5000 to 9999);
  • C is the citizenship with 0 if the person is a SA citizen, 1 if the person is a permanent resident;
  • A is 8 or 9. Prior to 1994 this number was used to indicate the holder’s race;
• Z is a checksum digit.
The US Social Security Number is created via a formula and so the number gives away information about the person it identifiers.
Phone numbers give away information about the metro region that a person was issued the number from.

End-Point

Some identifiers that represent people are also end-points to which messages can be sent.

Physical Address

It is often forgotten in conversations about digital identity that we had a system of end-points for people before networks known as a mailing address. They system of mailing addresses was developed and is maintained by the US postal service.

Network Address

Phone Number – Now with cellular phones people have their own phone numbers (not just one for a household or their workplace as a whole). This permits both voice calls being made, text messages and MMS Multi-Media messages. The name space for phone number originates from the ITU-T. They are globally unique. They are also recyclable.
E-mail Address – These addresses permit people to send messages to the address they have. They are globally unique. The name space for domain names resides with ICANN. They are also recyclable.

Device Identifier

Many digital devices have unique identifiers. Activity on digital networks can be linked together by tracking these activity originating from particular devices even if people using them .

Non-End-Point

These are identifiers that do not resolve in digital or physical networks.

Document Identifiers

Documents like birth certificates have serial numbers that identify the document.

Document Validation Systems

These systems are used to look up which documents are infact valid. When properly constructed they don’t give away any information about the person. Those using the system type in the serial number of the document and information it contains and the system simply returns a Yes/No answer about weather it is valid or not.

Beacons

A beacon actually broadcasts from a digital device a persistent correlateable identifier to any device that asks for it. It creates a form of tracking people and their devices in the physical world.
Examples
RFID chips, cellular phones, laptop computers

Polymorphic

These systems generate different identifiers depending on context.
Examples
The BC eID system way of using one card that then supports the use of different identifiers depending on context.

Time Limited & Revocable

Some identifiers are created and point at a person but are revocable. An example is a phone number that is after one stops paying one’s phone bill for a month is re-assigned to another person. An employee at a company may have an employee number that is revoked (no longer valid) once employment is terminated. A passport number is an identifier that has a time limit it is good for 5 or 10 years. A landed immigrant card (green card) in the US is only good for 10 years.

Un-Revocable

These identifiers are persistent and are not revoked. Examples include Social Security Numbers.

Identifier Issues

Identifier Recycling

Some identifiers are in systems where identifiers that point at one person can be discontinued (they stop paying their phone bill or using their e-mail address) and then the identifier can be re-assigned to a different user.

Delegation (Acting on Behalf of Another)

This functionality is critically to a variety of user populations. Elders who want to delegate access to their accounts children. Service professionals who have contractual relationships with clients such as an accountant managing access to financial & tax records. Most systems are designed with an assumption that people themselves are the only one accessing accounts. This creates a problem when people want to delegate access they have to turn over their own credentials so the person they are delegating to “pretends” to be the actual user.

Stewardship (Care-Taking – Oversight)

Their is another role that is slightly different then delegation when someone turns over a power of attorney like function for a particular account/set of functions. Stewardship of identity is the type of relationship a parent has for a child’s identity or the type of care needed to help the mentally disabled with their interactions online.

The Mesh of Pointers

We end-up with a way that identifiers work together as a web of pointers towards a particular individual.

 
 
 

What is an Identifier?

· ·

Tim Bouma wrote a post about Trusted Digital Identity.
In it he unpacks several terms including this one

Identifier: Anything (name, numbers, symbols, etc.) that uniquely distinguishes a member of a population from another member.

Part of  Tim’s definition resonates with a conversation I had with Jean Russel in 2009 that I thought I would share that to support a very nuanced and specific conversation about what identifier actually are and how they work in the physical world and digital world. This complements the  Identifiers: A Field Guide post.
Identifiers
Kaliya  and Jean Russell share a dialogue, learning from each other about reputations and currency. (I write in third person because I want to attribute appropriately to each, and yet this is done together). We have a sense of the overall map of ideas, and we want to start with some core concepts that the work depends upon.
We begin with identifiers. We discuss below what identifiers are and how they work in meat-space. Our next post covers identifiers in the digital context.
Jean: SO….What is an identifier?
Kaliya: An identifier is a pointer to a person or an object
Jean: A pointer to a person or an object?
Kaliya: There are generic identifiers – rose, cup, chair…
Jean: So a word can be an identifier?

