Mark,
Thank you for sending out this link. The loss of anonymity is, indeed, a great worry. The fact that NSTIC is voluntary at the outset doesn't mean that it will remain so in any practical way. There is nothing in the law that requires that the anonymous option remain available, so at least in the US, it is very easy to envision a situation when an ID is required because a business says it is--and businesses will because they will benefit. Airlines embraced ID requirements as "security requirements" long before 9/11/2001 because this prevented resale of cheap tickets or tickets obtained with frequent flier miles. Some concert and theater venues now require ID for the same reason. Having an ID and, therefore, information about someone's history and behavior is a marketer's dream.
I don't think this is paranoia, either.
Anna
Anna Slomovic
Chief Privacy Officer
Equifax
1010 N. Glebe Road, Suite 500
Arlington, VA 22205
O: 703.888.4620
C: 703.254.9656
_______________________________________________
WG-P3 mailing list
WG...@kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/wg-p3
Mark – apologies for my long absence from this debate, too.
I agree that this perspective must be introduced into Kantara thinking.
However, I don’t think that Convention 108 will be the right starting point. In effect, the only folk pressing for its wider adoption are the Council of Europe itself and some advocacy groups. The 1980 OECD guidelines are a much less controversial starting point.
That said, the introduction of people from the advocacy / community sector into the Kantara processes is the key rather than reference to particular documentation.
Our company has just completed a first report for a Department of the Australian Government on starting a process to consider developing the frameworks for a National Trusted Identities Framework in Australia. I am currently in London & have had some informal discussion with folk involved in the UK Cabinet Office initiative & will be in Washington DC in the week beginning 6 March when I hope to meet with folk involved in the NSTIC. Government leadership seems to be an essential ingredient, but precisely what it should be is very varied!
If anybody from P3WG Kantara is in DC at that time, I would be pleased to catch up with them.
Regards
Malcolm Crompton
Managing Director
Information Integrity Solutions Pty Ltd
ABN 78 107 611 898
Mark – apologies for my long absence from this debate, too.I agree that this perspective must be introduced into Kantara thinking.However, I don’t think that Convention 108 will be the right starting point. In effect, the only folk pressing for its wider adoption are the Council of Europe itself and some advocacy groups. The 1980 OECD guidelines are a much less controversial starting point.
That said, the introduction of people from the advocacy / community sector into the Kantara processes is the key rather than reference to particular documentation.
Our company has just completed a first report for a Department of the Australian Government on starting a process to consider developing the frameworks for a National Trusted Identities Framework in Australia. I am currently in London & have had some informal discussion with folk involved in the UK Cabinet Office initiative & will be in Washington DC in the week beginning 6 March when I hope to meet with folk involved in the NSTIC. Government leadership seems to be an essential ingredient, but precisely what it should be is very varied!
Mark – you ask some interesting questions.
The first in particular: why hasn’t there been better progress towards an international standard or treaty. The fundamental reason is that until very recently, data protection and governance has simply not been seen as a leader level issue. But this is changing. I have written about this in blogs over the last year that will let you see my perspective on the matter at least. I blog at www.openforum.com.au/blogs/malcolm-crompton. The most relevant blogs are:
· Will the boat come in for privacy law reform in 2012?
· Privacy has made it onto the agenda of world leaders
· Getting closer to Base Camp: the sherpa's are unpacking the tents
The APEC Privacy Framework and now the just agreed Corporate Binding Privacy Rules approach to their governance in multi jurisdictional circumstances is a very good example of what is possible in the absence of clear & strong leadership. A group of dedicated officials from some of the APEC economies (US, Australia, Canada, NZ in particular but also others eg Mexico) and privacy officers from leading global companies (mostly American & mostly large ICT) have put a lot of effort into developing the CBPRs. I have been privileged to be consultant on a number of occasions through the process, including in the development of the components of the CBPR Pathfinder project.
However, that arrangement is in the end voluntary and only just about to commence having effect. The proof of the pudding will be in the eating over the next few years – will a voluntary arrangement work? How are free riders etc to be handled? Are enough economies going to participate? Are enough companies going to participate? It is a fascinating experiment & I for one really want to see it work.
With regard to your second point about community interest participation in Kantara, informal discussion has already made it clear to me that Kantara is seen as an industry front for doing too little. The only way to address this is to bring them into the process, or at least make sure that there is nothing hidden in the closet. It must involve active, documented outreach to them, not just a wait & hope they will come approach.
As to your third comment, I like it, but emails like this don’t (yet?) have a Like button.