The complaint was that I called my fellow IDESG colleagues Nazi’s. He was unsatisfied with my original statement about the tweet on our public management council mailing list. Some how this led to the Ombudsman taking on the issue and after I spoke with him in Tampa it was followed by a drawn out 5 week “investigation” by the Ombudsman before he issued a recommendation.
Then turns out after all was said and done there was never actually a formal complaint. There was the ombudsman taking action on his own. (its funny how organizations can use Ombudsman to not actually protect people with in institutions but use them as institutional forces to push people out who speak up and ask too many questions)
During the time I was being investigated I experienced intensive trolling about the matter on twitter itself. The trolling was done by someone obviously familiar with the situation who was upset. There were only 5 people familiar with them matter as it was ongoing through this investigation.During my own IIW conference the troll topped off the week by making implicit rape threats. This was very very disruptive and upsetting to me so much so I don’t even remember that IIW.
Here is the tweet that I authored while pondering theories of organizational dynamics in Tampa and without any intent to cause an association in the mind of a reader with IDESG, NSTIC, nor any person or persons in particular note that I did not reference anyone with a @____ or add any signifying hashtags e.g., #idesg or #nstic in this tweeted comment. So unless you were reading everything you would never know I said it.
I own that the tweet was provocative but it was It was not my intent to cause harm to anybody or to the IDESG organization and wider identity community.
We can’t put documents up for community and public input and say “its 40 page document nobody has time to read” and laugh as if it is funny that the process is so bad that there is no ability for the body of the organization let alone the public to have insight. That is how not good things begin to happen no one is looking. I was trying to make a point that the meeting was being badly badly run and that poor process can lead to really bad outcomes.
I am very sorry if the tweet had an emotionally negative impact on people on the management council. I fully acknowledge that referencing anything relative to the Nazi era is triggering. It touches on our collective shame and surfaces vulnerability it is very hard to look at.
I also believe that we have to actually be prepared to do so. If we don’t examine the past we can’t be sure we will not repeat it. [Please click to see my my next post for this to be further expounded upon]
I didn’t choose to say anything along these lines because I was in the middle of a process with the Ombudsman I thought that would be honored and let to run its course.
I also didn’t feel one should feed internet trolls – one was being very aggressive and pestering me for an apology.
I think that we all need to keep in mind our roles as Directors of the IDESG when we interact with the public and with each other.
This includes hiding behind pseudonyms and aggressively trolling to get back at someone you are upset with. Which also happened – either deal with the issue in a formal process or take them out on twitter but do’t do both.
The whole process left my and my attorney puzzled. My attorney wrote a letter to the Management Council/Board of Directors with a whole bunch of questions and now that this is posted we look forward to their answers to those questions.
No one from he IDESG including the ombudsman ever responded or was concerned by the aggressive trolling and implicit rape threats on twitter by someone intimately familiar with the ongoing ombudsman process.
Abusive behavior towards women isn’t just a physical thing it is a psychological as well. I have felt unsafe in the Identity community since this incident. I am now setting it aside though and stepping forth in my full power.
IDESG
Resources for HopeX Talk.
I accepted an invitation from Aestetix to present with him at HopeX (10).
It was a follow-on talk to his Hope 9 presentation that was on #nymwars.
He is on the volunteer staff of the HopeX conference and was on the press team that helped handle all the press that came for the Ellsberg – Snowden conversation that happened mid-day Saturday. It was amazing and it went over an hour – so our talk that was already at 11pm (yes) was scheduled to start at midnight.
Here are the slides for it – I modified them enough that they make sense if you just read them. My hope is that we explain NSTIC, how it works and the opportunity to get involved to actively shape the protocols and policies maintained.
[Read more…] about Resources for HopeX Talk.
NSTIC WhipLash – Making Meaning – is a community thing.
Over a week-ago I tweeted that I had experienced NSTIC whiplash yet again and wasn’t sure how to deal with it. I have been known to speak my mind and get some folks really upset for doing so – Given that I know the social media savy NSTIC NPO reads all tweets related to their program they know I said this. They also didn’t reach out to ask what I might be experiencing whiplash about.
First of all since I am big on getting some shared understanding up front – what do I mean by “whiplash” it is that feeling like your going along … you think you know the lay of the land the car is moving along and all of a sudden out of nowhere – a new thing “appears” on the path and you have to slam on the breaks and go huh! what was that? and in the process your head whips forward and back giving you “whip-lash” from the sudden stop/double-take.
I was toddling through and found this post. What does it Mean to Embrace the NSTIC Guiding Principles?
I’m like ok – what does it mean? and who decided? how?
I read through it and it turns out that in September the NPO just decided it would decide/define the meaning and then write it all out and then suggest in this odd way it so often does that “the committees” just go with their ideas.
“We believe that the respective committees should review these derived requirements for appropriate coverage of the identity ecosystem. We look forward to continued progress toward the Identity Ecosystem Framework and its associated trustmark scheme.”
Why does the NPO continue to “do the work” that the multi-stakeholder institution they set up was created to do that is to actually figure out the “meaning” of the document.
[Read more…] about NSTIC WhipLash – Making Meaning – is a community thing.
