Category: Privacy

Feedback from Urs Gasser at Berkman

Here's some feedback on Rubinstein and Daemen's new Metasystem Privacy paper posted by Urs Gasser on his Law and Information blog.  Urs is an expert in cyber law associated with the Berkman Center at Harvard Law School.

Microsoft released a white paper entitled “The Identity Metasystem: Towards a Privacy-Compliant Solution to the Challenges of Digital Identity.” The excellent paper, authored by Microsoft’s Internet Policy Council Ira Rubinstein and Tom Daemen, senior attorney with Microsoft, and posted on Kim Cameron’s blog, is a must-read for everyone interested in user-centric ID management systems. (Disclosure: As you can take from the acknowledgments, I have commented on a draft version of the paper, based on my earlier observations on “Identity 2.0”-like initiatives.)

Among my main concerns – check here for other problem areas – has been Microsoft’s claim that the i-card model is “by design” in compliance with the unambiguous and informed consent requirement as set forth, for instance, by EU data protection law. I’ve argued that the “hardwired”-argument (obviously a variation on the theme “regulation by code”) might be sound if one focuses on a particular relationship between one user and one identify provider and/or one relying party – as the white paper does. However, at the aggregated level, the i-card model’s complexity – i.e. the network of informational relationships between one user and multiple ID providers and relying parties – increases dramatically. If we were serious about the informed consent requirement, so my argument goes, one would wish that the user could anticipate not only the consequences of consent vis-à-vis one ID provider, but would understand he interplay among all the components of the ID-system. Even in less complex informational environments, experience has shown that the making available of various privacy policies can’t be the answer to this problem – as the white paper seems to acknowledge.

In this regard, I particularly sympathize with the white paper’s footnote 23. It might indeed be a starting point for an answer to what we might call the “transparency challenge” to create “a system enabling web sites to represent privacy policies in a simple, iconic fashion analogous to food labels. This would allow consumers to see at a glance how a site’s practices compared to those of other Web sites using a small number of universally accepted visual icons that were both secure against spoofing and verified by a trusted third party.” (p. 19, FN 23.) Such a system could become particularly effective if the icons – machine-readable analogous to creative commons labels – would be integrated in search results and monitored by “Neighborhood campaigns” similar, for instance, to Stopbadware.com.

Although Microsoft’s paper leaves some important issues unadressed, it seems plain to me that it takes the discussion on identity and privacy protections as code and policy an important step further – in a sensible and practical manner.

I agree with Urs when he talks about where we can go with visual icons representing the practices and policies of sites and identity providers.  Let's do it.

Just to be clear, I see Information Card technology as providing a platform for people to control their digital identity.  As a platform, it leaves people the freedom to put things of their choice onto that platform.

Let's make an analogy with some other technology – say plasma screens.  The technologists can produce a screen with fantastic resolution, but people can still use it to view blurry, distorted signals if they want to.  But once people see the crsytal clarity of high definition, they move away from the inferior uses.  Even so, there still might be artifacts that are important historically that they want to watch in spite of their resolution.

In the same way, people can use the Information Card technology to host identity providers with different characteristics.  It's a platform.  And my belief is that a high fidelity and transparent identity platform will lead to uses that respect our rights.  If this requires help from legislators and the policy community, that's just part of the process.  In other words, I don't think CardSpace is the magic bullet that solves all privacy problems.  But it is an important step forward to have a platform finally allowing them to be solved.

Once you let one party send information to another party, there is no way to prevent it – technically – from sending a correlating identifier.  As a morbid example, terrorists have been known to communicate by depositing and withdrawing money from bank accounts.  The changes in the account are linked to a codebook.  So any given information field can be used to communicate unrelated information.  

What you can do is prevent the platform itself from creating correlation handles or doing things without a user's knowledge.  You can use policy, legal frameworks and market forces so providers and consumers of identity are transparent about what they are doing. You can create technology that can help discover and prove breaches of transparency.  You can facilitate holding third parties to their promises.  And you can put in place social and legal protections of technology users, along the lines of the privacy-embedded laws of identity.

That's why I see the contributions of legal and policy experts as being just as fundamental as the contribution of technologists in solving identity problems.  In in the long term, the social issues may well be more important than the technical ones.  But the success of the technology is what will make it possible for people to understand and discuss those issues.

I advise following some of the thoughtful links to which Urs refers.

