- Radio hour
- About us
I recently spoke at a 2-day event hosted by NIST that addressed privacy and identity management as part of the NSTIC; the NSTIC represents the most far-reaching set of goals and objectives to date around promoting secure, efficient online commerce through strong online identities, as blogged in this space previously.
The workshop was held at the Massachusetts Institute of Technology’s Media Lab, and attended by over 100 privacy, identity, technology, commercial and government experts, and was actually the second such event in a 3-week span. The first workshop addressed issues around how governance should best be accomplished in a national strategy that depends critically on privacy sector leadership and close industry-government collaboration – you can read about the governance workshop and its proceeding; in addition, NIST had a notice of inquiry on Governance out for comment by July 22.
NSTIC Program Manager Jeremy Grant opened the privacy workshop with a general overview of the issue. This was followed by a perspective from White House staffer Naomi Lefkovitz, who presented a view on why the White House believes privacy to be key in the implementation of NSTIC, as part of the broader Administration focus on consumer privacy through policy papers recently issued for comment by the Department of Commerce and Federal Trade Commission. She focused on the import placed on the Fair Information Privacy Principles (FIPPs) as part of the NSTIC itself; the FIPPs are still available.
The first day focused on turning the FIPPs into operational practice, assessing questions that included:
An active discussion of these issues followed. Among key points made by workshop participants:
Day 2 focused on technologies that could enhance privacy in identity management. Among the topics discussed were approaches to protecting identity through cryptography, including Microsoft’s U-Prove and IBM’s Identity Mixer. The session emphasized that any identity technology should build privacy into the design framework, rather be addressed after the fact. Once technologies are identified, NSTIC envisions that an Identity Ecosystem Framework steering group – expected to be established later this year – will act as a clearinghouse and disseminator for numerous technical approaches consistent with NSTIC, rather than endorsing one solution.
More information on the privacy workshop can be found by reading a number of presentations made there. And for those who would rather see the movie, the conference was streamed live and the link may still be up.