Managing Digital Identity In a Networked World: Overview

This week I was lucky enough to attend the New Zealand Identity Conference 2012: Managing Digital Identity in a Networked World. Organised by the Victoria University of Wellington, School of Government; The Office of the Privacy Commissioner; and the Department of Internal Affairs, it was held at Te Papa (The Museum of New Zealand) and pulled together identity and privacy experts from New Zealand and the rest of the world. I found it very interesting and valuable, so I just thought I’d post an overview here, and then explore thinking inspired by the conference in other posts.

I should make it clear that the opinions expressed here are my own, and in no way should be taken as representative of my employer or the New Zealand government.

First: the talks. There were a number of speakers who made an impact on me.

  • Colin MacDonald (the Chief Executive of the Department of Internal Affairs) was a better speaker, and showed a good understanding of a department he has only been heading for a couple of weeks. He was clearly trying to start a debate when he claimed that New Zealand’s current privacy legislation is a barrier to providing joined up public services for citizens.
  • Malcolm Crompton (former Aussie Privacy Commissioner and Director of Information Integrity Solutions) then gave an excellent talk, taking Bill English and Colin MacDonald to task for some of their assumptions.  Malcolm’s talk was great and covered a lot of ground, but the particular thing that I took from it was that we need to look at identity from the perspective of the customer/citizen, not from the organisational/government perspective. In particular we should have in place robust ways of handling failures of identity management.
  • Marie Shroff (The NZ Privacy Commissioner) presented a good discussion of the need to balance privacy with other values. She was clearly uneasy with Bill English’s comments, and her talk served as a good corrective to them.
  • Mary Rundle (Microsoft) gave a talk on work she has done on an interesting identity management framework, but her personal story involved what one delegate called a “Polyanna-ish” faith in the power of the market and democratic institutions to act together to prevent abuse of identity management systems.
  • Alma Whitten (Google) gave an interesting talk about Google’s privacy controls and the principles underlying their design, while avoiding the elephant in the room – Google’s overall attitude towards your identity information and privacy.
  • William Webster (University of Stirling) really stretched those of us in government IT by suggesting that we should look at technology in terms of its latent surveillance potential.
  • Bruce Schneier (BT) was a very entertaining speaker. He talked about reputation and identity and security. I thought his Q&A session after the talk was the most thought-provoking though, as the talk was more of a plug for his new book.

In terms of the overall conference experience itself, a couple of observations: there was not as much tweeting and social media as I was expecting from a conference about digital identity and networked worlds; and, there was a disappointing lack of connection with the privacy forum the following day – why wasn’t this one conference on identity and privacy with a specialist privacy stream? Privacy was a central concern of a number of the talks on identity, and so it didn’t make sense from my perspective to separate them like that.

Some thoughts that the conference, and its presenters, provoked or inspired in me (perhaps I will blog about them later):

  • How do we design customer information management systems in a way that respects (or maximises) privacy?
  • Will privacy become a commercial differentiator for social media and online identity providers?
  • The session on surveillance focused on government surveillance of citizens, but isn’t private sector surveillance of customers becoming more important and pervasive?
  • When designing public sector IT systems we should think about their latent surveillance potential.
  • There are interesting ideas about the connection between identity and location/geography.
  • In age where we are being pressured to have a single online identity, will creating multiple personas be an act of digital dissent?
  • Is Master Data Management a bad thing (from a privacy perspective)?
  • Do we need a more sophisticated understanding of the moral basis of privacy as a foundation for our laws and policies around identity?

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: