See me die for privacy: democracy *is* privacy

WRITTEN ON January 16th, 2005 BY William Heath AND STORED IN Uncategorized

Only kidding. It’s a mnemnonic. With three meetings on identity systems in the next ten days we need a way to remember Kim Cameron’s Laws of Identity so far (cries of “We hear you, Friend!”)

They are

1. The Law of Control:

Technical identity systems MUST only reveal information identifying a user with the user’s consent.

2. The Law of Minimal Disclosure

The solution which discloses the least identifying information is the most stable, long-term solution.

3. The Law of Fewest Parties

Technical identity systems MUST be designed so the disclosure of identifying information is limited to parties having a necessary and justifiable place in a given identity relationship.

4. The Law of Directed Identity

A universal identity system MUST support both “omnidirectional” identifiers for use by public entities and “unidirectional” identifiers for use by private entities, thus facilitating discovery while preventing unnecessary release of correlation handles.

5. The Law of Pluralism:

A universal identity system MUST channel and enable the interworking of multiple identity technologies run by multiple identity providers.

I make that CMDFPDIP, hence the headline. But we could do with a better one, and there will be more laws. Anyone any good at mnemnonics?

4 Responses to “See me die for privacy: democracy *is* privacy”

 
Richard wrote on January 16th, 2005 10:42 pm :

Try using the words:
..Consent
..Minimum
..Justifiable
..(Multi-) Directional
..Heterogeneous

Peter Reed wrote on January 16th, 2005 11:25 pm :

Statement of the blindingly obvious – but just in case it gets lost in all the hyperbole and paranoia about identity systems – these laws look like good criteria for an effective technology based system, but they also look like a good justification for upgrading existing “systems”.

Rob wrote on January 17th, 2005 5:03 am :

I know it’s probably too much to hope for, but if the government could be persuaded to adopt some kind of charter for information systems, they could institute a long-term and highly beneficial culture of robust, safe and above all accountable IT development.

Government IT systems increasingly shape our lives rather than vice versa. Whilst I personally find large government to be bad, it remains a reality for the forseeable future. Since we are stuck with this, we should recognise that IT projects shape much of how government interacts with the people (their “customers”, after all) and should pressure the government to adopt clear principles on how IT projects should be implemented, beyond the basic restrictions of the Data Protection Act.

W wrote on January 17th, 2005 4:49 pm :

I did draft one for Ideal Government in October. Search for “general wish list” in the search box.
It’s also summarised in the Ideal Government slide presentation – “ideal final for 2 Nov”

Leave a Reply