OTTAWA, Ontario – The IT industry must help citizens reclaim their digital identities. That’s the view of a top Canadian civil servant dealing with the issue, Ontario’s information and privacy commissioner Anne Cavoukian.
Cavoukian made reference in a recent paper to how people are losing control of their personal information that is globally circulating in networks, servers and the Internet with the advent of cloud computing and Web 2.0.
“Without better management of digital identities, we will not only continue to struggle with existing problems such as identity theft, spam, malware, and cyber-fraud, we will be unable to assure individual users that they can safely migrate their critical data and applications from their own computers onto the Web. The opportunity presented by technological development will be lost,” she said.<.p>
Cavoukian added that a more flexible identity management system would include all devices connected to the Internet such as laptop and desktop PCs, cell phones, personal digital assistants, smart cards, sensors, video recorders and online game consoles.
Among the online activities cited where personal data is exchanged are e-mails, filing tax declarations, managing bank accounts, buying goods, playing games, connecting to a company intranet, and meeting people in a virtual world.
People should have the right to know what is happening to their personal information, inspect it to verify accuracy, make changes and challenge the processes of the holding organization, asserted Fred Carter, a senior policy and technology advisor to the office of the information and privacy commissioner.
He advised Cavoukian on her paper. “All of these principals speak to the individual’s right to exercise information self determination.”
What makes the issue urgent for both is the “unprecedented” growth of Web-based applications from the likes of Google as well as interactive services like Facebook or alternative worlds like Second Life and online gaming sites that are asking people to identity themselves.
“With more and more players there is a diminishment of openness, transparency and accountability, when you don’t know where your data is, when it is passed around in networks or business webs, and so on and so forth. You don’t really know where it’s gone, and it is hard for individual companies to make assurances.”
One new trend with potential pitfalls, continued Carter, are technologies that allow systems, devices or perhaps an intelligent bot to make decisions such as purchases on a person’s behalf based on already provided personal information.
“Increasingly, the devices that we have and carry around with us act as our proxy. So it is not really us anymore. It is the device that is always on and filters things for us.”
The question then becomes what technology tools can users “trust,” asked Carter.
A top priority is the amount of information that companies and organizations are demanding from customers over the Web in transactions.
“Why should you take out your wallet and have the guys photo copy everything in it, to just to prove you are over 18. That kind of thing is what happens online. All of that information is collected and it is not really needed. So there is a lot of excessive collection.”
Building privacy into technology boils down to limiting and minimizing the provision and retention of collected data from both the company and customers’ perspective, stated Carter.
“Don’t collect it at all, in the first place. Don’t give it up [i.e. the data] at all, I mean the best privacy is not to give it up. It is like you are making a credit card purchase and they want your telephone number. What do you want my telephone number for?”
At bodies like the Organization for Economic Co-operation and Development there is a growing interest in what is called “user centric identity management.”
While there should be more engagement by individual citizens or their representatives an insufficient number are present at forums examining the future of privacy under the cloud by industry and other interested parties, said Carter.
“Being involved in international standards development work is an extremely expensive proposition. It takes years and years and years. Basically, they are required to have consumer representation, but it is pretty thin.”
One “promising development” cited in the Cavoukian paper is the deployment of cell phones as “digital wallets” that can be used to transfer and store money, pay parking meters and vending machines, and eventually act as a kind of a credit card. One admitted wrinkle is that the cell phone provider could then track a customer’s spending habits or activities with other people.
Privacy and the Web is more than an IT issue, concluded Carter. “I don’t want for a moment to suggest that we suggest that technology is the silver bullet. Clearly, you need to have laws, and you need to have standards and best practices and voluntary practices and you need market pressures and public education and awareness as well. All of these go into the mix.”
This column was written by Paul Weinberg of ConnectIT
a>>