 

From little brother to the naked corporation

When I was at the International Association of Privacy Professionals conference recently I was able to hear the multiply visionary Don Tapscott speak about where technology is going, and its relationship with business and society.  He is an extraordinary speaker, with a staggering breadth.  He seems to effortlessly integrate the disparate colliding tendencies and phenomena shaping our future.  If you don't know of him, I'll turn to the Wikipedia, itself a manifestation of forces that form the subject of his latest book:

Mr. Tapscott has authored or co-authored eleven widely read books on the application of technology in business. His new book, co-authored with Anthony Williams is [WIKINOMICS: How Mass Collaboration Changes Everything] (Portfolio, December 2006).

His penultimate book, co-authored with David Ticoll, is THE NAKED CORPORATION: How the Age of Transparency Will Revolutionize Business (Free Press, October 2003). The Naked Corporation describes how corporate transparency, accountability, and stakeholder relationships are the new frontier for competitive innovation.

He has also co-authored, DIGITAL CAPITAL: Harnessing the Power of Business Webs. This best seller describes how business webs are replacing the traditional model of the firm and changing the dynamics of wealth creation and competition.

There are many other important books – including “Paradigm Shift”…

But at the conference, Don spoke right after Anne Cavourkian, with whom, ten years ago, he had written, “Who knows?  Safeguarding your privacy in a networked world.”  With visionary chagrin, he joked that while he still thought it was a good book, the timing couldn't have been worse.  There it is in a nutshell: the visionary's dilemma.

Don went on to say:

In the book we argued that big brother's always been a problem.   But. because of the growing proliferation of networked computers, and databases connected to them, there's an emerging problem, called little brother.

In the old days, information was kept in filing cabinets, and filing cabinets don't communicate with each other very well.

But when information becomes bits, flying around through networks of sand and air, information starts to communicate, and as we go through life, as this becomes the basis for work, learning and entertainment and healthcare and human discourse, we leave a trail of digital crumbs, and these crumbs are being collected, on this vast network of networks, into a sort of virtual you, a mirror image of yourself, and your virtual you may know more about you than you do in some areas, because you can't remember, say, what movie you watched fourteen months ago.

The little brother problem is key to the work I've been doing on this blog.  And Don, who had been told about the Laws of Identity by Dr. Cavourkian, was kind enough to give me permission to post his full speech.  The mp3 version is here.  (Update:  changed from wma).

Second Law of Identity

Here is the Second Law of Identity as expressed by Anne Cavoukian, Privacy Commissioner of Ontario. The “technology” law is on the left; the “privacy-embedded” form is on the right:

MINIMAL DISCLOSURE FOR A CONSTRAINED USE

The identity metasystem must disclose the least identifying information possible, as this is the most stable, long-term solution. 

MINIMAL DISCLOSURE FOR LIMITED USE:
DATA MINIMIZATION

The identity metasystem must disclose the least identifying information possible, as this is the most stable long-term solution. It is also the most privacy protective solution.     

The concept of placing limitations on the collection, use and disclosure of personal information is at the heart of privacy protection. To achieve these objectives, one must first specify the purpose of the collection and then limit one's use of the information to that purpose,avoiding disclosure for secondary uses. The concept of data minimization bears directly on these issues, namely, minimizing the collection of personal information in the first instance, thus avoiding the possibility of subsequent misuse through unauthorized secondary uses.

 

Dr. Cavoukian's restatement of the First Law is here.  I can't overstate the importance of her collaboration with the identity community.  Nothing is more important to getting identity right than getting privacy right.  And there's no better way to get privacy right than by working side by side with those who, like Dr. Cavourkian, have been studing, writing about and protecting privacy for many years.

Download the Privacy-Embedded laws as a brochure or a whitepaper.

Privacy characteristics of the Identity Metasystem

Microsoft has just completed a whitepaper that looks systematically at how the proposal for an Identity Metasystem advances privacy.  

The document offers a useful general overview of how the Metasystem is intended to work – in a form I think will be accessible to those concentrating on policy.  It also contains an instructive analysis of how the Metasystem embodies the principles articulated in the European Uniion data protection directives. 

I will run some exerpts that I think will be of general interest.  But I suspect all those interested in policy and identity technology will want to download the document, so I've added it to the roster of Identityblog white papers. 

