I happened to be at the DBERR (the Department for Business, Enterprise and Regulatory Reform) seminar on privacy and consent the other day. It was much bigger than I expected, probably because I had not factored in the ten million quid on offer from DBERR for doing some Technology Research Board projects in the field, which may have tangentially added to the turnout.
Jonathan Bamford, from the Information Commissioner‘s office (who have just published their rather angry annual report complaining about sloppy security around personal data), said some nice things about the Royal Academy of Engineering‘s report on Dilemmas of Privacy and Surveillance that I was fortunate enough to be able to contribute to, and highlighted the phrase “engineering ingenuity” as a way forward. He said, and I paraphrase, that it’s time to stop moaning about privacy and start building it in to identity management systems. Incidentally, he also (in front of an IPS representative) said that we should be thinking about the examples where “partial identifiers” are used, such as Austria which I thought was potentially encouraging although I’m sure that IPS won’t pay any attention to any of that, since their procurement is going to begin any day now.
Bill Dutton from the Oxford Internet Institute gave a very good talk on social trends (at least, social trends relevant to the issue of privacy) and introduced some fascinating discussions around social networking. I won’t reiterate here, but the issue of how teenagers’ use of social networking services introduces a more “textured” kind of privacy (to use Bill’s words) in both interesting and novel. I intend to spend more time thinking about this, especially after the issues that Bill’s talk raised in our discussion group. This was all under Chatham House rules, but I think I’m allowed to disclose my own idea: why not use Facebook instead of a national identity register? Get the government to create a Facebook page and then pass a law that we all have to be its friend. I thought this might have some very beneficial effects. For example, “signing on the dole” (which is the British term for applying for unemployment benefits) has negative connotations and sounds very old-fashioned. Whereas “being invited to become a friend of the Benefit Agency” sounds much more positive.
Personally, I found the talk from Dr Hazel Lacohee from BT the most stimulating because she raised issues around the mitigation of failure and the expectation of redress that I’ve often discussed with clients in this space, but she put them forward in a very clear and structured way based on her research with consumers. I’m not sure what it has to say to the government, but to industry I think it suggests some concrete ideas for more competitive identity management services in the mass market.
We were broken up into discussion groups. One topic that came up in my group was the use of sectoral or partial identities, which I’m very much in favour of exploring. Sectoral identities are, of course, only one kind of PET but they do go a long way to implementing a framework along the lines of Kim Cameron’s law or the Information Commissioner’s data protection needs for identity management or, indeed, some of Consult Hyperion’s own suggestions about public identity utilities. I thought we could have discussed this much more, especially because the discussion groups that I was in included a number of people whose opinions I really value, including Robin Wilton, Pete Bramhall and Ian Brown amongst others. Anyway, a thought provoking day out, although not (I imagine) always in the ways that organisers intended.
These opinions are my own (I think) and are presented solely in my capacity as an interested member of the general public [posted with ecto]