Hope x talk

Hope x talk
HOPE X Updates from the Online Identity Battlefield Joint Presentation by: Aestetix @aestetix Kaliya “Identity Woman” @identitywoman
Our Intentions: 1) Update on the history #nymwars Did we “win” with G+ acquiescing? 2) The Battle continues - at its center are key words & concepts and the struggle for meaning. 3) Share more about one battlefield : NSTIC Hoped for result some of you choose to “participate” struggling & using this lever to protect psydonymity and anonymity.
Who are we? - contextual intro’s from each of us Aestetix - reveiw of talk from Hope 9 Kaliya - Indie Advocate for user-centrism + IIW How we Connected - NSTIC! Kaliya - What is NSTIC? - rapid history Aestetix - Experience w/ Nym Issues to NSTIC Words & Concepts on the Battlefield: [Triangles - Circles] Trust Identity Verified Reputation Paths Forward: Limited Liability Persona BC Government Solution Turtles all the Way Down Writing out what we want! NSTIC Next Steps “Hacking the Trust Frameworks” + Next Meeting Florida Biometrics Con. How should it work from a freedom civil liberties perspective?
aestetix “is a mononym” • #nymwars • HOPE Number Nine • What is a “real” name? • NSTIC/IDESG
#nymwars
#nymwars Eric Schmidt, Executive Chairman at Google: • “The only way to manage this is true transparency and no anonymity. In a world of asynchronous threats, it is too dangerous for there not to be some way to identify you. We need a [verified] name service for people. Governments will demand it.” (Techonomy, August 2010) • “If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place."(CNBC Interview, December 2009)
#nymwars Mark Zuckerberg, CEO at Facebook: “The days of you having a different image for your work friends or co-workers and for the other people you know are probably coming to an end pretty quickly. Having two identities for yourself is an example of a lack of integrity.” (Interview, October 2011)
#nymwars Ian Donald Calvin Euclid Zappa
Independent Advocate for the Rights and Dignity of our Digital Selves Saving the world with User-Centric Identity I have had my identity woman blog for almost 10 years
Early 2000’s I was working on developing Distributed Social Networks for Transformation
Protocol: How Control Exists after Decentralization by Alexander R. Galloway Protocols are Political They matter! as Snowden said today at HOPEX
We founded IIW in 2005 Internet Identity Workshop
Unconference Format
Hailstorm SAML v1 & 2 BTOracleSUN XRI XDI Passport Microsoft FireFly Liberty Alliance Kantara Intiative Planetwork Link Tank Identity Commons (1) Identity Gang Identity Commons (2) OpenID v2 OpenID Foundation Open Identity Exchange Information Card Foundation IMI Identity Metasystem Interoperability Information Card Standard VENN OF IDENTITY Higgins Project Lots of Companies Project to be annouced at IIW IBM Project to be annouced at IIW Pamela Project TIME Internet Identity Workshop Loose Affiliations of People Current Organizations Organizations (no longer) Company Proprietary Service (no longer) Protocol standardized at OASIS Protocol standardized at OASIS earlier version (no longer) Independent Open Protocol Independent Open Protocol (no longer) Paper:Shared Understanding Event Project with Code Evolution of Identity Community
Broad Base of Participation BIG COMPANY SPONSORS MSFT PingID SUN Facebook Google Yahoo Cisco Plaxo Commerce Net Adobe BT Novell Facebook AOL Ping Identity Paypal / eBay NONPROFIT SPONSORS ISOC Kantara/Liberty Alliance Info Card Foundation OASIS IDTrust Mozilla Higgins Project Bandit Project Planetwork Internet Society CORPORATE PARTICIPANTS Paypal Booz Allen Hamilton Apple Burton Group Hewlett Packared International Business Machines Intuit LexisNexis Nippon Telegraph and Telephone Corporation Nokia Siemens Networks NRI Oracle Orange Rackspace Radiant Logic Sony Ericsson The MITRE Corporation Tucows Inc VeriSign, Inc. Vodafone Group R &D Alcatel-Lucent Acxiom Identity Solutions Acxiom Research Equifax LinkedIn Amazon SMALL COMPANY SPONSORS FuGen Solutions OUNO Rel-ID Poken Vidoop Chimp Authentrus Sxip ClaimID IETF W3C OASIS SMALL COMPANY PATICIPANTS Ångströ Digg, Inc. Privo Expensify FamilySearch.org FreshBooks Gigya Gluu Janrain Kynetx NetMesh Inc. Protiviti Socialtext TriCipher, Inc. Trusted-ID Wave Systems Six Apart NONPROFIT PARTICIPANTS Center for Democracy and Technology DataPortability Project IdM Network Netherlands OCLC Open Forum Foundation World Economic Forum UNIVERSITY PARTICIPANTS Goldsmiths, University of London Newcastle University Stanford University GOVERNMENT PARTICIPANTS Office of the Chief Informaiton Office, Province of British Columbia and more...
