29 Oct 2009
Government and industry are being encouraged to take part in a new electronic identity scheme that could put control of online privacy back into the hands of individual web users.
International policy body the Global Trust Council (GTC) hopes to put a universal legal framework in place that will see online identity verified using “relationships”, sidestepping the need for database-held information, and upholding the individual’s right to privacy and to retain details of their identity.
How would it work?
Service providers looking to establish an online identity would ask the user for
access to organisations with which they have a relationship such as a bank or
government department.
Once the organisation had responded, a witness would oversee dealings between the user and service provider.
“The organisation would only need to give a yes or no answer,” said Andre Laperriere, director general of the GTC Secretariat. “For example, the state might say that the person either is or isn’t a British citizen.”
As soon as the individual is asked to verify more relationships, it becomes increasingly difficult for them to be faked.
Benefits of the scheme
Adoption of the scheme would bring two important benefits, according to GTC.
First, the individual will retain their identity, meaning that they do not have
to give personal information to the state.
“To get into some countries such as the US you must surrender vital information about yourself such as the map of your eye, or your fingerprints. The minute the US government has that fingerprint, it is not yours any longer,” said Laperriere.
Second, the scheme would halt the creation of mountains of personal information and help prevent personal data going awry – such as when insurance firm Zurich lost personal information relating to 50,000 UK customers that had been stored on a backup tape.
“A high-level legal framework of this sort is the missing piece and it would allow smoother business transactions and easier dealings with the state,” said Ant Allan, research vice president at analyst Gartner.
“There are already technical models in place such as Microsoft’s Geneva or Open ID - as used by Google - but they do not yet sit within a legal framework so there is no basis of trust that would enable online financial interactions.”
GTC wants government and commerce to be involved in the scheme, and several countries including Sweden and Switzerland will launch pilots next month, with two undisclosed UK-based financial companies also carrying out internal trials.
The council will also hold a place at the Commonwealth heads of state meeting on 27-29 November.
Laperriere said there were major financial benefits to the scheme. “The relationships-based system will see reductions in trading time, eliminate the need for databases held online, and mean that there were more potential business partners for commerce – thereby cutting costs and increasing opportunities for banks and other businesses,” he said.
The GTC is looking to bring 20 member states on board by this time next year. It also plans to have established more than 200 sector-based policy initiatives in the same time frame, including areas such as e-banking, e-voting and e-commerce.
But there is still work to be done, said Allen. “Commercial institutions will need to be convinced that there are commercial benefits; without a business incentive to take up this scheme, it will not get beyond the theoretical stages,” he said.
Philosophically, the Global Trust Council has outlined a vital series of core goals and principles. Putting the individual back at the center of the equation is critical, and the debate between the individual and the state is at the heart of the ongoing healthcare debate in the United States. My colleague at CLOUD, Inc, Paul Wilkinson, and I wrote on this topic in a recent law review article, "Set the Default Open." Written within American jurisprudence, it still has global implications and looks at both legal frameworks and technology. It can be found here: http://www.trolp.org/main_pgs/issues/v14n1/Thompson&Wilkinson.pdf
However, the GTC will not achieve its lofty goals if it is dependent on Microsoft's Geneva or OpenID. It is not that these frameworks are not good and solid work, but they are a solution to the wrong problem. Both of these approaches assume that the foundation of the Internet and the Web as they exist today are static. CLOUD, Inc. believes the Internet is broken. While HTML sparked an Internet boom, it made people look at the Internet as a way to connect Web pages, not people.
Securing user data scattered among large numbers of Web silos is complex and consumes huge amounts of every users? most valuable resource: time. The solution isn?t another identity standard or method for data portability. It?s a paradigm shift. CLOUD?s technology standard is that shift. It transcends mere identity to empower Internet users to control precisely how their information is used. Think of it as a privacy and authenticity standard that can work in more ways than HTML for the simple reason that it marks up facts about people, not text. The standard would permit anyone ? user or service provider ? to develop tools that are simultaneously more sophisticated and easier to use.
This new fabric is the vital piece in the puzzle to make noble goals, like the GTCs, possible. The evolution of identity rights, its history and its future is addressed well by Peter Vander Auwera of SWIFT here: http://petervan.wordpress.com/2010/03/14/identity-rights-system-3-0/.
With the right legal frameworks AND the right technology frameworks, the vision embraced by the GTC can truly put power back in the hands of individuals.
Posted by: @ANewCLOUD 23 Mar 2010
Have your say on this article
Newsletters
Latest stories from Privacy
Latest videos
You may also like
Privacy jobs
Technology Patent Wars
Staff are increasingly using their personal devices for work. Productivity may increase as a result, but the trend brings with it security risks
Case studies from large organisations across all sectors
... And rich media, and flexible working, and peaks in traffic ...
Upcoming Events
Join us for this Computing web seminar, in which the Head of BI at the Co-operative Group Nick Colebourn will be explaining just how he reigned in the Group’s sprawling database estate and how significant savings were realised and data quality improved as a result.
Date: 31 May 2012
Time: 11:00 AM
Live June 13th 11:00am: Register now. During this web seminar we will be looking at the sorts of incidents that can bring data centres grinding to a halt and what can be done about them.
Date: 13 Jun 2012
Time: 11:00 am
Receive the latest jobs direct to your inbox
Are you being paid what you are worth?