Kaliya: Yes. To have a more specific identifier “the green chair over in the corner” identifies it (the specific green chair) …relative to others in the same context – a room, for example.
Jean: Okay, I think I get what you mean by pointer. An identifier allows you to identify something to someone else in a shared context.
Kaliya: Yes. So people’s names identify them in our shared social spaces. They are identifiers too.
Jean: So in meat-space we are using identifiers all the time when we use language together.
Kaliya: However, I am not my name, I have a name – it points to me. You have a name – it points to you.
Jean: Okay, so the name and what it refers to are not the same thing. One is pointing at the other. And there are different kinds of identifiers, then? Like chair is vague and green chair in the corner is specific and my name is specific to me, pretty much.
Kaliya: Chair is a generic identifier, yes. Well, it is specific to you in a social context. Green chair in the corner is more specific. I might want to identify a very particular green chair. I would look on the chair to find the manufacture serial number for it, or I might want it in my company/personal inventory and “assign” it a number identifier for that specific chair.
Jean: Right, so there are degrees of specificity in identifiers.
Kaliya: So people’s name are specific in a social context. They might be more or less “specific” because there is more than one person named Jean in the world and even with my name there is more then one Kaliya. But in my social world – the people I know – I am the only Kaliya. I know several Mary’s though so I have to get more specific when talking about them using a last initial or a last name.
Jean: Okay, so there is an element of uniqueness that is important in an identifier? To successfully identify the object, the identifier needs to be unique?
Kaliya: Yes, unique within the context.
Jean: So we seem to navigate this pretty well in our everyday lives, and we ask for more specificity when we need it.
Kaliya: Yes.
Identifiers in a Digital Context
Jean: Can you explain what identifiers mean in the digital environment?
Kaliya: So, when I am at a dinner party with two Mary’s and having a conversation you signal who you are talking to/about via gestures and stuff – you layer in more info about who you are talking about. Or you might, in a conversation in digital chat, say “Mary R” or “Mary H” because you don’t have bodies and social gestures to layer in. So when we go into digital realm – on the internet, what is the context we are in. So when someone goes to a website and gets an account, they get a username.
Jean: Right, I do that all the time. What does that mean?
Kaliya: The site – often checks to see if anyone else has that username, if they do…you can’t have it because someone else has “that” identifier already.
Jean: So I might be able to get ‘Jean Russell’ on one site but not on another, for example?
Kaliya: Well likely you wouldn’t have a space in your username, so ‘JeanRussell’ or ‘Jean_Russell’
Jean: Ok, so no space, so the code can read it, but I might get ‘JeanRussell’ on one space but not on another, on that next space I get ‘JeanRussell6′
Kaliya: In a way, identifiers for people are like digital bodies, but they were weird cause they wouldn’t let you bring a “body” from another site/context into their site/context.
Jean: Every site you went to – every new site – they would make you get a new “body” a new identifier for that site. Ah… I don’t want to keep track of all those bodies. This is so annoying. I am one person. I want my name to be the same regardless of what site I am on.
Kaliya: Well yes – exactly, so the question is how do you have a unique identifier, that “works” for you across the whole internet. This is what OpenID does. It creates a way for you prove you “own” or “have control of” (as in knowing the password for an account). You need to be Unique within a bigger context then just that website, so the large sites allow users to take the identifier within their space and use it other places. So you can use your Yahoo! ID or MySpace ID and log into other websites. OR you could go and buy a domain name just for you – and use it. So I own http://www.kaliya.net and it is set up so that I can use it as my open ID.
Jean: Well that seems to make it easier. But I still don’t get how it is working compared to the JeanRussell who already signed into this site I am trying to get into
Kaliya: You are just JeanRussell within that context – that website. Identifiers in the digital world, to be effective – need to be unique globally. URLs are all Unique. There is a name space….and domain names – are unique, a global registry, makes sure that no two people/companies/organizations own the same domain name.

