Partial Identities Privacy and Credentials
Issue/Topic: Partial Identities Privacy and Credentials
Convener: Dave Raggett
Notes-taker(s): Dave Raggett
Tags for the session - technology discussed/ideas considered:
Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:
I presented some slides:
We started with a look at what online identity is used for, and the varying requirements these different uses bring. Privacy is at its heart about avoiding harm: discrimination, loss of face or just a loss of control.
Static credentials when brought online tend to facilitate linkability - the means to build up detailed pictures of people by combining separate pieces of information that on their own aren't particularly worrying.
Dynamic credentials and partial identities make it practical to adhere to the principle of "minimal disclosure". I presented two broad ways of realizing this, and am in the process of building an open source demonstrator as a Firefox extension. This aims to enable websites to be confident that you are say a child or are a current undergrad at such and such a University, but to do so without forcing you to disclose your full identity.
In discussion, we touched upon the triangular relationship between law, technology and social conventions. All are important to effective treatments of privacy.
The user interface is challenging for privacy. It is easy to imagine a view of (let's say) a driving license with some info redacted when you just want to reveal limited aspects about yourself, e.g your age but not your address. However when it comes to presenting information from multiple credentials, it gets much harder.
Users hate being pestered with confirmation boxes and there is plenty of work to show that users just click though these legally motivated irritations to get to the game with the fluffy white bunnies or whatever they are seeking to do. This is where trusted independent advisors have a big future as guardian angels that metaphorically sit on our shoulders and help us when we are otherwise distracted (fluffy bunnies) or just not sufficiently well informed about the trustworthiness of the sites we visit.
We also discussed the value of "sticky policies" that stay with personal information as it flows within and between businesses. These stick policies determine what the information can be used for, who it can be shared with and how long it can be retained. You can also consider this as the other side of the coin from P3P. P3P is couched in legal terms for the obligations websites make to end users. Sticky policies on the other hand are about how to operationalize those obligations and need to be in terms that IT systems can execute.
There are plenty of opportunities to give people back control of their privacy, and it is a two way street -- we willingly give away personal information in exchange for services -- but we need better ways to establish and maintain trust. Companies (and governments) need practical solutions for implementing all of this.
There was quite a bit of talk around OpenID at the workshop, but I reckon that old fashioned user names and passwords still have plenty of life in them. The Mozilla Weave/Firefox account manager is a new breed of tools that help users to manage their online identities and breaks free of the understandable tendency of most of us to re-use the same id for multiple sites. This is fueling the need for standards by which websites inform the browser how to manage user accounts and sessions.
Today websites are forced to demand much more personal info than they really need. We need to find ways to bring a balance back through means that respect business models *and* end user's rights and needs.