Privacy Principles for Identification
How to create and manage individual identity is becoming a central challenge of the digital age. As identity-related initiatives are implemented in both the public and private sectors, individuals are being asked to identify themselves in some way with increasing frequency. Obviously, identity, privacy and security are intimately related, yet the relationship among the three is often not well understood. It is worthwhile, therefore, to develop technology-neutral principles expressing how identity can be created and managed in ways that enhance privacy and security, while also facilitating services and respecting the other needs for which identification is appropriate. Private sector developers of ID technology, government officials, and public interest groups could all benefit from a guiding set of privacy principles or best practices in this area. In order to begin the process of developing such principles, we are releasing a draft of Privacy Principles for Identity in the Digital Age. It is based on two earlier efforts CDT coordinated: the 2003 Authentication Privacy Principles and the 2006 Privacy Best Practices for RFID Technology. The FTC is holding an identity authentication workshop on April 23 and 24. CDT hopes to testify, and we would like to use the workshop as an opportunity to expose the concepts in the draft principles for comment and reaction. If you have comments or questions about these principles, please let us know.