Digital Bodies and User-Centric Identity
Jean: Kaliya, we left off our last chat talking about digital bodies and the importance of context with identifiers. Can you say more about digital bodies?
Kaliya: Well lets start with physical bodies – we have just one of these. So when we walk around in physical space people recognize us because we are in the same body we were last time. We only get one and over time is ages but basically it doesn’t fundamentally change and we can’t “get another one.” Last time we talked about identifiers and having the ability to have a globally unique one that you could take with you around the web. This gives you a freedom to move between websites and take your “digital body” with you. The difference is that in digital space you could make yourself several different “digital bodies or identifiers” that were globally unique that you would use in different contexts.
Jean: I am already a second body by creating the first digital body, right? Since it isn’t my physical body?
Kaliya:   🙂
Jean: So having many bodies is even more to keep track of and create?
Kaliya: The digital identifier you create that points at you – is like another digital body. Maybe you want to just be http://www.jeanrussell.com everywhere on the web. Maybe you want to have a professional life “identifier” and a personal life “identifier” that separates those two aspects.
Jean: You mean I can manage those bodies instead of having each platform define them for me?
Kaliya: Yes. An example that was brought up yesterday here at Super Nova by danah boyd was that of a teacher. That a teacher is working in front of children – they can’t be seen to be sexual (having a normal dating life) or drinking alcohol (as a normal social adult). So this is an example where someone in that profession would create an identifier they use to connect to their students on social networks and comment on blogs etc.
Jean: Right. That makes sense. Even in my physical body in the analog world, I am showing different facets of myself in different contexts.
Kaliya: They need to have a different identifier they use for their social connections to other adults – in their dating/social life. That same teacher might be politically active – as they have a right as a private citizen to be and those political views well within the spectrum of points of view that are acceptable might not be “the same” as those in their particular town or neighborhood – say a strong environmentalist in a very coal producing town. So they want to take action and voice opinions and share with others who are other active citizens. They would need a different digital identifier for that.
Jean: So, it feels like an advantage to have the ability to manage these digital bodies based on the context they show up in? And thus the community they mesh with in that context?
Kaliya: Back to our first conversation it would be great if they didn’t have to get a new identifier each time they went to a different environmental site – a portable one for them within that context of environmental activists. Yes, contextual management is important. The tools to support individuals doing this are just beginning to be conceptualized and developed.
Jean: So what I hear you saying Kaliya, is that we need our digital bodies to be a reflection of the facets of ourselves and the intersection of those facets with the communities we participate in. This is not defined by platform as much as it is our practices online.
Kaliya: Yes – an we need open standards that give us the freedom to move around the web with identifiers (digital bodies) from one website to another. This has to do with the underlying architecture of the social web that platforms build on. How we use these platforms and tools is complex. To have good practices, we need development of “web” (which had internet below it) and then on top of that is a layer where identifiers are – and applications that use them. then there is an emerging set of standards to move information we generate in social contexts around between sites these are called activity streams. So a website is a context, a group within a site is a context too. Each google group you are in is different – its own cluster of people.
Jean: Right, although there might be some overlaps, that can’t be assumed that I want to show the same facet of myself to all of my google groups.
Kaliya: There are sort of meta contexts – so a network of environmental activist sites would be an example of that.
Jean: Right, a site like Zanby does that for One Sky. Or Ning, or is that more of a tech context and not a purpose context. [Kaliya: and neither uses OpenID]
Kaliya: I guess you can think of it as topic contexts and platform contexts. One of the issues is that most platform contexts do not support being able to switch between different login/handles/identifiers very easily at all. You might have a personal yahoo account and a professional one, on ning too, same deal.
Jean: Right, like on twitter, I was working around that by using api clients or using different browsers!
Kaliya: Right, or logging in and logging out. Mozilla is working on a project to help people manage their ID’s within the browser. The platforms would like us all to “just have one identity” and not switch between but this is not realistic.
Jean: Right, getting back to that teacher example – she may want to be in touch with students on facebook… and want to keep her personal life in a different name there. So we have a social practice for doing that, but the tools don’t yet adequately reflect that.

Bills of Rights Reposted

· ·

The Many Bills of Rights

This was originally published 1 August 2011
The second recommendation of the World Economic Forum report Personal Data: The Emergence of a New Asset Class after innovation around User-Centricity and Trust is the definition of global principles for using and sharing personal data.
The The Startup Circle of PDEC is forming and defining its core principles now too.
This post is an aggregation of Bills of Rights and Principles developed about data, privacy and social networks.
September 2010

Visions and Principles for the Personal Data Ecosystem

by Kaliya Hamlin, Identity Woman
The future is at stake – without control over our own personal data, having a copy of all the digital bread crumbs we are leaving behind in the digital world, we leave ourselves to be tracked, and potentially manipulated by commercial interests without our knowledge.
This presents a vision for core aspects of the emerging interoperable, open standards based ecosystem of personal data services – rooted in the core functionality of a Personal Data Store – the vault/locker/services/broker where all an individuals data is collected and stored and managed.
Dignity of the Individual is Core Human dignity must lie at the core of the Personal Data Ecosystem. People must be able to shape how they represent themselves in digital contexts. People need the freedom to shape how they present themselves and how the data they generate in their lives is collected and used.
Systems Must Respect Relationships Relationships must be respected between people, between people and groups, and between groups and groups.  The Personal Data Ecosystem must respect that people and communities have different levels of publicness.  The relationships that people have with one another must be respected and the social context in which they are formed must be honored.
Remember the Greatness of Groups Personal Data and control over it give people a core human dignity.  It also must be remembered that human social life and human identity is shaped by our participation and membership in groups. It is the core organizing form of our society. Fundamental functionality must enable people to organize in groups, and it must be abstracted from any particular service or domain space.
The Social Web is not Networked Individualism People broadcasting what they do to their friends or followers does not make a social web; communities and groups do.
Protocols that Enable Broad Possibilities are Essential Protocols matter deeply: they shape what is possible by their definition of use cases that are possible or not in a given protocol landscape.   To have a truly social and dynamic web, there is a role for protocols that are designed specifically for that purpose, not just to create web pages or send emails.
Open Standards for Data and Metadata are Essential It is vital that the personal data store ecosystem be interoperable with open standards so people are free to choose which personal data services they wish to use.  Just like people are free to pick which bank to hold their money and provide services to them in the financial realm.
Defaults Must Work for Most People Most of the Time All systems have defaults.  The paradox of choice is that more options can overwhelm people and they end up not considering the choices they have. Real people need to have input into the creation and ongoing development of systemic defaults.
Norms and Practices in the Personal Data Ecosystem Must be Backed up by Law Emerging technologies need to have legal agreements and frameworks innovated to match their functionality.  The work on the legal framework for this ecosystem is as important as the protocols and code that make it go.
Business Opportunities Abound in this New Personal Data Ecosystem The paradigm of user collection, control and management of the personal data they are creating implicitly and explicitly around the web is a huge opportunity for services and ways of doing business. Creativity is needed to think through these new possibilities.
Diversity is Key to the Success of the Personal Data Ecosystem Large companies and nimble startups are all needed for the success of this emerging ecosystem.
 
