Ontario Privacy Commissioner extends the Laws of Identity

Here is a post from the Toronto Globe and Mail's Jack Kapica on a development I'll be writing about over the next couple of days – the Ontario Privacy Commissioner's active support for those of us in the industry building an identity metasystem with “embedded” privacy.  This is a remarkable turn of events.

Dr. Cavoukian is one of the preeminent voices for privacy world-wide, and her early and active involvement will help ensure we technologists continue to go in the right direction.  I'll be podcasting her press conference and address to the International Association of Privacy Professionals (IAPP) Conference being held this week in Toronto, Canada.  She has also agreed to share the remarkable documents she and her colleagues have produced to tease out the privacy implications of the Laws of Identity.

Anne Cavoukian's work extends the conversation into a whole new milieu.  And what could be a more auspicious beginning than the vote of support from Jack Kapica, widely known and respected for his careful vetting of all things technological.

Ann Cavoukian, Ontario’s clear-eyed Information and Privacy Commissioner, is onto something very big after endorsing the Seven Laws of Identity, developed under an initiative headed by Microsoft, which she did at a press conference this morning. Using a form of Microsoft’s own strategy, she has embraced and extended those laws in a way that might change tame Internet forever, and maybe even help stop spam.

The seven laws of identity were formulated through a global dialogue among security and privacy experts, headed by Kim Cameron, Microsoft’s Chief Identity Architect. With Cavoukian’s spin, they describe a system in which a set of digital identity cards would keep personal information distinct from information needed for verification.

And no, the seven laws are not Microsoft’s property — anyone can use them. But a form of them will ship with Microsoft’s Vista, its next version of Windows, due for release in January.

Cavoukian and Cameron hint that the system ought to provide the best defence against spam I’ve yet seen. The idea is that while on-line, users can control their personal information, minimize the amount of identifying data they reveal, minimize the links between different identities and actions and detect fraudulent messages and websites, thereby minimizing the incidence of phishing and pharming.

While Cavoukian’s proposal, called Seven  Laws of Identity: The Case for Privacy-Embedded Laws of Identity in the Digital Age, is primarily intended to protect privacy and make on-line commerce safer, it could also kill e-mail from those villains who sell snake oil and pump penny stocks by sending you e-mail from  fraudulent return addresses.

Cavoukian was one of the first non-technologists to grasp the link between on-line identity management and privacy, and has a better understanding of technology than most people do. Kim Cameron, a former Torontonian who has been a personal friend for almost 30 years (he wrote the software that ran the original Globe and Mail books bestseller list), is another great visionary. The combination of the two should make an enormous impact on  technology and commerce if the world takes notice.

With uncharacteristic overstatement, Cavoukian says that once a universal method to connect identity systems and ensure user privacy is developed, there will be an “Identity Big Bang.”

I wish them both the best of luck.

Reading Jack's piece I remember the old days we spent together – and how hard we worked to make sure the Bestseller List was scrupulously scientific and objective.  That's the kind of guy Jack is.  There's real honor there.


Published by

Kim Cameron

Work on identity.

One thought on “Ontario Privacy Commissioner extends the Laws of Identity”

Comments are closed.