[WG-P3] Summary of the Evolving Scope of P3: Immediate call for P3 Membership Action

Louise Bennett louise.bennett at vivasltd.net
Sat May 14 10:15:07 EDT 2011


"Security versus privacy"  is rather loosely used as a hook (as are the
other headings) to get people talking about all of these issues. We have
arranged the workshop to be interactive with 5 people talking for five
minutes about issues associated with each heading and then either moving to
tables to debate those issues (Infosec and EURODIG formats) or posing high
level questions via a panel interview format and throwing out the questions
to get audience participation and discussion going as per the IGF format.
The idea is to try and understand different national  social and cultural
views on the issues to inform the inputs we are making to UK and EU
governments about how to assure identity in electronic transactions globally
that are acceptable from a privacy standpoint

 

Yours,

 

Louise

 

Dr Louise Bennett

louise.bennett at vivasltd.net

+44 (0)20 8748 0598

vivas ltd, 30 Castelnau, SW13 9RU

Company: 4136811

 

From: Anna Slomovic/Equifax [mailto:anna.slomovic at equifax.com] 
Sent: 12 May 2011 18:55
To: Mark Lizar; Louise Bennett
Cc: Anna Ticktin; Kantara P3 WG
Subject: RE: [WG-P3] Summary of the Evolving Scope of P3: Immediate call for
P3 Membership Action

 

Louise,

 

Thanks for sending this along. It is, indeed, interesting. I do have a
question, though. "Security v. privacy" is a standard formulation that seems
to imply some kind of opposition or zero-sum game. Is this the intent? Does
the proposal include a discussion of privacy-enhancing technologies designed
to provide both security and privacy?

 

Thanks.

 

Anna

 

Anna Slomovic

Chief Privacy Officer

Equifax, Inc.

1010 N. Glebe Rd.

Suite 500

Arlington, VA 22201

 

P: 703.888.4620

M: 703.254.9656

F: 703.243.7576

E: Anna.Slomovic at equifax.com

 

From: wg-p3-bounces at kantarainitiative.org
[mailto:wg-p3-bounces at kantarainitiative.org] On Behalf Of Mark Lizar
Sent: Thursday, May 12, 2011 1:32 PM
To: Louise Bennett
Cc: Anna Ticktin; Kantara P3 WG
Subject: Re: [WG-P3] Summary of the Evolving Scope of P3: Immediate call for
P3 Membership Action

 

 

Thank you Louise, 

 

The IGF would be an incredible opportunity for Kantara to facilitate and
align efforts with the international community.  I will pass this to the
appropriate people and put it on the agenda for discussion. 

 

Best Regards / Mark Lizar

 

On 12 May 2011, at 17:00, Louise Bennett wrote:

 

Dear Mark and Kantara members

 

The BCS in UK has developed an series of workshops on Identity Assurance -
the first was given at Infosec in London in April - The second will be given
at EURODIG in Belgrade at the end of May.

 

We have put in a proposal to the UN Internet Governance Forum in Nairobi in
September to provide a workshop. At present we are doing this with EEMA and
EURIM. Would Kantara Initiative be interested in being associated with this
workshop as well?

 

An overview is as below:

This proposal is for a workshop covering the balance between privacy and
security for online identity. It addresses various debate points that are
critical to the success of the Internet as so many aspects rely on the
effective registration and authentication of individuals using digital
identities.

It uses a round table or panel debate to solicit discussion on 5 sets of
questions:

Citizens Rights & Control of Personal Data:

Minimising Access & Protecting Privacy:

Registration Authorities & ID Assurance:

Rights & Responsibilities of ID Providers:

Security v. Privacy, The Balancing Act

The workshop as a round table was presented at InfoSec 2011 where a UK input
was sought. It is being presented as a panel discussion at EuroDIG 2011 in
Belgrade in May to solicit a European perspective and the intention is to
present it at IGF to seek an international perspective. The results and
conclusions from the debates will then be published as a report and made
freely available.

 

I can provide much fuller descriptions if there is interest

 

 

Yours,

 

Louise

 

Dr Louise Bennett

louise.bennett at vivasltd.net

+44 (0)20 8748 0598

vivas ltd, 30 Castelnau, SW13 9RU

Company: 4136811

 

From: wg-p3-bounces at kantarainitiative.org
[mailto:wg-p3-bounces at kantarainitiative.org] On Behalf Of Colin Wallis
Sent: 10 May 2011 15:25
To: Kantara P3 WG
Subject: Re: [WG-P3] Summary of the Evolving Scope of P3: Immediate call for
P3 Membership Action

 

Excellently written Mark
I'm going to give it another read, and a highly likely +1, knowing that
others whose knowledge of the space is much more complete than mine, will
find ways to fine tune this or that.
But I would doubt there will be much to disagree about at the high level.
Cheers
Colin 

  _____  

From: mark at smartspecies.com
To: wg-p3 at kantarainitiative.org
Date: Tue, 10 May 2011 14:12:43 +0100
Subject: [WG-P3] Summary of the Evolving Scope of P3: Immediate call for P3
Membership Action

 

Dear All, 

 

As we re-group and re-focus the effort in P3 it is clearly important that we
as a group gather and mutually contribute to a clear understanding of where
we are and where we would like to go.  With renewed focus made apparent and
agreed by all of us we are then able to solicit nominations for a Co-Chair
to lead the P3 effort for the next year.  In this context I have endeavoured
to write this summary of the evolving scope of P3. 