 
September 2010

PDX Principles

by Phil Windley, CTO Kynetx, Technometria Blog
Here’s a list of a few things that I think distinguish a PDX from just places where your personal data is stored:

  • user-controlled – the user needs to be in control of the data, who has access, and how it is used. Once that data is in my PDX, I make decisions about it. That doesn’t mean the data might not also be somewhere else. For example, data about my purchases from Amazon will certainly be stored at Amazon and not under my control. But I might also be emailing the receipts to a service that parses them and puts the data in my PDX for my use.
  • federated – there isn’t one place where your data is stored, but multiple places that the data needs to be able to flow between, in a permissioned way. There’s no center, just a lot of cooperating system with my PDX orchestrating the interactions. While Amazon might not give my PDX access to and control over my transactions, my phone company might provide a PDX-capable contact service where I choose to store my contact information.
  • interoperable – various PDX services and brokers have to be able to operate together according to standards to perform their roles. When I take money out of my account at Wells Fargo and deposit it at Chase, I don’t lose part of the value because Chase doesn’t know how to handle some part of the transaction. The monetary system is interoperable with standards and, sometimes, shims that connect it all together.
  • semantic – a PDX knows more about the data that it holds than existing data stores do. Consider Dropbox. I can put all kinds of things in my Dropbox, but it’s syntactic, not semantic. By that I mean that if I want to put healthcare data in Dropbox and control who uses it, I create a folder and put the data in it with specific permissions. The fact that there is a folder with a certain name located at a particular place in the folder hierarchy is purely syntactic. In a semantic world, the data itself is tagged as healthcare data and no matter where it is, it’s protected according to the policies I’ve put in place.
  • portability – a PDX doesn’t trap data in proprietary formats. If my phone company is storing my contact data in the cloud and I decide that I want to move it to my own server or another service, I can—from a technical as well as a policy standpoint. Note that this doesn’t mean we have to wait until thousands upon thousands of data format specification get hammered out. Semantic metadata can provide a means of translating from one format to another.
  • metadata management – one of the primary roles of the PDX is managing data about my data. What are the roles I’ve created? What permissions have I granted as exceptions to the defaults? What semantics surround the various data fields? What data sharing, encoding, and encrypting policies have I created? All of this has to be kept and managed in my behalf in the PDX.
  • broker services – the PDX is a place where the user manages a federated network of data stores. As an example of why this is important, consider the shortcomings of OAuth. If I use an application that needs access to four OAuth mediated APIs, I have to go through the OAuth ceremnoy with each API provider separately. Now consider that I might have dozens of apps that use a popular API. I have to go through the OAuth ceremony for each of them separately. In short a broker saves us from the N x M explosion of permissioning ceremonies. Similarly for various data services.
  • discoverable – a PDX should provide discoverability for its APIs and schemas so that any application I’m interested in knows how to interact with it. Discoverability protects users from having to completely specify addresses, mappings, and schemas to every application that comes along.
  • automatable and scriptable – a PDX without automation is worse than no PDX at all because it burdens the user rather than saving effort. A PDX will be a player in a larger ecosystem of services. I don’t see is as a mere API that allows services and applications to GET and PUT data—it’s not WEBDAV on steoids. The PDX is an active participant in the greater ecosystem of services that are cooperating on the user’s behalf.

June 18, 2010

Social Network Users’ Bill of Rights

Computers Freedom and Privacy Conference
For more background on the social network users’ bill of rights, also known as #BillOfRights, please see It’s time for a Social Network Users’ Bill of Rights,
We the users expect social network sites to provide us the following rights in their Terms of Service, Privacy Policies, and implementations of their system:

  • Honesty: Honor your privacy policy and terms of service
  • Clarity: Make sure that policies, terms of service, and settings are easy to find and understand
  • Freedom of speech: Do not delete or modify my data without a clear policy and justification
  • Empowerment : Support assistive technologies and universal accessibility
  • Self-protection: Support privacy-enhancing technologies
  • Data minimization: Minimize the information I am required to provide and share with others
  • Control: Let me control my data, and don’t facilitate sharing it unless I agree first
  • Predictability: Obtain my prior consent before significantly changing who can see my data.
  • Data portability: Make it easy for me to obtain a copy of my data
  • Protection: Treat my data as securely as your own confidential data unless I choose to share it, and notify me if it is compromised
  • Right to know: Show me how you are using my data and allow me to see who and what has access to it.
  • Right to self-define: Let me create more than one identity and use pseudonyms. Do not link them without my permission.
  • Right to appeal: Allow me to appeal punitive actions
  • Right to withdraw: Allow me to delete my account, and remove my data

