@FindThomas

Digital Identity, Trust and Privacy on the open Internet

Archive for the ‘NSTIC’ Category

Transparency of usage of personal data: the need for a HIPAA-like regime

without comments

Ray Campbell hits the ball out of the park again with his awesome suggestion in his blog: we need a HIPAA-like regime for the privacy of personal data.  As a mental exercise, Ray has gone through the HIPAA document and substituted “individually identifiable health information” to “individually identifiable personal information“. The red-lined doc can also be found on his site.

The at the heart of his proposal is the notion of shifting the thought paradigm from the person as the absolute owner of his/her personal data to one where the person is seeking the right to know about who has his/her personal data, how they obtained it, what are they doing with it and to whom have they sold the data (the 4 questions).

Following on from Ray’s post and from Professor Sandy Pentland’s view on the New Deal on Data, I believe there should be a new market in the digital economy where individuals can meet directly with buyers of their personal data, and where individuals can opt-in to make more data about themselves available to these buyers.  Cut out the middleman — the big data corporations that are not contributing to the efficiency of free markets.

 

Written by thomas

March 6th, 2013 at 9:02 pm

Vision and Principles of IDESG

without comments

People ask me all the time about the vision of the IDESG.  The following provides a very useful summary (from the original NPO document):

“Individuals and organizations utilize secure, efficient, easy-to-use, and interoperable identity solutions to access online services in a manner that promotes confidence, privacy, choice, and innovation.”

 

Identity Solutions will be:

  • Privacy-enhancing and voluntary
  • Secure and resilient
  • Interoperable
  • Cost-effective and easy to use

 

Written by thomas

February 5th, 2013 at 9:06 pm

Posted in NSTIC

NSTIC IDESG “layers”

without comments

Today at the 3rd Plenary of the IDESG, the Chair of the IDESG  (Bob Blakley) presented a high level vision slide of what the IDESG should be working on. Its a very good slide for the purposes of uniting the work of the IDESG.  Each industry area (or stakeholder group) would end-up with its own Trust Framework Provider that covers IdPs in that space, and users and RPs.

 

 

 

 

 

 

 

 

 

 

 

Written by thomas

February 5th, 2013 at 8:46 pm

Posted in NSTIC

On the survival NSTIC Privacy Standing Committee

without comments

Aaron Titus writes an interesting piece based on his analysis of the recent proposal from Trent Adams (PayPal) to modify the NSTIC governance rules. The abolition of the NSTIC Privacy Standing Committee may have unforeseen impact on the acceptance of the whole NSTIC Identity Ecosystem idea, notably from the privacy front.

During the last decade — starting from the Liberty vs Passport kerfufle — we have seen a number of proposals for components of an “identity infrastructure” for the Internet.  All in all, there has been little adoption (by consumers) of these technologies for high-value transactions due IMHO to the lack of privacy-preserving features.

So far I have yet to see a sustainable business model for identities which is focus on the “individual” (i.e. individual centric) and which preserves his/her personal data.  All the agreements and EULAs that we click “yes” to seem to be titled in favor of the provider.  If a provider “loses” my personal information (including credit-card information), there is really little incentive (positive or negative) to get them to recover my data.  The individual suffers all the losses. Little wonder there is no buy-in from the consumer :-)

 

 

 

Written by thomas

August 29th, 2012 at 3:45 pm

Posted in NSTIC,Privacy

NSTIC Identity Ecosystem Steering Group

without comments

Today NSTIC started its 2 day Ecosystem Steering Group meeting in Chicago.  Never thought that dialing-in all day would be so tiring. Glad that the group (of about 300 people, half in-person and half virtual) got over the initial confusion about voting for the candidates and dealing with proposed changes to the Charter and By Laws.

Written by thomas

August 15th, 2012 at 9:18 pm

Posted in NSTIC