 

The scale and the scope of the privacy and public policy issues faced in the
privacy an identity management community are now stark as the P3 landscape
is evolving dramatically.  P3 has endeavoured to liaise with both the public
policy community and the federated identity management community on the
technical issues and opportunities for privacy in identity management.   

 

In the last year the privacy landscape has become much more dynamic.  What
has become clear is that a Privacy by Design approach to federated identity
management is required that can provide a basis for Kantara efforts to
integrate into. The core requirement of privacy in identity management is
explicit.  The need to integrate policy with technology has never been more
apparent. Challenges posed by globalisation of data flows and different
privacy regimes are brining recognition for the need for a common, global
approach to assuring privacy in identity management.   Nothing less than a
privacy by design approach will be sufficient to engage in the emerging
trust landscape of Identity Management. 

 

In addition to seeking a global privacy assurance certification,
consideration in P3 also needs to be given to ways to improve current
co-ordination among the increasing number of regional and international fora
for addressing privacy issues and enhancing multi-stakeholder participation.
This is an iterative and long term effort that requires an active P3 role
which will require resources, participation and co-ordinated commitment from
other WG in Kantara.   Something which must be facilitated by a clear P3
scope and PF effort.

 

A clear call to the international standards community has been made by the
OECD for identity management efforts to facilitate the minimising of
jurisdictional and territorial differences globally operating organisations
face. Enterprise, the OECD explains, "are not always be able, or willing, to
tailor their service offerings to meet the specific needs of smaller
jurisdictions. Individuals expect privacy protection wherever they are. The
issue of reducing global compliance challenges facing businesses while
ensuring more effective data privacy protection is at the forefront" (OECD,
2011
<http://www.oecd-ilibrary.org/science-and-technology/the-evolving-privacy-la
ndscape-30-years-after-the-oecd-privacy-guidelines_5kgf09z90c31-en> )  of
what the market is demanding at this time. 

 

Credentials integrated with privacy designed policy has the potential to
provide a legitimate foundation for the global management of privacy for all
stakeholders.  A new international effort into the use of the Accountability
Principle is currently underway in the international policy community and is
directed at making much more accountable the participation in Safe Harbour
Agreement and those Enterprises bounded by Binding Corporate Rules (BCR) in
order to assure the privacy of international data flows.   The
Accountability "principle will explicitly require data controllers to
implement appropriate and effective measures to put into effect the legal
principles and obligations and demonstrate this to the supervisory authority
upon request." (OECD, 2011
<http://www.oecd-ilibrary.org/science-and-technology/the-evolving-privacy-la
ndscape-30-years-after-the-oecd-privacy-guidelines_5kgf09z90c31-en> )  We
are seeing signs of this APEC/CIPL driven regulation emerging already in the
European Community, as well as in the United States.  

 

As P3 is in a unique position to liaise with the Identity Management
community and the International Policy community we are in an opportune
position to understand the privacy gap and the opportunity this gap provides
for Kantara.  

 

As such, I propose that we evolve further and make crystal clear the scope
and focus of the P3 effort to address this gap and attract the resources,
membership, and leadership to drive this P3 initiative forward. 

 

For all those in favour of an evolved scope for P3 please contribute a +1
and where possible provide suggestions and further clarification on how we
can move forward from here.  For the next step I will draft proposed topics
for discussion to be delivered at the Kantara F2F that includes a scope
summary for the Privacy Framework.  Again, as we are clearly at crossroads
in P3 the time has come to rally together and as a group contribute (or not)
to evolve P3 and direct our efforts. 

 

Best Regards / Mark Lizar

Secretary of the Privacy and Public Policy Work Group

 

 

 


_______________________________________________ WG-P3 mailing list
WG-P3 at kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/wg-p3

_______________________________________________
WG-P3 mailing list
WG-P3 at kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/wg-p3

 

 

  _____  

This message contains information from Equifax Inc. which may be
confidential and privileged. If you are not an intended recipient, please
refrain from any disclosure, copying, distribution or use of this
information and note that such actions are prohibited. If you have received
this transmission in error, please notify by e-mail postmaster at equifax.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://kantarainitiative.org/pipermail/wg-p3/attachments/20110514/87ba0b1d/attachment-0001.html 


More information about the WG-P3 mailing list