Lots of Open Standards XRI/XDI SAML Information Cards
I founded this in 2010 Goal connect starutps around the world building tools for individual collect manage and get value from their personal data along with fostering ethical data markets.
Privacy: Increasingly Complex as Volumes of Personal Data Grow 27 Source: World Economic Forum, “Rethinking Personal Data: Strengthening Trust,”
The Leola Group 2014 I founded
NSTIC Where did we meet?
2009
10. Build a cybersecurity-based identity management vision and strategy that addresses privacy and civil liberties interests, leveraging privacy-enhancing technologies for the Nation. Table 2: NEAR-TERM ACTION PLAN
2009
13. Implement, for high-value activities (e.g., the Smart Grid), an opt-in array of interoperable identity management systems to build trust for online transactions and to enhance privacy. Table 3: MID-TERM ACTION PLAN
Says we must maintain anonymity & pseudonymity in cyberspace
Called for in President’s Cyberspace Policy Review (May 2009): a “cybersecurity focused identity management vision and strategy…that addresses privacy and civil-liberties interests, leveraging privacy-enhancing technologies for the nation.” Guiding Principles –Privacy-Enhancing and Voluntary –Secure and Resilient –Interoperable –Cost-Effective and Easy To Use NSTIC calls for an Identity Ecosystem, “an online environment where individuals and organizations will be able to trust each other because they follow agreed upon standards to obtain and authenticate their digital identities.” 36 What is NSTIC?
Where is this / Where are we? CREEPY NSA (and others) SPYING
CREEPY NSA (and others) SPYING Rules for Lawful Intercept Where is this / Where are we?
CREEPY NSA (and others) SPYING Rules for Lawful Intercept IN THIS BIGYELLOW BOX Where is this / Where are we?
CREEPY NSA (and others) SPYING Rules for Lawful Intercept NORMATIVE RULES BUSINESS PRACTICES TECHNOLOGIES FOR EVERY DAY LIFE Business - Business Business - Consumer Business - Government Citizen/Person - Gov Where is this / Where are we?
CREEPY NSA (and others) SPYING Rules for Lawful Intercept NORMATIVE RULES BUSINESS PRACTICES TECHNOLOGIES FOR EVERY DAY LIFE Business - Business Business - Consumer Business - Government Citizen/Person - Gov Where is this / Where are we?
What does the IDESG do: It is proceeding to define how EVERYONE will be able to express their identity online in the future. It is to answer questions like: * How can people define their own names, gender identity, race, other identifying information? * Will we retain the right to use "nicknames"/pseudonyms? * Will we be able to speak anonymously online? The strategy document "says" we should be able to do so but this institution will define HOW the ecosystem actually built. Only if we are there to ensure our freedoms online will they be retained. * What are the methods of verification of enrollment (how you get into the system) what methods of authentication (passwords or device ID or biometrics)?
