thoughts and observations of a privacy, security and internet researcher, activist, and policy advisor

Thursday, October 26, 2006

Privacy and Identity Frenzy

This must have been a concerted PR campaign. Two weeks ago Microsoft published its "Privacy Guidelines for Developing Software Products and Services", last week the privacy commissioner of Ontario released a privacy-enhanced version of Microsoft's Kim Cameron's "7 Laws of Identity", a few days later the Burton Group gave a first hint on their upcoming "Laws of Relation", and now Microsoft has released a whitepaper called "Privacy characteristics of the Identity Metasystem".

While I like the new privacy twist to the identity discussion, I am also sceptical of all the hype. The summary of the White Paper for example states that "Information Card technology is hardwired to comply with data privacy laws and conforms to key requirements in the European Union’s privacy regime". While this may or may not be true, the construction of an identity layer is not necessarily a good thing in the grand scheme of things. InfoCards and other online ID systems will in the mid-term converge with government-driven digital identity systems like RFID passports, publicly-certified signatures, or the German "job card" and "health card" - two items that will be rolled out on a major scale among the population soon and also have built-in signature functions. If the technology is adopted widely enough, we have an identification layer that reaches from the internet to many meatspace areas.

While this can be helpful, we also might end up with effecively prohibiting anonymous internet use after the next big [your favourite terrorism event here]. Indications for this are rising, no matter if you look at the US, China or Germany. Remember: As with institutions - if you build technology that can structure the social fabric and govern people, try not only to imagine what good it can do. Try to also imagine what your worst enemy could use it for.


Post a Comment

<< Home