[WG-P3] P3WG: Minutes and NSTIC NOI Questions and Comments
mark at smartspecies.com
Thu Jun 16 15:54:43 EDT 2011
We had very productive meeting in P3 this week. We announced the new
Privacy Framework direction and had a great working session on the
topic of NSTIC. The call included updates from Joni Brennon and Tom
Smedinghoff who were NSTIC panellist. The call also produced
comments in developing a NSTIC NOI response.
The minutes can be found here. Please review, comment, and correct.
Below is a summary of the feedback and comments captured from the
call. Please review, comment and add to these comments. I will
collate feedback and provide this input to the NSTIC discussion group
when it is created. If anyone has links or references that may be
helpful please provide them as well.
Please Review - NSTIC NOI input from P3WG Call June 16th, 2011:
Notes of importance:
An ACLU representative seemed to suggest an aggressive privacy
challenge to the NSTIC effort. This brings important issues of NSTIC
Privacy education, assurance and inclusion that P3 may want to
consider contributing and discussing further.
In terms of educating around NSTIC privacy. There are many
different levels of assurance and different levels of privacy needed
in different context of identity management. Explaining this
appropriately makes the discussion more productive in terms of
discussing privacy. Mentioning that discussing the economic pressures
in terms of law and privacy expectations by different stakeholders may
be one approach to driving privacy discussion in NSTIC.
Event: A second NSTIC workshop has been announced – focused on privacy
issues in NSTIC – on Monday June 27 and Tuesday June 28. The event
will take place at the MIT Media Lab in Cambridge, Massachusetts.
Details (including a link to online registration) are at: http://www.nist.gov/itl/nstic-privacy-workshop.cfm
The registration fee for this workshop will be only $20 – a notable
discount from the fee for our first governance workshop. A draft
agenda will be posted shortly.
How is privacy going to be represented on the steering committee?
How will privacy decisions be made by the steering committee?
What is the authority structure and organisation of the steering
Are there any synergies in effect between privacy and the private
sector other than what this initiative is pushing?
Any efforts connecting the dots between Legislation and NSTIC?
Mentioning that a very strong privacy framework helps a lot as a back
drop which is comfortable for the Canadian Identity management
industry. In this regard what will NSTIC really strong privacy
framework look like?
What do we see the authority of this governing body to be? Do they
have the authority to define, bless or veto something? How will we
unilaterally accept all the work coming from this body with respect to
acceptance and approval of it's process.
Whilst the government pushes industry to drive it's work, to what
extent will the gov't be a stakeholder? Will it have a golden vote?
Who will represent Gov't interests to protect privacy?
Points Raised for NSTIC NOI Input
There are various structures that the governance committee can
explore. Aaron mentions the educational - legal - industry
representation in the governance steering committee.
Different structure that can be organised by issues, (privacy/
security) Another approach - organise by type of expertise. (policy/
legal/policy) as these include various types of representation that
need to be brought up.
- Many of the participants that will be involved are not even thinking
about this today.
Needs to be organised with future participation in mind.
The issue of liability was raised.
Presumption that there would need to be a corporate entity to
accommodate the needs of NSTIC operations. Which would need to
address issues pertaining to liability.
Authority will come from with-in the structure. from the participants.
Indicating that the governance committee needs to be representative
What stake will the government take in the steering of this corporate
Kantara has a good model of governance to draw upon for response,
a Kantara response may include representing international standards
in privacy. Suggestions were made that the steering committee will
need to represent standards community according to particular areas of
governance. Assessment criteria and process will be needed for each
of these areas. FICAM being one of them.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the WG-P3