Date post: | 17-May-2015 |
Category: |
Business |
Upload: | kaliya-hamlin |
View: | 716 times |
Download: | 0 times |
Identification and �Social Justice �
Bob Blakley�
Kaliya “Identity Woman” Hamlin��
Cloud Identity Summit July 19 2012�
���
Identity is socially constructed and contextual.
R�I �S�K�
IDENTITY INFORMATION �
NO IDENTITY �=�
NO ACCESS �TO JUSTICE �
OR SERVICES�No rights�or redress �
R�I �S�K�
IDENTITY INFORMATION �
BIRTH AND CITIZENSHIP �RECORDS �
SUBSTANTIALLY DECREASE �CITIZENS’ RISKS�
Access to rights �and legal system�
R�I �S�K�
IDENTITY INFORMATION �
BUT MORE IDENTITY �INFORMATION �
IS NOT �NECESSARILY BETTER�
?
R�I �S�K�
IDENTITY INFORMATION �
IDENTIFICATION TRANSFERS RISK �FROM THE IDENTIFYING PARTY �
TO THE IDENTIFIED PARTY�
Identifying party avoids risk by denying service if identity information is adverse �
Identified party bears risk of being denied service if identity information is adverse �
Each party’s initial risk�
R�I �S�K�
IDENTITY INFORMATION �
SOCIETY USES IDENTIFICATION �TO TAKE RISK FROM �
INSTITUTIONS �AND GIVE IT TO INDIVIDUALS�
Business or agency has resources;�may require identification�
Individual citizen needs resources; �must submit to identification�
Information Asymmetry
and Power Asymmetry
R�I �S�K�
IDENTITY INFORMATION �
BUILDING DOSSIERS INCREASES RISKS �TO IDENTIFIED PARTIES �
BY APPLYING INFORMATION � TO MANY TRANSACTIONS�
Business or agency�
Individual citizen �
Risk in current �transaction�
Risk in future �transactions �
R�I �S�K�
IDENTITY INFORMATION �
ADDING FAVORABLE INFORMATION �TO AN IDENTITY DOSSIER �
CAN DECREASE RISK �TO IDENTIFIED PARTIES A LITTLE… �
Benefits granted�based on history�
Personal Cloud
PersonalData
Analytics
INDIVIDUAL
DATA
ContextShared & PersonalDevices
Roles/Persone
What if we collected our own data in our own dossiers?
R�I �S�K�
IDENTITY INFORMATION �
BUT ADDING ADVERSE INFORMATION �TO AN IDENTITY DOSSIER �
CAN INCREASE RISK�TO IDENTIFIED PARTIES A LOT�
Benefits denied�based on history�
IDENTITY DOSSIERS�DO NOT ALLOCATE RISKS�
EQUALLY TO RICH AND POOR�
No history or bad history =�Few service providers =�Little access to resources =�Few opportunities �
to build good history�
Good history =�Many service providers =�Easy access to resources =�Many opportunities � to build good history�
Services �
R�I �S�K�
IDENTITY INFORMATION �
THE POOR ARE MORE LIKELY �TO HAVE ADVERSE �
INFORMATION �ADDED TO DOSSIERS�
Low access to �resources �and legal �services �
R�I �S�K�
IDENTITY INFORMATION �
THE RICH ARE �MORE LIKELY TO HAVE �
ADVERSE INFORMATION �REMOVED FROMDOSSIERS�
High access to�resources �and legal �services �
Personal Cloud
INDIVIDUAL
DATA
Context
Shared & PersonalDevices
Roles/Personae
Social ProfitOrganization
Local Retailor
Product Producer
Utilities
Service Provider
Vendor Relationship Management
Infomediary Markets
Individual Business
AgentService Provider
Vendor Agent
Retailer
Market Place
DataAggregation
Services
Service Provider
Vendor Agent
Retailer
Market Place
Data Aggregation Markets
NO PII
R�I �S�K�
IDENTITY INFORMATION �
DOSSIERS TEND TO �ALLOCATE RISKS TO �
THOSE LEAST ABLE TO �ABSORB THEM �
Rich�
Poor �High Risk�
Low Risk�
R�I �S�K�
IDENTITY INFORMATION �
CITIZENS OPT OUT OF OR �SUBVERT IDENTITY SYSTEMS�
WHICH CREATEEXCESSIVE RISKS�
C �O �O �P �E �R�A �T�I �O �N �
R�I �S�K�
IDENTITY INFORMATION �
WELL-DESIGNED IDENTITY SYSTEMS COLLECT, MAINTAIN, �AND USE THE SOCIALLY OPTIMAL AMOUNT �
AND TYPEOF IDENTITY INFORMATION �
Maximum identity�information�
Optimal identity�information�
No identity�information�
R�I �S�K�
IDENTITY INFORMATION PREFERENCE �
FINDING THE OPTIMAL RISK/BENEFIT TRADEOFF �REQUIRES CAREFUL STUDY AND CITIZEN INVOLVEMENT�
Police �
General Public �
Felons�
Banks �Tax & �welfare �cheats �
Persecuted�minorities �
Privacy�advocates �
Liberals � Conservatives �
? Anonymous ?
?
