ID-Legal
Contents
Update
Participation
If you would like to participate in the work of ID-Legal please join the mailing list by following this link.
We have regularly scheduled conference calls.
Conference Information
This conference is being hosted in DC on March 18-19, 2010. We are hoping for between 20 and 25 people to gather from both technical and legal backgrounds. If you would like to be considered for an invitation please contact us. The output of the conference will be publicly avaliable. We are planning a larger conference around these themes for Fall of 2009 the gap mapping process is in preparation for that larger event.
Conference of Purpose
ID-Legal conference brings together identity technologists and lawyers, academics and & public policy experts to explore and map the gap between the two fields.
This mapping will :
- Enable drafting of better regulation and policy being made to support safe use of online and digital identity.
- Enable design of improved identity technologies that minimize risks, maximize protections and support policy based remedies.
- Ensure consideration of the user experience of online and digital identity so that people have realistic expectations about the legal implications of their use.
Interesting areas of intersection might be:
Identity Technologies | (mix and match) | Legal Perspectives |
Network Based Identity | Transactional | |
End Points (XRI/OpenID) | Liability | |
Discover (XRD) | Compliance | |
Linking of Accounts (Oauth) | Case Law | |
Claims based Identity (infoCard) | Criminal Law | |
Federation (SAML, Shiboleth) | Policy | |
Data Portability | e-Governance | |
3rd party Identity "providers" | Security | |
Social Graph Repositories | privacy | |
Cross-Jurisdictional |
3/6/09 - For Discussion:
Technology | (legal issues) | ||||||||
. | Privacy | Due Process | Search | Discovery | Signature | Agency | Libel & Slander | Frauds & Impersonation | Jurisdiction |
Authentication | |||||||||
Identification | |||||||||
Surveillance | |||||||||
Dossiers | |||||||||
Database Linking | |||||||||
Anonymity | |||||||||
Pseudonymity |
This gathering is not about "finding solutions" to the above questions; the questions are big and will be solved by their respective communities. ID-Legal is about bringing the communities together so that, as they go forward with work on their respective problems, they have a common understanding of issues and a shared background of knowledge as context for their work.
We hope through shared preparation to establish common ground; at the initial ID-Legal meeting we hope to surface issues and document a clear, shared understanding of the gaps between identity technologists and legal and policy professionals dealing with identity issues.
We also see articulating from this map a core set of questions that can serve as the basis of future cross disciplinary dialogue working towards answers.
An example of questions that fall into the gap between the two fields are:
- Who adjudicates disputes in matters of online and digital identity and privacy?
- What happens when disputes involve multiple jurisdictions?
Traditionally the solutions in the legal world and in the technical world have been very different; it is becoming evident that there needs to be a shared understanding of issues in order to make progress in addressing them.
The Challenge
Information technology and the law have not been designed for each other. To cite just one example, technologists who did not understand the law of signatures designed an artifact called a "digital signature" which had few of the legal properties of a pen-and-ink signature; the result was a set of changes in the law of signatures to accommodate the new artifact. But the "digital signature" is neither technically nor legally an improvement on the old pen-and-ink signature. It places much stricter liability burdens on the signer (or presumed signer) than the pen-and-ink signature did, and it provides fewer due-process protections for those whose signatures are forged.
Technologists are in the process of inventing artifacts called "digital identities". These seem likely to take on some of the properties of legal persons online. But they are not legal persons, and they have not (yet) been designed to keep real persons who come in contact with them safe.
Digital and online identities, like robots, can be dangerous to real people. Isaac Asimov envisioned robots who would live by (that is, be compelled by their programming to obey) laws designed to keep humans safe.
The purpose of the Legal IIW workshop is to bring lawyers and technologists together to understand how the law and technology of digital and online identity interact, so that digital and online identity and the law can evolve together in ways that keep humans safe.
There is some urgency to the task. Social networks are aggregating large amounts of personal data, and pressure is building on these networks to open their databases in the name of "data portability". ISPs and telecommunications providers are carrying huge volumes of conversations whose status with respect to government surveillance, carrier surveillance, and subpoena is unclear. Data moves back and forth across jurisdictional and national boundaries whose rules for protection of data (and even protection of persons) are unclear, or clear and incompatible. Location-aware handheld devices are tagging huge quantities of information with geographic data, allowing detailed reconstruction of many individuals' daily lives. It would be good to optimize both technology and the law to make the use of digital and online identity safe for humans before we have to learn where the hazards are the hard way - by experiencing disasters of privacy or fraud.
The law, as usual, lags behind the technology - but as it works to clean up the mess disruptive technologies have caused, it undermines the assumptions made by the technologists and thereby creates uncertainty both in technology markets and in the people who use technology. The technology, as usual, moves forward without much consideration of how it will change the assumptions on which the law rests.
For Further Reading
Here are some pointers to papers on legal aspects of online identity that =JeffH has collected:
Bibliography: Legal Aspects of Online Identity
Links to Related Efforts
Here are a few more pages that might facilitate our future conversations. The first link is to the scenarios group.
Scenarios Group http://wiki.idcommons.net/index.php/Identity_Futures
Identipedia http://wiki.idcommons.net/index.php/Identipedia
Systemic Elements http://wiki.idcommons.net/index.php/Systemic_Elements
Inferred vs Actual - The evolution of policy http://wiki.idcommons.net/index.php/Inferred_Vs._Actual_-_The_evolution_of_policy Business restructuring Ukraine
2008 Q1 Report Identity Rights http://wiki.idcommons.net/index.php/2008_Q1_Report_Identity_Rights
We're also related to Identity Rights Agreements group http://wiki.idcommons.net/index.php/Identity_Rights_Agreements_Charter