 
May 19, 2010

A Bill of Privacy Rights for Social Network Users

Commentary by Kurt Opsahl, EFF
Social network service providers today are in a unique position. They are intermediaries and hosts to our communications, conversations and connections with loved ones, family, friends and colleagues. They have access to extremely sensitive information, including data gathered over time and from many different individuals.
Here at EFF, we’ve been thinking a lot recently about what specific rights a responsible social network service should provide to its users. Social network services must ensure that users have ongoing privacy and control over personal information stored with the service. Users are not just a commodity, and their rights must be respected. Innovation in social network services is important, but it must remain consistent with, rather than undermine, user privacy and control. Based on what we see today, therefore, we suggest three basic privacy-protective principles that social network users should demand:
#1: The Right to Informed Decision-Making
Users should have the right to a clear user interface that allows them to make informed choices about who sees their data and how it is used.
Users should be able to see readily who is entitled to access any particular piece of information about them, including other people, government officials, websites, applications, advertisers and advertising networks and services.
Whenever possible, a social network service should give users notice when the government or a private party uses legal or administrative processes to seek information about them, so that users have a meaningful opportunity to respond.
#2: The Right to Control
Social network services must ensure that users retain control over the use and disclosure of their data. A social network service should take only a limited license to use data for the purpose for which it was originally given to the provider. When the service wants to make a secondary use of the data, it must obtain explicit opt-in permission from the user. The right to control includes users’ right to decide whether their friends may authorize the service to disclose their personal information to third-party websites and applications.
Social network services must ask their users’ permission before making any change that could share new data about users, share users’ data with new categories of people, or use that data in a new way. Changes like this should be “opt-in” by default, not “opt-out,” meaning that users’ data is not shared unless a user makes an informed decision to share it. If a social network service is adding some functionality that its users really want, then it should not have to resort to unclear or misleading interfaces to get people to use it.
#3: The Right to Leave
Users giveth, and users should have the right to taketh away.
One of the most basic ways that users can protect their privacy is by leaving a social network service that does not sufficiently protect it. Therefore, a user should have the right to delete data or her entire account from a social network service. And we mean really delete. It is not enough for a service to disable access to data while continuing to store or use it. It should be permanently eliminated from the service’s servers.
Furthermore, if users decide to leave a social network service, they should be able to easily, efficiently and freely take their uploaded information away from that service and move it to a different one in a usable format. This concept, known as “data portability” or “data liberation,” is fundamental to promote competition and ensure that users truly maintain control over their information, even if they sever their relationship with a particular service.
 
June 22, 2009

A Declaration of Health Data Rights

endorsed by many organizations and companies
In an era when technology allows personal health information to be more easily stored, updated, accessed and exchanged, the following rights should be self-evident and inalienable. We the people:

  1. Have the right to our own health data
  2. Have the right to know the source of each health data element
  3. Have the right to take possession of a complete copy of our individual health data, without delay, at minimal or no cost; if data exist in computable form, they must be made available in that form
  4. Have the right to share our health data with others as we see fit

These principles express basic human rights as well as essential elements of health care that is participatory, appropriate and in the interests of each patient. No law or policy should abridge these rights.
 
2009

The New Deal on Data

Mobility in a Networked World The Global Information Technology Report 2008-2009,  World Economic Forum
The first step toward open information markets is to give people ownership of their data.  The simplest approach to defining what it means to “own your own data” is to go back to Old English Common Law for the three basic tenets of ownership, which are the rights of possession, use, and disposal:
1. You have a right to possess your data. Companies should adopt the role of a Swiss bank account for your data.  You open an account (anonymously, if possible), and you can remove your data whenever you’d like.
2. You, the data owner, must have full control over the use of your data. If you’re not happy with the way a company uses your data, you can remove it. All of it. Everything must be opt-in, and not only clearly explained in plain language, but with regular reminders that you have the option to opt out.
3. You have a right to dispose or distribute your data. If you want to destroy it or remove it and redeploy it elsewhere, it is your call. Ownership seems to be the minimal guideline for the “new deal on data.”  There needs to be one more principle, however—which is to adopt policies that encourage the combination of massive amounts of anonymous data to promote the Common Good.  Aggregate and anonymous location data can dramatically improve society. Patterns of how people move around can be used for early identification of infectious disease outbreaks, protection of the environment, and public safety. It can also help us measure the effectiveness of various government programs, and improve the transparency and accountability of government and nonprofit organizations.
 