? ? Per-Post Per-Session
Anonymous
? Anonymous
ü Verified
ü ü ü
Verified
ü ü ü Documentation In Person
Verification Biometric Capture
? Anonymous
One Site Multi-Site
Verified ü
Pseudonymous
? Anonymous
One Site Multi-Site
Self-Asserted Verified Socially Validated
ü Pseudonymous
Planning Considerations �for Identity Systems �
• Involve the citizens meaningfully in the system’s design
What are the different contexts that you navigate in your life?
What are the different contexts that you navigate in your life?
Partner Spouse Wife Wife Wife Wife Wife Wife Wife Europe Family
Mother Mother Mother Mother Mother Mother-in-Law Mom Parent Parent Parent
Friend: Confidante, Encourager, Fun, Listener, Confider
Pet Sitting Dog Lover Dog Owner Dog Owner/Companion
Daughter Daughter Daughter Daughter Sister Sister Sister Sister Sister-in-Law Aunt Cousin
Great Friend Friend Friend Friend Friend Friend
What are the different contexts that you navigate in your life?
school volunteer Volunteer at the Space and Science Center Volunteer at the Animal Shelter Volunteer at Community Outreach Member SVForum Tech Women Book Club: hostess, humorous, well read, insightful Meetup Organizer Organizer President (club) Secretary of School Club A School Club Member
Girl Scouts Girl Scouts Soccer School Soccer Team Member NCAA Fencing Team School Newspaper Energy club Leader
Student Student Student Student Student Student
What are the different contexts that you navigate in your life?
Work: Mentor, collaborator, driver of work, Innovator Project Management Professional at ____ Airline Industry Expert Technologist Anthropologist International Artist Director in my Company Finance Executive Sales Director Sales Enablement Manager International Project Manager Program Manger Organizational Planning Meeting Design Thinker Connector
LinkedIn - Professional Online LinkedIn: professional Executive At work- OnlineID
Mentor for Startup Cultural Mentor Mentor Mentor Mentor
MBA
Employee Co-Worker Colleague Employee Intern
What are the different contexts that you navigate in your life?
Facebook: Funny, Wry posting links about tech, politics, humor, family Face to face: Celebration Party Dancing: Free in the Flow Moose
Creative Piano Artist Artistic
Online: get educated review before purchase Online: Research, Learn Online: Buy/place orders
Arabic Language Learner Walker Cyclist Formulal Fun Sports Car Enthusiast
Contrarian pain in the side Movie Addict Inspiration Energetic
Photographer Blogger Social Media Personal
Chef Traveler
How do you manage persona’s and your identities with different contexts and social roles?
I handed out paper and invited the women to draw their own map of how they do this and then to share it with their neighbor.
Planning Considerations �for Identity Systems �
• Make social justice an explicit design goal o Carefully balance stakeholder interests
• Consider a system of loosely-linked special-purpose systems o Instead of a single centralized system o Design systems that inherently don’t link personas
together - Example: LLP
? Anonymous
One Site Multi-Site
Self-Asserted Socially Validated
Verified ü
Pseudonymous
? ü
Verified Anonymous Attributes
Over 18 years Woman Voter
CA District 9
Ms.Sue Donna DOB = 1/21/1982 1823 6th Ave. Alameda, CA
? Anonymous
One Site Multi-Site
Self-Asserted Socially Validated
Verified ü
Pseudonymous
? Anonymous
One Site Multi-Site
Self-Asserted Socially Validated
Verified ü
Pseudonymous
? Anonymous
One Site Multi-Site
Self-Asserted Socially Validated
Verified ü
Pseudonymous
ü ü
Limited Liability Persona
Planning Considerations �for Identity Systems �
• Design the system to forget history information after a while o Or not to compile dossiers at all
Planning Considerations �for Identity Systems �
• Legally enumerate permitted and forbidden uses of identity data o Forbid secondary uses and establish sanctions
• Regulate use, not collection (per danah boyd)
o Explicitly enumerate permitted uses in the data itself o Using context metadata�
What would it look like have citizens meaningfully involved?
http://farm5.staticflickr.com/4132/5010483557_3869b9f716_z.jpg http://farm5.staticflickr.com/4132/5010483557_3869b9f716_z.jpg
http://farm4.staticflickr.com/3532/4015256985_b13d64c6f3_z.jpg
taoofdemocracy.com
co-intelligence.org
http://www.identitywoman.net/insight-for-governance
Tom Atlee
Kaliya’s NSTIC – Governance NOI Response
The Core Principles for Public Engagement 1. Careful Planning and Preparation 2. Inclusion and Demographic Diversity 3. Collaboration and Shared Purpose 4. Openness and Learning 5. Transparency and Trust 6. Impact and Action 7. Sustained Engagement
and Participatory Culture
High performance collaboration amongst industry stakeholders is needed for NSTIC to succeed.
Shared Understanding
Shared Language
http://www.identitywoman.net/ ecosystems-collaborate-using-shared-language-nstic
alignment-of-nstic-stakeholders
ncdd.org
groupworksdeck.org
A Pattern Language for Bringing Life to Meetings and other Gatherings
Inviting community engagement on NSTIC Charter & Bylaws
Mailing List: http://lists.idcommons.net /l ists/subscribe/nstic-idm
NSTIC.US
nist.gov/nstic/notices.html idecosystem.org/
Bob Blakley�http://notabob.blogspot.com/
Kaliya “Identity Woman” Hamlin�http://www.identitywoman.net �Cloud Identity Summit July 19 2012�
���
Find a resource list and reference links on our blogs