CDT Discusses Key Policies Issues Surrounding User-Centric Identity Management

1) User-Centric Digital Identity

2) Government Pilots of Federated, User-Centric Identity

3) Key Policy Questions for User-Centric Identity Systems

1) User-Centric Digital Identity

In the digital context, identity is simply a claim or set of claims about the user, similar to the physical claim of a driver’s license (“this person is allowed to drive according to this state”) or a library card (“this person is allowed to borrow books”). Traditionally, Web sites ask users to log in to the site in order to assert their identity – whether it is to enable participation or to provide services to the user. However, new models for digital identity have been evolving in order to streamline online interactions and make authentication easier for online service providers.

Many of the identity technologies developed to address problems with traditional identity solutions fall under the loosely defined term “user-centric identity.” New models for identity management separate the service provider and the identity provider, allowing me to log in to thousands of websites using a single set of credentials. A trust framework often connects the user, the identity provider, and the service provider (often called the relying party), laying out a set of conditions that each party should adhere to in order to maintain a trusted system.

With letters to Congress this week, the Obama Administration kicked off a debate on the reauthorization of three intelligence surveillance provisions related to the USA PATRIOT Act. The Administration called for all three provisions to be renewed but, in an important development, it said it was willing to consider amendments to the expiring provisions that would protect civil liberties, provided the amendments don't undermine the provisions' effectiveness.

1) Patriot Sunsets Should Prompt Broad Examination of Intelligence Authorities, with a Focus on Documented Abuses

2) Most Expiring Provisions Should Be Amended and Reauthorized

3) Reform Should Start with Powers That Have Been Abused: National Security Letters

4) What's Next in Congress for the Patriot Act?

1) Patriot Sunsets Should Prompt Broad Examination of Intelligence Authorities, with a Focus on Documented Abuses

With letters to Congress this week, the Obama Administration kicked off a debate on the reauthorization of three intelligence surveillance provisions related to the USA PATRIOT Act. The Administration called for all three provisions to be renewed but, in an important development, it said it was willing to consider amendments to the expiring provisions that would protect civil liberties, provided the amendments don't undermine the provisions' effectiveness.

CDT has filed an amicus brief in the Google Books copyright lawsuit, asking for the judge to approve the proposed settlement in the case, but also to ensure that reader privacy is protected as Google implements the expanded services envisioned in the settlement. The settlement would dramatically transform Google Books from an index and finding aid into a resource for users to browse, preview, and purchase full-text access to the millions of books Google has scanned from libraries around the world. Such increased access to knowledge will certainly be of great benefit to scholarship and education, but CDT and several other information privacy advocates have identified serious potential threats to reader privacy and intellectual freedom-values that have for many years been taken seriously and highly protected by libraries.

1) CDT files brief urging privacy safeguards for Google Books

2) Privacy Concerns and CDT's Recommendations

3) The Larger Picture of Privacy Online

One of the first projects adopted under the Obama administration’s push for transparency was the Data.gov Web site, currently adding data sets by the hundreds of thousands. Data.gov will gather, bundle, and make publicly available various types of raw data produced by the federal government. This site will make it easy for individuals and the private sector to use this information, the same way that GPS navigation services and weather reports use free government data now. As part of day-to-day operations, the government collects information about economic indicators, health, product recalls, and government services. Many databases of this information are already made available in processed formats, but not made available in raw form.

A full copy of the memo upon which this Policy Post is based is held here.

1) Government Information, Data.gov and Privacy Implications

2) De-identification ad Re-Identification of Data Sets

3) Key Principles for De-Identification and Use of Data Sets

1) Government Information, Data.gov and Privacy Implications