As the White House announcement details below, today [April 2014] marked the release of the Cybersecurity Framework crafted by NIST – with input from many stakeholders – in response to President Obama’s Executive Order on Improving Critical Infrastructure Cybersecurity issued one year ago. NSTIC is not discussed in the framework itself – but both it and the IDESG figure prominently in the Roadmap that was released as a companion to the Framework. The Roadmap highlights authentication as the first of nine different, high- priority “areas of improvement” that need to be addressed through future collaboration with particular sectors and standards-developing organizations. The inadequacy of passwords for authentication was a key driver behind the 2011 issuance of the National Strategy for Trusted Identities in Cyberspace (NSTIC), which calls upon the private sector to collaborate on development of an Identity Ecosystem that raises the level of trust associated with the identities of individuals, organizations, networks, services, and devices online. The results of this W ILL BECOME POLICY
NSTIC is focused on consumer use cases, but the standards and policies that emerge from the privately-led Identity Ecosystem Steering Group (IDESG) established to support the NSTIC – as well as new authentication solutions that emerge from NSTIC pilots – can inform advances in authentication for critical infrastructure as well. NIST will focus in these areas: · Continue to support the development of better identity and authentication solutions through NSTIC pilots, as well as an active partnership with the IDESG; · Support and participate in identity and authentication standards activities, seeking to advance a more complete set of standards to promote security and interoperability; this will include standards development work to address gaps that may emerge from new approaches in the NSTIC pilots The results of this W ILL BECOME POLICY
The BIG IDEA behind NSTIC IS NOT DUMB
+ Multi-Factor Authentication
Authentication is NOT: Enrollment or IdentityVerification You need strong multi-factor authentication for pseudonyms too.
The BIG IDEA behind NSTIC IS NOT DUMB Text
Text 50 states
3,144 counties Text 50 states
3,144 counties 19,355 incorporated places 50 states Lots of Government Entities in the US - who’s job it is to interact with citizens and provide services.
Each Government agency could issue a “strong” mutli- factor ID that included verification on enrollment.
Cost $12-$120 per person - per year to manage ID
This would be a National ID
People get services from the private sector with ID.
People get services from the private sector with ID.
Gov ID for employees, contractors under HSPD12 - 12million How can they use this ID at their private sector accounts?
A tone of liability & “trust” issues
A tone of liability & “trust” issues NSTIC
NSTICTRUST FRAMEWORKS
“TRUST” Frameworks
TECHNOLOGY LEGAL/POLICY
TECHNOLOGYLEGAL/POLICY
TRUST FRAMEWORK
TRUST FRAMEWORK We must create Legal/Policy - Tech that will underlies what should become an Ecosystem.. We need lots of different parties at the table to create them. We should have an “open” mutli- stakeholder process to figure it out.
Private sector will lead the effort • Not a government-run identity program • Private sector is in the best position to drive technologies and solutions… • …and ensure the Identity Ecosystem offers improved online trust and better customer experiences Federal government will provide support • Help develop a private-sector led governance model • Facilitate and lead development of interoperable standards • Provide clarity on national policy and legal framework around liability and privacy • Fund pilots to stimulate the marketplace • Act as an early adopter to stimulate demand 70 What does NSTIC call for?
NPO Jeremy Grant Program Office Announced inside: National Institute of Standards under: Department of Commerce Friday, January 7, 2011
NPO Hires a STAFF David Temoshuck Naomi Lefkovitz James “Jim” Sheire Michael “Mike” Garcia
NPO ACTION: Notice of Inquiry. SUMMARY: The Department of Commerce (Department) is conducting a comprehensive review of governance models for a governance body to administer the processes for policy and standards adoption for the Identity Ecosystem Framework in accordance with the National Strategy for Trusted Identities in Cyberspace (NSTIC or “Strategy”). The Strategy refers to this governance body as the “steering group.” The Department seeks public comment from all stakeholders, including the commercial, academic and civil society sectors, and consumer and privacy advocates on potential models, in the form of recommendations and key assumptions in the formation and structure of the steering group. The Department seeks to learn and understand approaches for: 1) the structure and functions of a persistent and sustainable private sector-led steering group and 2) the initial establishment of the steering group. This Notice specifically seeks comment on the structures and processes for Identity Ecosystem governance. This Notice does not solicit comments or advice on the policies that will be chosen by the steering group or specific issues such as accreditation or trustmark schemes, which will be considered by the steering group at a later date. Responses to this Notice will serve only as input for a Departmental report of government recommendations for establishing the NSTIC steering group.
NPONPO Workshops Governance Privacy Technology July 2011 May 2011 with IIW Oct 2011
NPO April 2011 at chamber of commerce
NPO Charter “Committees” by Immaculate Conception Bylaws
NPO Charter “Committees” by Immaculate Conception Bylaws The First Plenary meeting was August 2012
NPO a complete 2 year work PLAN!
