Showing papers in "Identity in The Information Society in 2008"
TL;DR: It is argued that some of the privacy concerns are overblown, and that much research and commentary on lifelogging has made the unrealistic assumption that the information gathered is for private use, whereas, in a more socially-networked online world, much of it will have public functions and will be voluntarily released into the public domain.
Abstract: The growth of information acquisition, storage and retrieval capacity has led to the development of the practice of lifelogging, the undiscriminating collection of information concerning one’s life and behaviour. There are potential problems in this practice, but equally it could be empowering for the individual, and provide a new locus for the construction of an online identity. In this paper we look at the technological possibilities and constraints for lifelogging tools, and set out some of the most important privacy, identity and empowerment-related issues. We argue that some of the privacy concerns are overblown, and that much research and commentary on lifelogging has made the unrealistic assumption that the information gathered is for private use, whereas, in a more socially-networked online world, much of it will have public functions and will be voluntarily released into the public domain.
TL;DR: Four fundamental technological approaches to help assure widespread and enduring online participation, confidence and trust in the information society are outlined.
Abstract: Informational self-determination refers to the right or ability of individuals to exercise personal control over the collection, use and disclosure of their personal data by others. The basis of modern privacy laws and practices around the world, informational privacy has become a challenging concept to protect and promote in a world of ubiquitous and unlimited data sharing and storage among organizations. The paper advocates a “user-centric” approach to managing personal data online. However, user-centricity can be problematic when the user—the data subject—is not directly involved in transactions involving the disclosure, collection, processing, and storage of their personal data. Identity data is increasingly being generated, used and stored entirely in the networked “Cloud”, where it is under control of third parties. The paper explores possible technology solutions to ensure that individuals will be able to exercise informational self-determination in an era of network grid computing, exponential data creation, ubiquitous surveillance and rampant online fraud. The paper describes typical “Web 2.0” use scenarios, suggests some technology building blocks to protect and promote informational privacy online, and concludes with a call to develop a privacy-respective information technology ecosystem for identity management. Specifically, the paper outlines four fundamental technological approaches to help assure widespread and enduring online participation, confidence and trust in the information society.
TL;DR: In this article, a roadmap of research currently undertaken in the field of identity and identity management is provided, showing how the area is developing and how disparate contributions relate to each other.
Abstract: As research into identity in the information society gets into its stride, with contributions from many scholarly disciplines such as technology, social sciences, the humanities and the law, a moment of intellectual stocktaking seems appropriate. This article seeks to provide a roadmap of research currently undertaken in the field of identity and identity management showing how the area is developing and how disparate contributions relate to each other. Five different perspectives are proposed through which work in the identity field can be seen: tensions, themes, application areas, research focus and disciplinary approaches and taken together they provide a comprehensive overview of the intellectual territory currently being tilled by academia on this subject. This attempt at a coherent overview is offered in the spirit of debate and discussion, and the authors invite criticism, development and improvement. Another purpose of this paper is to provide an introduction to the range and type of research that the new journal Identity in the Information Society will publish, giving researchers working in the field a clearer idea of the scope of multidisciplinary study that is envisaged.
TL;DR: The author will assess the threats and opportunities of autonomic profiling in terms of its impact on individual autonomy and refined discrimination and indicate the extent to which traditional data protection is effective as regards profiling.
Abstract: Both corporate and global governance seem to demand increasingly sophisticated means for identification. Supposedly justified by an appeal to security threats, fraud and abuse, citizens are screened, located, detected and their data stored, aggregated and analysed. At the same time potential customers are profiled to detect their habits and preferences in order to provide for targeted services. Both industry and the European Commission are investing huge sums of money into what they call Ambient Intelligence and the creation of an ‘Internet of Things’. Such intelligent networked environments will entirely depend on real time monitoring and real time profiling, resulting in real time adaptation of the environment. In this contribution the author will assess the threats and opportunities of such autonomic profiling in terms of its impact on individual autonomy and refined discrimination and indicate the extent to which traditional data protection is effective as regards profiling.