I'm not your NSTIC "delegate" any more … pls get involved.
I have heard over the past few years from friends and associates in the user-centric ID / Personal Cloud/ VRM Communities or those people who care about the future of people’s identities online say to me literally – “Well its good you are paying attention to NSTIC so I don’t have to.”
I’m writing to say the time for that choice is over. There is about 1 more year left in the process until the “outputs” become government policy under the recently released White House Cyber Security Framework (See below for the specifics).
[Read more…] about I'm not your NSTIC "delegate" any more … pls get involved.
What is a Functional Model?
I have been working in the identity industry for over 10 years. It was not until the IDESG – NSTIC plenary that some folks said they were working on a functional model that I heard the term. I as per is normal for me pipped up and asked “what is a functional model”, people looked at me, looked back at the room and just kept going, ignoring my question. I have continued to ask it and on one has answered it.
I will state it out loud here again –
What is a Functional Model?
How to Participate in NSTIC, IDESG – A step by step guide.
The Identity Ecosystem Steering Group is a multi-stakeholder organization (See this post about how join.) Technically You can participate on lists even if you are not members but it is better that you go through the process of joining to be “officially” part of the organization.
If you join the IDESG it is good to actively participate in at least one active committee because that is where organization work is done by committees – any person or organization from any stakeholder category can participate.
The committees have mailing lists – that you subscribe to (below click through where it says Join Mailing list and put in the e-mail address you want to use, share your name and also a password).
On the list the group chats together on the list and talk about the different work items they are focused on. They have conference calls as well to talk together (these range from once a week to once a month). You can also contact the chair of the committee and “officially” join but that is not required.
If you are reading this and getting involved for the first time – read through this list and pick one of the committees that sound interesting to you. They are friendly folks and should be able to help you get up to speed – ask questions and ask for help. This whole process is meant to be open and inclusive.
[Read more…] about How to Participate in NSTIC, IDESG – A step by step guide.
How to Join NSTIC, IDESG – A step by step guide.
The National Strategy for Trusted Identities in Cyberspace calls for the development of a private sector lead effort to articulate an identity ecosystem.
To be successful it needs participation from a range of groups.
An organization was formed to support this – the Identity Ecosystem Steering Group in alignment with the Obama administration’s open government efforts.
The “joining” process is not EASY but I guess that is part of its charm. It is totally “open and free” but challenging to actually do.
PART 1 – Getting an Account on the Website!
Step 1: Go to the website: http://www.idecosystem.org
[Read more…] about How to Join NSTIC, IDESG – A step by step guide.
Value Network Mapping an Ecosystem Tool
My response, two years ago to the NSTIC (National Strategy for Trusted Identities in Cyberspace) Program Office issued Notice of Inquiry about how to govern an Identity Ecosystem included a couple of models that could be used to help a community of companies & organizations in an ecosystem co-create a shared picture. A shared co-created picture is an important community asset to develop early on because it becomes the basis for a real conversation about critical issues that need to be addressed to have a successful governance emerge.
The Privacy Committee within NSTIC has a Proactive Privacy Sub-Committee and before I went on my trip around the world (literally) a month ago. I was on one of the calls and described Value Network Mapping and was invited to share more about the model/method and how it might be used.
Value Network Maps are a tool that can help us because both the creation of the map and its subsequent use by the companies, organizations, people and governments that are participating strengthens the network. This is important because we are dealing with a complex problem with a complex range of players. In the map below we are in the top left quadrant – we NEED strong networks to solve the problems we are tasked with solving. If we don’t have them we will end up with Chaos OR we will have a hierarchical solution imposed to drive things towards the complicated and simple but …given the inherent nature of the problem we will NOT fully solve the problem and fall off the “cliff” on the edge between simplicity and into chaos.
(In this diagram based on the cynefin framework developed by David Snowden architect of children’s birthday parties using complexity theory and the success of Apolo 13 )
So – what is a Value Network Map?
It models technical & business networks by figuring the roles in any given system and then understanding the value that flow between different roles. Value flows include payment for the delivery of goods or services (these are tangible deliverables) but also intangible deliverables such as increased level of confidence because information was shared between parties (but was not contractually obligated and no payment was made).
Drawing from Verna’s book/site that lays out how to do it. There are four steps to a value network map.
1. Define the scope and boundaries, context, and purpose.
2. Determine the roles and participants, and who needs to be involved in the mapping.
3. Identify the transactions and deliverables, defining both tangibles and intangibles.
4. Validate it is complete by sequencing the transactions.
I’ve worked on several value network mapping projects.
I worked with the Journalism that Matters to document he old and new journalism ecosystem.I have lead several community Value Network Mapping efforts.
This projects highlights how the method can be used to talk about a present/past state about how things happen “now”. How do people today or 20 years ago share verified attributes with business and government entities one does business with? If we understand the roles that exist in a paper based version/world How do those roles change in a future enable with technology and how do the value flows change and what new roles are created/needed?
A value networm map can be used to map the flow of rights and duties between different roles in an ecosystem can also be considered along with the flow of monetary and other value.
Two years ago I went with Verna Allee (the innovator of the method) to the Cloud Identity Summit to work on a map for my organization the Personal Data Ecosystem Consortium focused on the “present state” map to explain what currently happens when someone visits a website and clicks on an add to go buy something and then is asked to provide identity attributes.
We took this FCC submitted map that has the individual at the center and data flows to the businesses, government and organizations they do business with and is sold on to Data Brokers and then Data Users buy it to inform how they deal with the individual all without their awareness or consent.
We added in a wrinkle to this flow and asked what happens when an individual has to prove something (an attribute) about themselves to make a purchase.
Our hope was to do this and then work on a future state map with a Personal Cloud provider playing a key role to enable new value flow’s that empower the Individual with their data and enabling similar transactions.
This is best viewed in PDF so if you click on the link to the document it will download.
Creating this map was an interactive process involving involved two dozen industry professionals that we met with in small groups. It involved using large chart paper paper and post-it notes and lines on the map. We came into the process with some of the roles articulated, some new roles were added as we began mapping with the community.
An example to give you a sense of what it looks like when you do it in real life is this map that shows how trust frameworks & the government’s reduction of risk in the credit card system.
This was a small piece of the original map for the Personal Data Ecosystem (it did not end up getting included in the PDF version). The roles are the orange flowers and the green arrows are tangible value flows and the blue arrows are intangible value flows.
So how could the Proactive Privacy Sub-Committee use this method?
At an IIW11 one of the practitioners of value network mapping came to share the method and we broke up into smal groups to map different little parts of an identity ecosystem. We had a template like this picking four different roles and then beginning to map.
The exercise is written about here on Verna’s website.
Scott David was a community member there and really saw how it was a tool to understand what was happening in systems AND to have a conversation about the flow of rights and responsibilities flow.
The method is best done face to face in small groups. It helps if the groups are diverse representing a range of different perspectives. A starting point is a use-case a story that can be mapped – what are the roles in that story and then walking through the different transactions.
So how do we “do” it. Well a starting point is for those interested in helping lead it to identify themselves in the context of the pro-active privacy committee. We should work together to figure out how we lead the community using this process to figure out the privacy implications and see where the money flows for different proposed solutions.
We can try to do a session at the upcoming July or October plenary.
We could also organize to do some meetings at:
- conferences in the next few months were we can identify 5-10 interested IDESG members to participate in mapping an ecosystem chunk for an hour or two.
- in cities around the country where we identify 5-10 folks who want to spend an hour or two mapping an ecosystem chunk.
It would be great if we decide to do this that the Secretariat lead by Kay in her role as Executive Director of the IDESG can support us in organizing this (That is why we are paying htem 2.5 million buck s to help us do the work of organizing in a meaningful way.
I am friends with Verna Allee and can ask her for advice on this however I think the kind of help/advice we need to really use this method and do it WELL would behove us to actually use NSTIC IDESG moneys to hire Verna to engage with us in a serious way. When I wrote my NSTIC NOI I did so thinking that their would finally be monies available to pay people to do community conference building work like this. Perhaps it is not to late to do so.
NSTIC in six simple parts
One of the challenges with the whole NSTIC thing is that it has a bunch of different parts. I wrote up this description as part of our What could Kill NSTIC paper.
NSTIC National Program Office. The NSITIC NPO operates within the Department of Commerce’s National Institute of Standards. It is lead by Jeremy Grant. The office has several full time staff and they are responsible for the transition of NSTIC from a US government initiative to an independent, public- private organization. They’re smart, talented, and they care.
Identity Ecosystem Steering Group (IDESG). The NPO invited many people, NGOs, government bodies, and companies to participate in building an identity ecosystem in the Identity Ecosystem Steering Group. All the people and organizations who sign up to be a part of this are together called “The Plenary.” The NSTIC NPO wrote IDESG’s charter and its first bylaws.
IDESG Management Council. The IDESG management council is elected by the members of the plenary who self-selected into stakeholder categories. Each stakeholder category elects a delegate to the Management Council. The entire plenary also elects two at-large positions and two leadership positions. The management council can create sub-committees to get its work done. I’m chaired one that collected holistic ecosystem pictures, for example.
Committees within the IDESG Plenary. These committees do the actual work of making the identity ecosystem’s vision a reality. New committees can be proposed by any member. Committee membership is open to all plenary members. The work and activity of the committees is shared openly. A few of the active committees are working on standards, privacy, trust frameworks, accreditation, and nymrights.
The Secretariat. The NSTIC NPO awarded a $2.5 million dollar contract to provide support services to the Identity Ecosystem Steering Group. Trusted Federal Systems won the contract to act as the IESG’s “Secretariat.” They coordinate meetings, manage listservs, and the like.
NSTIC Pilot Projects. In early 2011, the National Program Office put forward $10 million in funding for five pilot projects that worked to solve some of NSTIC’s challenges. Grants were awarded in September 2012 and run for one year. The pilot projects were set up before the IDESG existed and the IDESG had no input into the selection of the the winning pilots. 187 different initial pilot projects applied for grants, 27 were selected to submit full proposals, and five were selected. Applications for a second round of pilots are coming in Q1 2013.