THE Identity Ecosystem Steering Group STRUCTURENPO THE SECRETARIAT Put out a Bid and then hired private company to run Secretariat
The Plenary NPO THE IDESG STRUCTURE THE SECRETARIAT Any person and any organization in the world (yes the world) can sign up to be a part of making the Identity Ecosystem Framework
The Plenary NPO THE SECRETARIAT You pick a stakeholder category • Privacy Advocate • Small Business - Entrepreneur • Regulated Industries • Relying Party • etc...there are 14
The Plenary NPO THE SECRETARIAT Each Stakeholder Group elects a member of the management council.
The Plenary NPO THE SECRETARIAT THATS “Me” I represent small businesses and entrepreneurs.
The Plenary Chair Management Council Vice-Chair NPO THE SECRETARIAT
Chair Management Council Vice-Chair Vice-Chair Plenary Chair NPO THE SECRETARIAT The first multi-day face to face meeting was 18 months after we were first elected. The management council meets every 2 weeks on the phone.
The Plenary Chair Management Council Vice-Chair Vice-Chair Plenary Chair PRIVACY Security Standards Trust Framework Trust Mark Standards Int’l Policy NPO THE SECRETARIAT Committees are where all the work happens. The NPO defined all the committees BEFORE the management council ever met.
The Plenary Chair Management Council Vice-Chair Vice-Chair Plenary Chair PRIVACY Security Standards Trust Framework Trust Mark Standards Int’l Policy NPO THE SECRETARIAT They meet in a “chairs call” every 2 weeks. The committees elect chairs
The Plenary Chair Management Council Vice-Chair Vice-Chair Plenary Chair PRIVACY Security Standards Trust Framework Trust Mark Standards Int’l Policy NPO THE SECRETARIAT NYM ISSUES? Aestetix tried to bring Nym Issues Committee forward...its still in limbo.
The Plenary Chair Management Council Vice-Chair Vice-Chair Plenary Chair NPO THE SECRETARIAT Management Council Sub-Committees
The Plenary NPO THE IDESG STRUCTURE THE SECRETARIAT Any person and any organization in the world (yes the world) can sign up to be a part of making the Identity Ecosystem Framework HOW MANY PEOPLE are active in IDESG? Under 100! A difference can be made with this institution with not that many people showing up.
The Plenary NPO THE IDESG STRUCTURE THE SECRETARIAT They have Face to Face meetings once a quarter. + they are all broadcast live.
NPO The Chair Vice- Vice- PlePRI Sec Stan Trust Stan In Pol Communications: 30 Mailing lists No Wiki Document Repository Drupal Site No clear vision from management council about what we are actually supposed to do. 10+ Committees & Sub-Committees
The Ch Vi Vi PlPR Se St Trus St I P THE SECRETARIAT NPO IDENTITY ECOSYSTEM STEERING GROUP Year 1 Pilots Year 2 Pilots Year3 Pilots ? • Daon, Inc. • The American Association of Motor Vehicle Administrators • Criterion Systems • Resilient Network Systems, Inc. • University Corporation for Advanced Internet Development • Transglobal Secure Collaboration Participation • Georgia Tech Research Institute • Exponent • ID.me, Inc. • Privacy Vaults Online, Inc.
NPO The Chair Vice- Vice- PlePRI Sec Stan Trust Stan In Pol BIG ISSUES: DIVERSITY - INCLUSION TRUST FRAMEWORK CREATION * NAMING ISSUES REASONABLE PROCESS for CITIZEN INVOLVEMENT
The Importance of Diversity & Inclusion in the NSTIC National Strategy for Trusted Identities in Cyberspace IDESG Identity Ecosystem Steering Group by Kaliya “Identity Woman” Hamlin Management Council Member for Small Business and Entrepreneur Stakeholder Group October 18, 2013 - Boston Plenary Presentation shared remotely in New Business Section This was at close of plenary and was invited after Kaliya raised the issue of the lack of diverse participants in producing the outcomes of Security Committee was reviewing. Told it was out of scope of the committee to address the issue and it should be brought to end of day chairs debrief.
