Identity Cards (and privacy and trust)

Identity Cards (and privacy and trust)

by Richard Olsen -
Number of replies: 2
Following on from the Hunch thread and other discussions around privacy and trust, the work of Kim Cameron ( and his Identity Cards ( seeks to overcome some of these issues.

Do you think Kim's Laws of Identity are what is needed or is there more to it?
In reply to Richard Olsen

Re: Identity Cards (and privacy and trust)

by Sarah Haavind -
Hi Richard,
Thank you for pointing the group to this set of guidelines or laws. They seem sensible, but who could possibly regulate them if they were actually posed as Internet "Laws" and if they cannot be guaranteed, what makes them laws or who makes anyone/any organization abide by them?

Also, it seems that the "cat is already out of the bag" as far as the electronic traces all of us leave throughout our days and the information that we post that reveals aspects of ourselves, AS WELL AS information about us that others post. Private information can already be pulled together in all sorts of ways useful to whomever might choose to gather it -- whether it be a commercial interest or just the way google and other search engines compile their search lists. With all the "privacy breaches" that have already happened, don't we have to assume identity "theft" of any kind could happen to any of us who use electronics anytime? Sure, we can take precautions, but no one can really fully protect themselves anymore, in my mind. The protection we have is more like the school of fish analogy, there are so many of us, what is the likelihood that any particular "fish" will be negatively affected. And the positive advantages of using all the technologies out-weigh the disadvantages. Our "most" private information, such as in the US, our "social security" number would be shared more cautiously, but even that is clearly out of the bag already too, if someone really wanted to find it, couldn't they?

So down the road, it seems that rather than try to hold onto something that is essentially already lost, a more useful focus would be to consider how to operate in an open world. Two things come to mind:

1. It seems credit card companies have already started adjusting by changing your credit card number for you at certain junctures automatically. Every once in a while, I get a new credit card with a new number for an existing account -- a moving target is more difficult to nail down. Perhaps that is the direction social security or other national identity number systems need to go. No one can have "just one" all their lives.

2. As for googling someone before hiring them as a decision-making tool: I think cases of public figures being brought down by private issues clarify some of the important questions we need to ask -- is it worth it to abandon true talent just because s/he exhibits weaknesses or failures on the personal side? What if political/personal attacks posted on blogs about someone of influence are the most visited websites about that person, so that all their quality contributions (published articles read only by scholars, for example) sink beneath the "National Enquirer"/human interest/intrigue/ stories? Do people have to behave perfectly their entire lives in order to make the positive contribution they CAN make in a newly un-private, google-able time? Well-known people are being destroyed by rumors and hype coming from blogs where character defamation seems to be the norm. It seems our search engine formulas work well for products, places and things, but not so constructively for people...? Does it really make sense to make a hiring decision based on what you can bring up on the first few pages of a google search about a person?

In reply to Sarah Haavind

Re: Identity Cards (and privacy and trust)

by Nicola Avery -
Hi, from reading the laws and I skimmed through the pdf too - I don't know how 1 and 3 could be agreed amongst everyone. In some senses 3 contradicts 1.

I agree too with Sarah, identity theft is not someone just posing as someone else with that information, identity theft is when a person receives back personalised information without being aware or agreeing to their personal information being processed by those technologies (and companies involved with them). Those companies have not necessarily posed as you, but they have taken personal information from you without your consent, which is theft. Not in legal terms - their legal situation is the terms and conditions that none of us ever look at or can figure out the multitude of scenarios in which that information could be used.

Another issue is that corporations and governments do not follow the same sets of guidelines when accessing and using information, governments, police etc may be stricter and follow more precise guidelines/laws relating to use of personal identifying information online. Corporations do not need to follow these guidelines/laws unless working on contracts with government / agencies and even auditing does not mean that there is enough capacity to be able to say that they are always followed - I guess this is part of risk analysis done through the tender process or whatever.

How much of it appears to come down to - we only know more about what is happening with our personal information and how its being collected when something about their practices are open to everyone and they are forced by governments or media (traditional or citizen based) to reveal details. Its ironic that they as a corporation are not comfortable revealing data, but willing to collect it. I can think of several technology giants who might fall into this category. There is then a lot of rhetoric produced about how revealing data protects or harms other people, corporations, countries etc etc

And you can find cases of people working in government or wherever that do not appear to follow the laws too for reasons which would probably fall under 3 in the poster, usually reported by specific media - it would need additional analysis to understand why different media choose to reveal information at specific times in the same way that financial markets operate.

I think the concept of identity cards or a digital identity are just at presentation 'layer'. If systems (and layers of technologies and networks which connected those systems) and what makes up that identity are on their way to being or already connected...I wonder about the importance of having a digital identity that we carry around with us at all.

Digital confusion. Reflecting further on Sarah's points, with data being more accessible and engineered to be increasingly reproducible (is that a word?), I wonder how you can ever provide enough evidence that you are who are you say you are and not someone else with a lot of similar identifying characteristics / information. Having a barcode instead of a name wouldn't solve the issue ;-)

I do have various alerts relating to my name, I did a quick look through in more detail today - there are many people out there who have the same name and even if I think I can assemble enough information about myself that I think would identify me as the person that I think I am, it doesn't mean that anyone else looking at various information relating to a person with this name, would in the same way and we all have different motivations for our actions anyway so even if someone did, as Sarah said, it could be used in criminal or other ways for whatever purposes it suited others.

Does it mean that all conversations involving identifying information about people will revert to happening offline in the future because they are less easy to track?