March 2008

The Properties of Identity

At a Crossroads: Personhood and Digital Identity in the Information Society
articulated by Bob Blakley, Jeff Broberg, Anthony Nadalin, Dale Olds, Mary Ruddy, Mary Rundle, and Paul Trevithick.
Identity behaves according to a number of observable properties, as follows:
Identity is social. Humans are naturally social. To engage in social interactions (including commerce) people need something that persists and that can be used as a basis for recognition of others – an “identity”.
Identity is subjective. Different people have different experiences with the same individual and therefore attribute different characteristics to that individual; that is, they will construct different identities for him.
Identity is valuable. By building a history of a person’s past actions, exchange of identity information creates social capital and enables transactions that wouldn’t be possible without identity.  In other words, identity lends predictability to afford a comfortable level of confidence for people making decisions.
Identity is referential. An identity is not a person; it is only a reference to a person. Even if a person develops spin-off personas so that other people know him through those various digital identities, and even if others create profiles of a person, ultimately the collection of characteristics that signal who a person is need to point back to that person.
Identity is composite. Some information about a person arises from the person himself; he volunteers it. But other information about him is developed by others without his involvement.
Identity is consequential. Because identity tells of a person’s past actions, the decision to exchange identity information carries consequences: Disclosure of identity information in a certain context can cause harm; failure to disclose identity information in another context can create risk.
Identity is dynamic. Identity information is always changing; any particular identity dossier might be inaccurate at any given moment.
Identity is contextual. People have different identities that they may wish to keep entirely separate. Information can be harmful in the wrong context, or it can simply be irrelevant. Keeping identities separate allows a person to have more autonomy.
Identity is equivocal. The process of identification is inherently error-prone.
 
September 5, 2007

A Bill of rights for Users of the Social Web

By Joseph Smarr, Marc Canter, Robert Scoble, and Michael Arrington, Open Social Web
We publicly assert that all users of the social web are entitled to certain fundamental rights, specifically:
Ownership of their own personal information, including:

  • their own profile data
  • the list of people they are connected to
  • the activity stream of content they create;

Control of whether and how such personal information is shared with others; and
Freedom to grant persistent access to their personal information to trusted external sites.
Sites supporting these rights shall:

  • Allow their users to syndicate their own profile data, their friends list, and the data that’s shared with them via the service, using a persistent URL or API token and open data formats;
  • Allow their users to syndicate their own stream of activity outside the site;
  • Allow their users to link from their profile pages to external identifiers in a public way; and
  • Allow their users to discover who else they know is also on their site, using the same external identifiers made available for lookup within the service.

 
April 25, 2007

The Data Bill of Rights

By John Battelle, The Search Blog
So, I submit for your review, editing and clarification, a new draft of what rights we, as consumers, might demand from companies making hay off the data we create as we trip across the web:

  • Data Transparency. We can identify and review the data that companies have about us. A sticky issue is whether we can also identify and review data that is made about us based on other data the company might have. (IE, based on your behavior, we at Amazon know you might also like….)
  • Data Portability. We can take copies of that data out of the company’s coffers and offer it to others or just keep copies for ourselves.
  • Data Editing. We can request deletions, editing, clarifications of our data for accuracy and privacy.
  • Data Anonymity. We can request that our data not be used, cognizant of the fact that that may mean services are unavailable to us.
  • Data Use. We have rights to know how our data is being used inside a company.
  • Data Value. The right to sell our data to the highest bidder.
  • Data Permissions. The right to set permissions as to who might use/benefit from/have access to our data.

Read more: http://battellemedia.com/archives/2007/04/the_data_bill_of_rights#ixzz1KwXPBJkN
 
July 27, 2005

AttentionTrust.org: a Declaration of Gestural Independence

By Seth Goldstein
The choruses of attention, data, privacy and identity are all converging in one giant conceptual mashup, which stretches from Web 2.0 pundits to members of Congress grappling with identity theft regulation. Lost at times are the basic rights we are fighting for, which I understand to be:

  • You have the right to yourself.
  • You have the right to your gestures.
  • You have the right to your words.
  • You have the right to your interests.
  • You have the right to your attention.
  • You have the right to your intentions.

 
May 2005

Laws of Identity

1. User Control and Consent: Digital identity systems must only reveal information identifying a user with the user’s consent.
2. Limited Disclosure for Limited Use: The solution which discloses the least identifying information and best limits its use is the most stable, long-term solution.
3. The Law of Fewest Parties: Digital identity systems must limit disclosure of identifying information to parties having a necessary and justifiable place in a given identity relationship.
4. Directed Identity: A universal identity metasystem must support both “omnidirectional” identifiers for use by public entities and “unidirectional” identifiers for private entities, thus facilitating discovery while preventing unnecessary release of correlation handles.
5. Pluralism of Operators and Technologies: A universal identity metasystem must channel and enable the interworking of multiple identity technologies run by multiple identity providers.
6. Human Integration: A unifying identity metasystem must define the human user as a component integrated through protected and unambiguous human-machine communications.
7. Consistent Experience Across Contexts: A unifying identity metasystem must provide a simple consistent experience while enabling separation of contexts through multiple operators and technologies.
 
January 26th, 2000

A Declaration of the Rights of Avatars

by Rolf Kosters
When a time comes that new modes and venues exist for communities, and said modes are different enough from the existing ones that question arises as to the applicability of past custom and law; and when said venues have become a forum for interaction and society for the general public regardless of the intent of the creators of said venue; and at a time when said communities and spaces are rising in popularity and are now widely exploited for commercial gain; it behooves those involved in said communities and venues to affirm and declare the inalienable rights of the members of said communities. Therefore herein have been set forth those rights which are inalienable rights of the inhabitants of virtual spaces of all sorts, in their form henceforth referred to as avatars, in order that this declaration may continually remind those who hold power over virtual spaces and the avatars contained therein of their duties and responsibilities; in order that the forms of administration of a virtual space may be at any time compared to that of other virtual spaces; and in order that the grievances of players may hereafter be judged against the explicit rights set forth, to better govern the virtual space and improve the general welfare and happiness of all.
Therefore this document holds the following truths to be self-evident: That avatars are the manifestation of actual people in an online medium, and that their utterances, actions, thoughts, and emotions should be considered to be as valid as the utterances, actions, thoughts, and emotions of people in any other forum, venue, location, or space. That the well-established rights of man approved by the National Assembly of France on August 26th of 1789 do therefore apply to avatars in full measure saving only the aspects of said rights that do not pertain in a virtual space or which must be abrogated in order to ensure the continued existence of the space in question. That by the act of affirming membership in the community within the virtual space, the avatars form a social contract with the community, forming a populace which may and must self-affirm and self-impose rights and concomitant restrictions upon their behavior. That the nature of virtual spaces is such that there must, by physical law, always be a higher power or administrator who maintains the space and has complete power over all participants, but who is undeniably part of the community formed within the space and who must therefore take action in accord with that which benefits the space as well as the participants, and who therefore also has the rights of avatars and may have other rights as well. That the ease of moving between virtual spaces and the potential transience of the community do not limit or reduce the level of emotional and social involvement that avatars may have with the community, and that therefore the ease of moving between virtual spaces and the potential transience of the community do not in any way limit, curtail, or remove these rights from avatars on the alleged grounds that avatars can always simply leave.
Articles:

