[Dave Birch] The European Commission are in favour of PETs. Not the furry (or even scaly) ones, but our favourite kind: Privacy Enhancing Technologies. They are in favour of them because they (correctly) think that the deployment of PETs might do more protect privacy and implement real data protection. If implemented properly, as I have long maintained, they mean that mathematics rather than ombudsmen would ensure compliance! They make a superficially reasonable point about deployment, arguing that PETs should be implemented inside a regulatory framework — Article 13 of the Data Protection Directive and Article 15 of the ePrivacy Directive, apparently — that can deliver (negotiable) levels of privacy to individuals. I’m not so sure about that. I think it’s better to make the PETs widely available and easy to use and then let the market take over: I’m not sure what regulation adds in this case. The Commission says that it has been promoting the use of PETs by public authorities, and I’m sure we all agree that that’s a good thing.

Technorati Tags: , , ,

I happened to be at the DBERR (the Department for Business, Enterprise and Regulatory Reform) seminar on privacy and consent the other day. It was much bigger than I expected, probably because I had not factored in the ten million quid on offer from DBERR for doing some Technology Research Board projects in the field, which may have tangentially added to the turnout.

Jonathan Bamford, from the Information Commissioner‘s office (who have just published their rather angry annual report complaining about sloppy security around personal data), said some nice things about the Royal Academy of Engineering‘s report on Dilemmas of Privacy and Surveillance that I was fortunate enough to be able to contribute to, and highlighted the phrase “engineering ingenuity” as a way forward. He said, and I paraphrase, that it’s time to stop moaning about privacy and start building it in to identity management systems. Incidentally, he also (in front of an IPS representative) said that we should be thinking about the examples where “partial identifiers” are used, such as Austria which I thought was potentially encouraging although I’m sure that IPS won’t pay any attention to any of that, since their procurement is going to begin any day now.

Bill Dutton from the Oxford Internet Institute gave a very good talk on social trends (at least, social trends relevant to the issue of privacy) and introduced some fascinating discussions around social networking. I won’t reiterate here, but the issue of how teenagers’ use of social networking services introduces a more “textured” kind of privacy (to use Bill’s words) in both interesting and novel. I intend to spend more time thinking about this, especially after the issues that Bill’s talk raised in our discussion group. This was all under Chatham House rules, but I think I’m allowed to disclose my own idea: why not use Facebook instead of a national identity register? Get the government to create a Facebook page and then pass a law that we all have to be its friend. I thought this might have some very beneficial effects. For example, “signing on the dole” (which is the British term for applying for unemployment benefits) has negative connotations and sounds very old-fashioned. Whereas “being invited to become a friend of the Benefit Agency” sounds much more positive.

Personally, I found the talk from Dr Hazel Lacohee from BT the most stimulating because she raised issues around the mitigation of failure and the expectation of redress that I’ve often discussed with clients in this space, but she put them forward in a very clear and structured way based on her research with consumers. I’m not sure what it has to say to the government, but to industry I think it suggests some concrete ideas for more competitive identity management services in the mass market.

We were broken up into discussion groups. One topic that came up in my group was the use of sectoral or partial identities, which I’m very much in favour of exploring. Sectoral identities are, of course, only one kind of PET but they do go a long way to implementing a framework along the lines of Kim Cameron’s law or the Information Commissioner’s data protection needs for identity management or, indeed, some of Consult Hyperion’s own suggestions about public identity utilities. I thought we could have discussed this much more, especially because the discussion groups that I was in included a number of people whose opinions I really value, including Robin Wilton, Pete Bramhall and Ian Brown amongst others. Anyway, a thought provoking day out, although not (I imagine) always in the ways that organisers intended.

These opinions are my own (I think) and are presented solely in my capacity as an interested member of the general public [posted with ecto]

Leave a Reply


Subscribe to our newsletter

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

By accepting the Terms, you consent to Consult Hyperion communicating with you regarding our events, reports and services through our regular newsletter. You can unsubscribe anytime through our newsletters or by emailing us.
%d bloggers like this: