Collaborating on Privacy in the Identity Ecosystem: Process and Opportunity

It’s hard to talk about the National Strategy for Trusted Identities in Cyberspace (NSTIC) without someone asking about privacy.  This is for a good reason:  while the Identity Ecosystem called for in the NSTIC has the potential to generate numerous benefits for individuals, businesses and organizations, a poorly designed Identity Ecosystem could allow for new forms of tracking or increased demands for identification. The good news is that privacy is baked in from the start in NSTIC.  In fact, privacy is one of the four guiding principles upon which NSTIC is grounded.  The Strategy is specifically focused on building in privacy from the ground up, enabling ways for individuals to only transmit the information necessary to complete a transaction, rather than having to share everything about themselves. Combined with better ways to secure and protect personal information, the Ecosystem can help to give individuals more control over their data – not only improving privacy, but also improving trust online.  While privacy is a NSTIC guiding principle, it will not happen on its own.  To facilitate the implementation of the guiding principles, NSTIC calls for all stakeholders to come together in a new Identity Ecosystem Steering Group to collaboratively develop the policies and standards that will underpin the Identity Ecosystem. The Steering Group will meet for the first time in Chicago, on August 15 and 16, 2012. In advance of this launch, we are today releasing a white paper to initiate broader discussion on the role of the Privacy Coordination Committee identified in the recommended Steering Group Charter, and how it can best operate to facilitate the development of a privacy-enhancing Identity Ecosystem. In brief, we propose two principal functions for the Privacy Committee: 1) Liaising with other committees and working groups to build privacy into their work products from the earliest stages; and 2) Identifying and addressing privacy risks in the overall Identity Ecosystem Framework. At present, there is no shortage of work in the area of online privacy. There are a number of multi-stakeholder initiatives underway focused on issues like “Do-Not-Track” and mobile applications – all of which are important for improving individuals’ privacy. Nonetheless, occasions to start at the outset and build privacy into a new infrastructure like the Identity Ecosystem do not come along very often. We encourage all stakeholders concerned about improving privacy online to join the Steering Group. It’s a remarkable opportunity to make an impact that will be felt for years to come.