TL;DR: The design of a secure and privacy preserving e-petition system that is implemented as a proof-of-concept demonstrator, and ensures that duplicate signatures are detectable, while preserving the anonymity of petition signers is presented.
Abstract: We present the design of a secure and privacy preserving e-petition system that we have implemented as a proof-of-concept demonstrator. We use the Belgian e-ID card as source of authentication, and then proceed to issue an anonymous credential that is used to sign petitions. Our system ensures that duplicate signatures are detectable, while preserving the anonymity of petition signers. We analyze the privacy and security requirements of our application, present an overview of its architecture, and discuss the applicability of data protection legislation to our system.
TL;DR: In this article, the authors argue that the current debate about the nature of a "surveillance society" needs a new structural framework that allows the benefits of surveillance and the risks to individual privacy to be properly balanced.
Abstract: This paper uses the term “surveillance” in its widest sense to include data sharing and the revealing of identity information in the absence of consent of the individual concerned. It argues that the current debate about the nature of a “surveillance society” needs a new structural framework that allows the benefits of surveillance and the risks to individual privacy to be properly balanced. To this end, the first part of this article sets out the reasons why reliance on the current framework of data protection or human rights legislation, or on the current regulatory regime does not necessarily protect privacy. The second part sets out nine principles that can be used to assess whether individual privacy is comprehensively considered when surveillance policy is developed. These principles are applied to surveillance in the UK to identify the structural improvements that could create an effective balance. These principles are not legislative proposals but provide a means of exploring possible deficiencies in information law governance and, in particular, Parliament’s role in scrutinising the executive and the powers needed by a regulator when engaging with the Parliamentary process. As most European countries adopt a democratic, human rights framework, it is suggested that these principles are not limited in an application in the UK environment. The views expressed in this article are the author’s own.
TL;DR: In this article, the ambiguities and confusions that arise when studies of the "surveillance state" are contrasted with studies of "service state" were discussed, and a new understanding and methodology was brought forward so as to create a reconciliation of these two points of departure for research.
Abstract: This paper is concerned with the ambiguities and confusions that arise when studies of the ‘surveillance state’ are contrasted with studies of the ‘service state’. Surveillance studies take a largely negative view of the information capture and handling of personal data by Government agencies. Studies that examine Government service providing take a largely positive view of such data capture as Government is seen to be attempting to enhance service provision to individual citizens. This paper examines these opposing perspectives through a series of case studies and concludes that a new understanding and methodology should be brought forward so as to create a reconciliation of these two points of departure for research. The call is for an holistic appreciation of data capture activities by Government so that researchers and public policy makers alike can appreciate and reconcile these competing perspectives.
TL;DR: This paper investigates whether it is possible to improve social acceptance of citizen identification systems in cases where they are incompatible with the perceived value of privacy, but without significantly changing their original architecture.
Abstract: Citizen identification systems (known also as ‘ID card systems’, or ‘national identity management systems’, even though those definitions are not identical) are receiving a mixed acceptance, with their privacy, security and usability being criticised, specifically in the UK. This paper investigates whether it is possible to improve social acceptance of such systems in cases where they are incompatible with the perceived value of privacy, but without significantly changing their original architecture. The paper analyses requirements using four different scenarios that address long-term privacy issues. Relatively small alterations to such systems are suggested that may significantly improve their adoption.
TL;DR: A high-level vision of what a forward-looking national identity management and identity “card” scheme should look like is set out, and it is suggested that a utility implementation of identity infrastructure can deliver the on this vision in a practical way.
Abstract: The issue of identity cards is hotly debated in many countries, but it often seems to be an oddly backward-looking debate that presumes outdated “Orwellian” architectures. In the modern world, surely we should be debating the requirements for national identity management schemes, in which identity cards may or may not be a useful implementation, before we move on to architecture. If so, then, what should a U.K. national identity management scheme for the 21st century look like? Can we assemble a set of requirements understandable to politicians, professionals and the public? We’ve certainly had some difficulty to date. One reason might be that we lack a compelling, narrative vision. As a result, we’re constructing a legacy system that will subvert the rational goals of worthwhile scheme. We’re not aiming high enough. The technology, I will argue, can deliver far more than the politicians, professionals and public imagine: In particular, it can deliver the apparently paradoxical result of more security and more privacy by exploiting smart cards, biometrics and cryptography. In this paper, I will set out a high-level vision of what a forward-looking national identity management and identity “card” scheme should look like: Dr. Who’s psychic paper. Not only is this a simple, clear vision that is familiar to the expert and layperson alike, but it’s a very useful artistic representation of the capabilities of the technology. I will further suggest that a utility implementation of identity infrastructure can deliver the on this vision in a practical way, and that all of the technology needed to create an ID scheme for the future already exists.
TL;DR: Whether there is the need for a new regulatory framework that both preserves users’ identity and enables the provision of advanced services and a novel model of eID regulation that may help regulators create an identity-preserving, transaction-friendly eID environment is examined.
Abstract: There is increasing interest in the EU about the central place of eIdentity (eID) in people’s lives. eID is increasingly seen as a bridge between the commercial viability of models based on large-scale provision of e-services and users’ need for privacy and security in online transactions. This paper examines technological, social and legal developments in the field of eID and asks whether there is the need for a new regulatory framework that both preserves users’ identity and enables the provision of advanced services. Firstly, the paper interprets recent market moves in the eID field as a response to a rising regulatory tide. Secondly, it examines some of the challenges arising from Web2.0, and four emerging socio-legal issues associated with eID—behavioural profiling, social engineering, redlining and other unsocial practices. Thirdly, the paper examines the capacity of the current regulatory framework to absorb this turbulence, and finds it wanting. Finally, it advances a novel model of eID regulation that may help regulators create an identity-preserving, transaction-friendly eID environment.
TL;DR: The notion of biopiracy was introduced in this article, where the authors claim that an "enclosure of the commons" is underway, which reaches far beyond intellectual property, to a point where, through profiling, identity has itself become enclosed property that can be owned by another.
Abstract: This article claims that an ‘enclosure of the commons’ is underway, which reaches far beyond intellectual property, to a point where, through profiling, ‘identity’ has itself become enclosed property that can be owned by another. With a detour through the natures of both money and innovation, this paper looks at the imperative driving ‘intellectual property rights.’ By introducing the notion of biopiracy, it shows how ‘invasion of privacy’ is justified, and ends with “a world of rapacious, state-aided ‘privatization’” of enclosed identity: the ultimate identity theft.
TL;DR: In this paper, the authors present a list of the systems currently in use or being planned, and outlines the potential risks that they pose to children's safety and development, as well as their personal development and future lives.
Abstract: Since 2001 there has been a proliferation of commercially-available devices that observe children, track their movements and gather data about the routine choices that they make. At the same time, a growing number of databases in education, social care, health and youth justice store detailed information about children and facilitate its sharing between agencies. Some of this data is derived from in-depth personal assessment tools that are believed to ‘predict’ poor life outcomes such as criminality or social exclusion. These developments are often presented as a means of keeping children safe or of intervening to deal with problems promptly, but they leave children with little privacy and create a new set of ethical and practical difficulties. There are dangers that overloading an already stretched social care service with low-level concerns will damage effective child protection work, while any insecurity in the systems potentially puts all children at increased risk of harm. Issues around consent to data-sharing have not been adequately addressed, but the reduction in confidentiality brought about by routine inter-agency information-sharing may deter children and their families from accessing services at all. We risk habituating children to a very high level of surveillance, and yet the possible effect of such widespread data-gathering on their personal development and future lives has not been considered. This paper lists some of the systems now in use or being planned, and outlines the potential risks that they pose to children’s safety and development.