A few observations:
- The people involved are experienced and sharp. The process seems inclusive, which bodes well. The meeting was well run.
- There was some deja-vu for me based on some PKI experiences in working groups I participated in over 10 years ago in the financial sector. Identity, authentication, authorization, attributes, etc... all being discussed in similar ways. Its dangerous to look too closely at that past experience, though, because use cases, technology, and the environment are so substantially evolved from that time frame.
- More than one speaker noted the compelling issues on the horizon regarding mobility, location based services, "big data" mining and related advances, noting this may rapidly outstrip the worries we have about current ad-network dominated problems.
- Once again, Identity Woman, aka Kaliya Hamlin, seems to be two steps ahead. Will the Personal Data Ecosystem Consortium trump traditional standards processes by leveraging the entrepreneurial energy of competing startups? Running code FTW?
- So what do I worry about? I'd love for the vision and zeal of the privacy advocates to win the day, but I'm not sure that is feasible. Maybe we need to ensure that NSTIC allows privacy-enhancing approaches to be first-class citizens in any adopted standard, and a true market will emerge whereby citizens and consumers have the right and ability to chose to use privacy-enhancing solution. And let the NSTIC infrastructure itself not leak privacy. A bad scenario, in my opinion, would be for the NSTIC process to be co-opted by the biggest firms, and NSTIC results in a legal, regulatory, and operational framework that in practice serves to meet the widest dreams of the greediest internet marketers at the expense of meaningful citizen privacy.
epic.org has a great overview paper on NSTIC here: http://epic.org/privacy/nstic.html
personal data ecosystem consortium: http://personaldataecosystem.org/
personal data ecosystem consortium: http://personaldataecosystem.org/
0 comments:
Post a Comment