  1. Privacy & MetasystemIntroduction
  2. Existing ID Card Schemes
  3. Anonymity, Privacy, and Security
  4. The Identity Metasystem
  5. The Seven Laws of Identity
  6. Roles
  7. Microsoft’s InformationCard Technology: Windows CardSpace
  8. Scenario One: Basic Protocol Flow
  9. Scenario Two: Protocol Flow with Relying Party STS
  10. User Experience
  11. Creating an Information Card
  12. Logging In with an Information Card
  13. Submitting an Information Card
  14. Example of InformationCard Interaction
  15. Privacy Benefits of Windows CardSpace and the Information Card Model
  16. Protection of Users Against Identity Attacks
  17. Information Card Technology and EU Data Privacy
  18. Overview of EU Data Privacy Law
  19. Data Controllers and Their Legal Obligations
  20. EU Data Privacy Laws and Information Cards
  21. Legitimate Processing
  22. Proportionate Processing
  23. Security
  24. Limits on Secondary Use
  25. Conclusion
  26. Acknowledgments 

From the Executive Summary:

Just as individual identity is fundamental to our face-to-face interactions, digital identity is fundamental to our interactions in the online world. Unfortunately, many of the challenges associated with the Internet stem from the lack of widely deployed, easily understood, and secure identity solutions. This should come as no surprise. After all, the Internet was designed for sharing information, not for securely identifying users and protecting personal data. However, the rapid proliferation of online theft and deception and the widespread misuse of personal information are threatening to erode public trust in the Internet and thus limit its growth and potential.      

Microsoft believes that no single identity management system will emerge and that efforts should instead be directed toward developing an overarching framework that connects different identity systems and sets out standards and protocols for ensuring the privacy and security of online interactions. Microsoft calls this concept the Identity Metasystem. The Identity Metasystem is not a specific product or solution, but rather an interoperable architecture that allows Internet users to use context-specific identities in their various online interactions.

This paper describes the Identity Metasystem and shows how it can meaningfully advance Internet user privacy. In particular, it will show how Microsoft’s contribution to the engineering of the Identity Metasystem—the Information Card technology—promotes privacy in three primary ways:

  • First, it helps users stay safe and in control of their online identity interactions by allowing them to select among a portfolio of digital identities and use them at Internet services of their choice. These digital identities may range from those containing no or very little personal information (perhaps nothing more than proof of an attribute such as age or gender) to those with highly sensitive personal information needed for interacting with financial, health institutions, or obtaining government benefits. The key point is that a web site or service only receives the information it needs rather than all of the personal information an individual possesses.
  • Second, it helps empower users to make informed and reasonable decisions about disclosing their identity information by enabling the use of a consistent, comprehensive, and easily understood user interface. Moreover, this technology implements a number of advanced security features that help safeguard users against identity theft by reliably authenticating sites to users and users to sites.
  • Third, and more generally, Information Card technology is hardwired to comply with data privacy laws and conforms to key requirements in the European Union’s privacy regime, including legitimate and proportionate processing, security, and restraints on secondary use.

In short, this new framework and new technology offer a cutting-edge solution to the digital identity debacle that is stifling the growth of online services and systems.

I want to congratulate Ira Rubinstein, Internet Policy Counsel for Microsoft, and Tom Daemen, a senior attorney in his group, for writing this analysis.  Other contributors include our Chief Privacy Stragegist, Peter Cullen, and Caspar Bowden, Chief Security and Privacy Officer for Europe.  Not to mention the inimitable Mike Jones, well known for his contribution to Identity Metasystem thinking.

Although the document uses the Cardspace implementation in illustrating its points, it's my hope that everyone working on the Identity Metasystem across the industry benefits from this work, since the notions apply to all of us.

Can this really bee?

Ian Brown's Blogzilla brings us this report on bugs in the British passport system.  

Yet surely all is not lost.  There are, after all, British politicians with an advanced understanding of privacy and computing.  For example, I would hope the technologically savvy Earl of Erroll, with his informed colleagues the Baroness Gardner of Parkes, the Countess of Mar, Lord Avebury, the Earl of Northesk, and Lord Campbell of Alloway, could prevail upon the good graces of Lord Sainsbury of Turville to have Britain move beyond the strange incident Ian brings to our attention. 

Remember the huge ID cards report row last year between the government and the LSE's Simon Davies? The Home Secretary Charles Clarke (remember him?) went on the Today programme and accused Davies of fabricating evidence for the LSE's report on the ID cards. Ministers from Blair down took turns inside and outside Parliament to rubbish and defame him at every possible opportunity. It turned very nasty and Davies for the remainder of the year was very much Enemy Number One for the Home Office.