  1. Avatars are created free and equal in rights. Special powers or privileges shall be founded solely on the common good, and not based on whim, favoritism, nepotism, or the caprice of those who hold power. Those who act as ordinary avatars within the space shall all have only the rights of normal avatars.
  2. The aim of virtual communities is the common good of its citizenry, from which arise the rights of avatars. Foremost among these rights is the right to be treated as people and not as disembodied, meaningless, soulless puppets. Inherent in this right are therefore the natural and inalienable rights of man. These rights are liberty, property, security, and resistance to oppression.
  3. The principle of all sovereignty in a virtual space resides in the inalterable fact that somewhere there resides an individual who controls the hardware on which the virtual space is running, and the software with which it is created, and the database which makes up its existence. However, the body populace has the right to know and demand the enforcement of the standards by which this individual uses this power over the community, as authority must proceed from the community; a community that does not know the standards by which the administrators use their power is a community which permits its administrators to have no standards, and is therefore a community abetting in tyranny.
  4. Liberty consists of the freedom to do anything which injures no one else including the weal of the community as a whole and as an entity instantiated on hardware and by software; the exercise of the natural rights of avatars are therefore limited solely by the rights of other avatars sharing the same space and participating in the same community. These limits can only be determined by a clear code of conduct.
  5. The code of conduct can only prohibit those actions and utterances that are hurtful to society, inclusive of the harm that may be done to the fabric of the virtual space via hurt done to the hardware, software, or data; and likewise inclusive of the harm that may be done to the individual who maintains said hardware, software, or data, in that harm done to this individual may result in direct harm done to the community.
  6. The code of conduct is the expression of the general will of the community and the will of the individual who maintains the hardware and software that makes up the virtual space. Every member of the community has the right to contribute either directly or via representatives in the shaping of the code of conduct as the culture of the virtual space evolves, particularly as it evolves in directions that the administrator did not predict; the ultimate right of the administrator to shape and define the code of conduct shall not be abrogated, but it is clear that the administrator therefore has the duty and responsibility to work with the community to arrive at a code of conduct that is shaped by the input of the community. As a member of the community himself, the administrator would be damaging the community itself if he failed in this responsibility, for abrogation of this right of avatars could result in the loss of population and therefore damage to the common weal.
  7. No avatar shall be accused, muzzled, toaded, jailed, banned, or otherwise punished except in the cases and according to the forms prescribed by the code of conduct. Any one soliciting, transmitting, executing, or causing to be executed, any arbitrary order, shall be punished, even if said individual is one who has been granted special powers or privileges within the virtual space. But any avatar summoned or arrested in virtue of the code of conduct shall submit without delay, as resistance constitutes an offense.
  8. The code of conduct shall provide for such punishments only as are strictly and obviously necessary, and no one shall suffer punishment except it be legally inflicted according to the provisions of a code of conduct promulgated before the commission of the offense; save in the case where the offense endangered the continued existence of the virtual space by attacking the hardware or software that provide the physical existence of the space.
  9. As all avatars are held innocent until they shall have been declared guilty, if detainment, temporary banning, jailing, gluing, freezing, or toading shall be deemed indispensable, all harshness not essential to the securing of the prisoner’s person shall be severely repressed by the code of conduct.
  10. No one shall be disquieted on account of his opinions, provided their manifestation does not disturb the public order established by the code of conduct.
  11. The free communication of ideas and opinions is one of the most precious of the rights of man. Every avatar may, accordingly, speak, write, chat, post, and print with freedom, but shall be responsible for such abuses of this freedom as shall be defined by the code of conduct, most particularly the abuse of affecting the performance of the space or the performance of a given avatar’s representation of the space.
  12. The security of the rights of avatars requires the existence of avatars with special powers and privileges, who are empowered to enforce the provisions of the code of conduct. These powers and privileges are therefore granted for the good of all and not for the personal advantage of those to whom they shall be entrusted. These powers and privileges are also therefore not an entitlement, and can and should be removed in any instance where they are no longer used for the good of all, even if the offense is merely inactivity
  13. A common contribution may, at the discretion of the individual who maintains the hardware, the software, and the data that make up the virtual space, be required in order to maintain the existence of avatars who enforce the code of conduct and to maintain the hardware and the software and the continued existence of the virtual space. Avatars have the right to know the nature and amount of the contribution in advance, and said required contribution should be equitably distributed among all the citizens without regard to their social position; special rights and privileges shall never pertain to the avatar who contributes more except insofar as the special powers and privileges require greater resources from the hardware, software, or data store, and would not be possible save for the resources obtainable with the contribution; and as long as any and all avatars are able to make this contribution and therefore gain the powers and privileges if they so choose; nor shall any articles of this declaration be contingent upon a contribution being made.
  14. The community has the right to require of every administrator or individual with special powers and privileges granted for the purpose of administration, an account of his administration.
  15. A virtual community in which the observance of the code of conduct is not assured and universal, nor the separation of powers defined, has no constitution at all.
  16. Since property is an inviolable and sacred right, and the virtual equivalent is integrity and persistence of data, no one shall be deprived thereof except where public necessity, legally determined per the code of conduct, shall clearly demand it, and then only on condition that the avatar shall have been previously and equitably indemnified, saving only cases wherein the continued existence of the space is jeopardized by the existence or integrity of said data.
  17. The administrators of the virtual space shall not abridge the freedom of assembly, save to preserve the performance and continued viability of the virtual space.
  18. Avatars have the right to be secure in their persons, communications, designated private spaces, and effects, against unreasonable snooping, eavesdropping, searching and seizures, no activity pertaining thereto shall be undertaken by administrators save with probable cause supported by affirmation, particularly describing the goal of said investigations.
  19. The enumeration in this document of rights shall not be construed to deny or disparage others retained by avatars.

 
September 23, 1980

OECD privacy guidelines, part 2: Basic Principles of National Application

Collection Limitation Principle: There should be limits to the collection of personal data and any such data should be obtained by lawful and fair means and, where appropriate, with the knowledge or consent of the data subject.
Data Quality Principle: Personal data should be relevant to the purposes for which they are to be used, and, to the extent necessary for those purposes, should be accurate, complete and kept up-to-date.
Purpose Specification Principle: The purposes for which personal data are collected should be specified not later than at the time of data collection and the subsequent use limited to the fulfilment of those purposes or such others as are not incompatible with those purposes and as are specified on each occasion of change of purpose.
Use Limitation Principle: Personal data should not be disclosed, made available or otherwise used for purposes other than those specified in accordance with Paragraph 9 except:
a)    with the consent of the data subject; or
b)    by the authority of law.
Security Safeguards Principle: Personal data should be protected by reasonable security safeguards against such risks as loss or unauthorised access, destruction, use, modification or disclosure of data.
Openness Principle: There should be a general policy of openness about developments, practices and policies with respect to personal data. Means should be readily available of establishing the existence and nature of personal data, and the main purposes of their use, as well as the identity and usual residence of the data controller.
Individual Participation Principle: An individual should have the right:
a) to obtain from a data controller, or otherwise, confirmation of whether or not the data controller has data relating to him;
b) to have communicated to him, data relating to him
1. within a reasonable time;
2. at a charge, if any, that is not excessive;
3. in a reasonable manner; and
4. in a form that is readily intelligible to him;
c) to be given reasons if a request made under subparagraphs (a) and (b) is denied, and to be able to challenge such denial; and
d) to challenge data relating to him and, if the challenge is  successful to have the data erased, rectified, completed or amended.
Accountability Principle: A data controller should be accountable for complying with measures which give effect to the principles stated above.

Kaliya's the shit. Be there or be square.Enlighten yourself through her