LSE launches identity best practice report in March

WRITTEN ON February 14th, 2005 BY William Heath AND STORED IN Identity

I’ve had a few emails from Simon Davies of the London School of Economics and Privacy International.

He’s got an LSE team working flat out on best-practice identity standards, to be launched in a few weeks. He was interested in Kim Cameron’s work, but doubts their wholesale applicability to the sort of legislated national identity scheme we’re facing here. Some of the “laws”, he argues, are already in the European and UK data protection principles.

If Kim’s laws are to be universal, he’ll need to take this sort of stuff on board, and either consider or reject it. If he accepts his laws are US-oriented, and addressed primarily at consumer acceptance in business relationships, then we’ll need to define something different as a user requirement for legislated identity standards in Europe.

My own suspicion is that the problem is the same the world over and that the right principles will be universal. Anyway, see what Simon says below –

Law 1 (control) doesn’t apply to the “logic” of a government-centred system designed to establish the primary objectives set out in the UK Bill. It doesn’t deal with compulsory acquisition of data, nor does it address the collection/acquisition purposes of counter terrorism and law enforcement.

Law 2 (Minimal Disclosure) is a restatement of data protection, similarly Law 3 (Fewest Parties).

Law 4 (Directed Identity) offends the principle of functional separation.

Law 5 (Pluralism) is worthwhile, pointing to an interoperable distributed trust model.

Law 6. obvious, I suppose, but a crucial principle nonetheless.

These are an articulation of the principles of informational self determination, functional separation, fair information practices, data protection and proportionality. Those ideas are decades old. Beware technological determinists who believe that history began with the Internet and that all rational thought ends at the US borders. This “debate” began in the late 1960′s and we should be careful not to let agreed principles slide further by putting them up for grabs.

For example, 13 years ago Justice Michael Kirby, Graham Greenleaf, Roger Clarke and I founded the “Australian Privacy Charter” After a couple of years of work some real improvements were made to the more ancient DP principles
(we added justification, transparency, accountability, observance, anonymous transactions, no disadvantage etc).

I will agree this new work is relevant in that it interprets some of these principles into phrases specific to identity. That in itself is valuable. But I think long-established principles form a sounder basis for what we’re trying to achieve here.

3 Responses to “LSE launches identity best practice report in March”

 
Simon Davies wrote on February 14th, 2005 5:58 am :

Just a word or two to expand William’s announcement of the LSE project on identity.

We set this project up specifically to address the implications of the UK government’s ID card legislation. Arising from that analysis will come a set of principles to help guide government and industry, and possibly an assessment of options for secure identity. We’re not ruling any option out at the moment as we are in the midst of a rolling schedule of stakeholder and expert workshops.

As I mentioned in my emails to William, Kim has made some important and valid suggestions. We’d be interested in taking these up through the research team. We do want to get this right – complex and far reaching though it may be.

Any thoughts and suggestions are most welcome. We are looking at completion of the report by early March.

Simon Davies

Kim Cameron wrote on February 16th, 2005 12:44 am :

I would like to ask for your collaboration in my work on the laws of identity.

Could you suggest some reading material so I can become more aware of the work from earlier decases to which you refer.

I hope you understand that I am discussing the construction of a technical system, and have come to the conclusions I put forward through an analysis of experiences in that domain. I am searching for a theoretical framework and would very much appreciate your help and guidance.

Best regards,

Kim

W wrote on February 16th, 2005 6:42 pm :

We’re cross-fertilising two strains here:

1. The characteristics of a technical digitigal identity system that will be acceptable to customers, and
2. The ways in which bureaucracies can effectively use identity to achieve democratically legitimised aims in an e-enabled world.

These things are different, and each has its own distinct hinterland. And it’s important for people thinking about each to explore the other’s background knowledge and assumptions.

But I suspect we’ll see more overlap in future than the UK Home Office yet realises.

My parochial concern is there is a risk already evident in the UK of government going down a path which leads to wholesale consumer rejection. Popular or market rejection of a government-imposed solution is likely to be messier and uglier than the quiet death of a commercial idea that never takes hold.

And I think with hindsight and the final draft of Kim’s laws we will all see rejection of the UK ‘s present plans to have been entirely foreseable.

So I’m really keen we do what we can to inform the development of Kim’s originally commercial technical principles with a constitutional perspective. I can’t do this off the top of my head, but I hope we know some people who can.

Leave a Reply