Of course subsequent events vindicated the report. The ID scheme is falling to pieces in exactly the way it predicted.

Simon went to the Passport Office in London yesterday to renew his passport. As he approached the interview counter a huge wasp appeared from nowhere, hovering over his head and dive-bombing staff. Interview officers scrambled for cover and retreated to the back of the room. Overheard was the comment “Where the hell did THAT come from?” followed closely by an accusatory glance at Simon and the remark “It came in with HIM!”

The wasp continued to hold position over Simon's head while staff ducked and weaved to avoid the beast. Three security people were called in to deal with the crisis. For a full fifteen minutes work in the passport office came to an abrupt halt as a fearless security official danced around the room, batting the hapless wasp with a handy copy of Her Majesty's passport guidance notes.

The wasp was finally dispatched to insect heaven but not before some people had formed the view that this was all an ingenious and pre-meditated campaign strike against the passport office.

Interestingly, once all the wasp-induced chaos had settled, the officials refused to renew his passport. They said it was “damaged” because a little of the laminate on the data page was lifting. What a surprise for a ten-year old paper document.

Anticipating possible problems establishing his identity, Davies had with him a dozen identity documents, including his LSE card, bankcards, bank statements and utility bills and a three-inch thick pile of newspaper stories with his photo — including articles in the Daily Mail which showed his passport photograph and others from the Sunday Times and the Guardian with his current photo. It was to no avail. He was told that these were all unacceptable as a means of establishing that he was who he said he was. His current passport was not an acceptable form of identity either.

Whether Simon brought a trained wasp into the passport office is something we may never be able to verify, but in the end the Home Office got their own back. He now cannot attend the United Nations Internet Governance Forum in Athens next week, at which he was scheduled to speak.

There may be some who wonder at Ian's complete objectivity.  But let's not dwell on minutae.  I hope Britain will find some way that the visionary Simon Davies can address the upcoming United Nations conference.

 

First Law of Identity

Here is the First Law of Identity as expressed by Anne Cavoukian, Privacy Commissioner of Ontario. The “technology” law is on the left; the “privacy-embedded” form is on the right:

USER CONTROL
AND CONSENT  Technical identity systems must only reveal information identifying a user with the user's consent.
PERSONAL CONTROL
AND CONSENT   

Technical identity systems must only reveal information identifying a user with the user's consent. Personal control is fundamental to privacy, as is freedom of choice. Consent is pivotal to both.>Consent must be invoked in the collection, use and disclosure of one's personal information. Consent must be informed and uncoerced, and may be revoked at a later date.   

    

 I'll be publishing Dr. Cavoukian's version of all the laws over the next little while.  Readers new to this discussion might want to take a look at the Laws of Identity, a technology paper which I think rings increasingly true and provides context about the intersection between identity and virtual reality.  Amongst other things, it posits a model in which the user is an active and central participant. 

In the brochure published by the commissioner, my original statement of each law appears on the left page, while the “privacy embedded” version appears on the right.  It is kind of Talmudic (or should I say McLuhanesque?), and demonstrates the intersection of the purely technical with a policy-oriented view.  I'm very excited by this work, which clearly takes the Laws of Identity forward.

The full title of the brochure is, “7 Laws of Identity – The Case for Privacy-Embedded Laws of Identity in the DIgital Age” (the illustration above is taken from that publication). 

The Privacy Commissioner's Whitepaper is an equally important document that drills into the notion of an Identity Metasystem and is intended to bring about collaboration between the privacy community and identity technologists as we build it.  

The paper version of the brochure is really a beautiful production.  It can be ordered by calling 1-416-326-3333 / 1-800-387-0073 or by writing to publicat@ipc.on.ca. Beyond that, here is the press statement issued to announce Anne's work, along with the powerpoint of her presentation to the IAPP.

What a powerhouse she is.  She is the thing history is made of.

Anti-phishing Mashup

Here's a site dedicated to phishing control that has produced a bizarre mashup that I find fascinating – Web 2.0 meets Magnum PI.  It combines information from the Anti-Phishing Working Group with novel visualization techniques and animation so you can analyse the topologies of phishing trips over time.

A phishing message arrives in your mailbox, pretending to be from a bank, or from an etailer such as eBay or Paypal. It directs you to a web page and asks you to enter your password or social security number to verify your identity, but the web page is not one actually associated with the bank; it's on some other server.

InternetPerils has discovered that those phishing servers cluster, and infest ISPs at the same locations for weeks or months.

Here's an example of a phishing cluster in Germany, ever-changing yet persistent for four months, according to path data collected and processed by InternetPerils, using phishing server addresses from the Anti-Phishing Working Group (APWG) repository.

Phishing Cluster over Time

Figure 1: A Persistent Phishing Cluster

The ellipses in this animation represent servers; the boxes represent routers; and the arrows show the varying connectivity among them. Colors of boxes reflect ownership of parts of the network. Times are GMT.

The animation demonstrates a persistent phishing cluster detected and analyzed by InternetPerils using server addresses from 20 dumps of the APWG repository, the earliest shown 17 May and the latest 20 September. This phishing cluster continues to persist after the dates depicted, and InternetPerils continues to track it.

Graphs were produced using PerilScopeâ„¢, which is InternetPerils‘ interactive topology examination interface, based upon the GAIN platform.

Go to their site to see the actual animated mashup.

ARCAST adds transcripts

I got a note recently from Ron Jacobs, host of Channel 9’s ARCast, telling me that they have added transcripts to their “more popular” ARCasts.  Somehow that included a very early one on the Laws of Identity. Ron is great fun, and has a cave of a studio that really makes you feel like you're “on the air” – though being digital, he is of course post-air…

Let me be the one to say it:  Reading the transcripts I wish a) I were more articulate, and the transcriber a bit more tuned into my perhaps overly informal style; and b) everything published on the internet wasn't going to be around forever.  But I'm not, and it will, and so we all soldier on.

Ron

Hi this is Ron Jacobs and welcome to our talk today. I’m joined by Kim Cameron who is an architect in Windows Identity and access management area. I guess I’d say how’s it going Kim?

00:47.11

Kim Cameron

It’s just great.

01:7.31

Ron

And and so, that’s really interesting. I didn’t realize that we had a whole group that is focused around identity and access management in Windows.

01:8.43

Kim

Oh sure, because we have things like Active directory, you know meta directory integration services and all that sort of stuff. So different ways of being able to find out who you are dealing with inside windows environment. So when you for example login to windows, you know, somebody is got to write that stuff

01:17.11

Ron

Yeah oh yeah, I’m glad you are because you know

01:36.98

Kim

It’s not me though

01:40.08

Ron

OK well (laughs)

01:40.73

Kim

It’s our, it’s our group

01:42.51

Ron

Your group… yes, but you are the architect. You’re the guy that like in Matrix who wheels around and says I’m the Architect

01:43.96

Kim

Yeah, Yeah, I’m responsible for what's wrong and what's bad about it,

01:51.00

Ron

Okay… Now you’ve come up with this real interesting thing that we are going to talk about today called the Laws of Identity. And I love; I love these kind of things. There are seven laws of Identity that you’ve written down on your, on your wonderful blog which I’ve to plug it’s www.identityblog.com

01:55.93

Kim

I love you…

02:16.72

Ron

Well you can return the favor and plug this show later

02:17.50

Kim

I’ll I’ll

02:22.18

Ron

I love concise list like this because it kind of formalize a lot of random thinking that goes on. How did you come up with this list

02:22.90

Kim

Well you know I was … Have you been ever to one conference too many?

02:33.30

Ron

I have … yeah

02:38.10

Kim

So you know I was there and I just was listening to the way the discussion was going and it occurred to me that we don’t really have a framework that allows us to restart the discussion about identity anywhere except from the beginning each time we have it. Sort of like back to the beginning, rewind, and we start again. And all the words mean different things to different people and basically there is… so as a result everybody ends up discussing little technical nits instead of the real concepts that are behind these things. So I figured … is there some way that I can actually reset the conversation or or… well the same time I was just starting to blog and I didn’t really know anything about it … which was a good thing… and I didn’t have anything to write about so I was going … you know… I wondered what would happen if I started this discussion in about. How we get a real … you know… a set of concepts that we can reuse so we don’t always have to go back to square one. And do that with the web… so… it was kind of … it was just a … sort of… experimental, trying to figure it out kind of thing.

02:38.96

Ron

Yeah and I guess a few people have noticed this now and so started showing up in various conferences and slide decks and that sort of a thing right?

03:57.92

Kim

Yeah it’s really bizarre because first of all I was thinking that I’ll start a blog and then maybe a year from now or something people will start to read it.

Lots more where this came from…

What I really like about this is that podcasts become searchable within text engines.  So thanks, Ron.

Ontario Privacy Commissioner extends the Laws of Identity

Here is a post from the Toronto Globe and Mail's Jack Kapica on a development I'll be writing about over the next couple of days – the Ontario Privacy Commissioner's active support for those of us in the industry building an identity metasystem with “embedded” privacy.  This is a remarkable turn of events.

Dr. Cavoukian is one of the preeminent voices for privacy world-wide, and her early and active involvement will help ensure we technologists continue to go in the right direction.  I'll be podcasting her press conference and address to the International Association of Privacy Professionals (IAPP) Conference being held this week in Toronto, Canada.  She has also agreed to share the remarkable documents she and her colleagues have produced to tease out the privacy implications of the Laws of Identity.

Anne Cavoukian's work extends the conversation into a whole new milieu.  And what could be a more auspicious beginning than the vote of support from Jack Kapica, widely known and respected for his careful vetting of all things technological.

Ann Cavoukian, Ontario’s clear-eyed Information and Privacy Commissioner, is onto something very big after endorsing the Seven Laws of Identity, developed under an initiative headed by Microsoft, which she did at a press conference this morning. Using a form of Microsoft’s own strategy, she has embraced and extended those laws in a way that might change tame Internet forever, and maybe even help stop spam.

The seven laws of identity were formulated through a global dialogue among security and privacy experts, headed by Kim Cameron, Microsoft’s Chief Identity Architect. With Cavoukian’s spin, they describe a system in which a set of digital identity cards would keep personal information distinct from information needed for verification.

And no, the seven laws are not Microsoft’s property — anyone can use them. But a form of them will ship with Microsoft’s Vista, its next version of Windows, due for release in January.

Cavoukian and Cameron hint that the system ought to provide the best defence against spam I’ve yet seen. The idea is that while on-line, users can control their personal information, minimize the amount of identifying data they reveal, minimize the links between different identities and actions and detect fraudulent messages and websites, thereby minimizing the incidence of phishing and pharming.

While Cavoukian’s proposal, called Seven  Laws of Identity: The Case for Privacy-Embedded Laws of Identity in the Digital Age, is primarily intended to protect privacy and make on-line commerce safer, it could also kill e-mail from those villains who sell snake oil and pump penny stocks by sending you e-mail from  fraudulent return addresses.

Cavoukian was one of the first non-technologists to grasp the link between on-line identity management and privacy, and has a better understanding of technology than most people do. Kim Cameron, a former Torontonian who has been a personal friend for almost 30 years (he wrote the software that ran the original Globe and Mail books bestseller list), is another great visionary. The combination of the two should make an enormous impact on  technology and commerce if the world takes notice.

With uncharacteristic overstatement, Cavoukian says that once a universal method to connect identity systems and ensure user privacy is developed, there will be an “Identity Big Bang.”

I wish them both the best of luck.

Reading Jack's piece I remember the old days we spent together – and how hard we worked to make sure the Bestseller List was scrupulously scientific and objective.  That's the kind of guy Jack is.  There's real honor there.

 

The database state?

Britain's Ian Brown (author of Blogzilla) is inviting people to a conference at University College London on the first of November:

The UK government is pushing ahead with an ambitious programme to re-engineer the processes of public administration, based on wide-spread sharing of personal data between previously isolated departments and agencies. This is being backed up by proposals for the weakening of data protection law and the building of massive national databases on both adults and children.  

Is widespread data sharing a panacea for effective 21st century government? Is it legal within the European privacy framework? Or, as Tony Blair has claimed, are we living in an entirely new world in which we should leave behind “outdated” notions of human rights?

This workshop will bring together lawyers, technologists, regulators and activists with a shared interest in the development of effective and privacy-friendly government. It will feature expert speakers on two major UK databases: the children's Information Sharing Index (which will hold details on every UK child) and the NHS Care Records Service (which will eventually hold all medical records electronically within the National Health Service). But most importantly, it will give all participants the chance to discuss their views on the privacy principles that should lie behind public administration in the information age.

Places are limited, so please RSVP to I.Brown[at]cs.ucl.ac.uk if you wish to attend.

Gee.  I wish I were able to attend, because I would like to add some questions that interest me more than the political ones: 
  • Where are the actual goals defined for the databases?
  • What other mechanisms have been examined as alternative ways of achieving those goals?
  • Where are the studies in which alternative technologies were compared and large central databases selected as the safest answer?
  • Where are the security threat analyses of these databases published for public review?

It sounds fascinating – I hope it will be podcast.