63 CensusViewer US 2010 Census Latino Population as a heatmap by census tract.
63 Anti-Racist Organizations in the US http://en.wikipedia.org/wiki/Category: Anti-racist_organizations_in_the_United_States Ethnic & Racial Minorities in US http://en.wikipedia.org/wiki/ Category:Ethnic_groups_in_the_Unite d_States Asian American http://en.wikipedia.org/wiki/Category:Asian_American Lists of US Cities with non-white majority populations http://en.wikipedia.org/wiki/Lists_of_U.S._cities_with_non-white_majority_populations
62 List of LGBT Groups http://en.wikipedia.org/wiki/ List_of_LGBT- related_organizations
63 Civil Liberties Advocacy Groups in the US http://en.wikipedia.org/wiki/ Category:Civil_liberties_advocacy_groups _in_the_United_States Human Rights Advocacy Groups in the US http://en.wikipedia.org/wiki/ Category:Human_rights_organizations_based _in_the_United_States
64 National Council of Churches http://en.wikipedia.org/wiki/ Category:Members_of_the_National _Council_of_Churches List of Gurdwaras http://en.wikipedia.org/wiki/List_of_ gurdwaras_in_the_United_States
Why James Chartrand Wears Women’s Underpants http://www.copyblogger.com/james-chartrand-underpants/ 65 List of Women’s Organizations in the US http://en.wikipedia.org/ wiki/List_of_women %27s_organizations#Unit ed_States
65 List of Disabled Rights Organizations in the US http://en.wikipedia.org/wiki/ List_of_disability_rights_organizations Alliance for Full Participation http://en.wikipedia.org/wiki/ Alliance_for_Full_Participation
69
69 http://criterioninstitute.org/about/our-approach/methodology/
in March I did a BLOG POST re: next election to IDESG Management Council Articulating serious ISSUES including lack of diversity almost no civil society groups Uninvited by the NPO to a International ID Conference at White House Conference Center.
The Last Plenary.... Panel with the: NAACP Association of the Blind ACLU I was involved in helping design it.
They are Continuing AHEAD.....
NPO The Chai Vic Vic PlePRI Sec Sta Trust Sta I P The list of DELIVERABLES The list of DERIVED REQUIREMENTS Created not by Plenary but by Deloitte Consultants
NPO The Chair Vice Vice PlePRI Sec Sta Trust Sta I Po Identity Ecosystem Steering Group The Chair Vice Vice PlePRI Sec Sta Trust Sta I Po IDESG INC 501(c)3 + 501(c)6 THE SECRETARIAT
NPO The Chair Vice Vice PlePRI Sec Sta Trust Sta I Po Identity Ecosystem Steering Group The Chair Vice Vice PlePRI Sec Sta Trust Sta I Po IDESG INC 501(c)3 + 501(c)6 THE SECRETARIAT Now we are Independent YEAH!
NPO The Chair Vice Vice PlePRI Sec Sta Trust Sta I Po IDESG INC 501(c)3 + 501(c)6 Now we are Independent YEAH! Opportunity to “reset” the process + how we are governed. The main committee where key work is happening is in the Trust Framework and Trust Mark Committee
The Nym Online Identity Battlefield Key Words & Key Concepts
“Trust” Bond between parent and child
What is Trust? (at different scales)
http://www.flickr.com/photos/symphoney/127526363 People trusting themselves: SELF TRUST
http://www.flickr.com/photos/mikebaird/6827018 People trusting each other: RELATIONSHIP TRUST
http://www.flickr.com/photos/west_point/5570799 Groups of people working together: ORGANIZATIONAL TRUST
http://www.flickr.com/photos/wordridden/ For organizations there is: MARKET TRUST
http://www.flickr.com/photos/nate/295939 Beyond the business or nonprofits is: SOCIETAL TRUST
http://www.flickr.com/photos/bethscupham/ 7663247816 Beyond the societal trust is: ECOSYSTEM
Bonus: TECHNICAL TRUST
“TRUST” Frameworks
TECHNOLOGYLEGAL/POLICY
TRUST FRAMEWORK
The Trouble with Trust: and the Case for Accountability Frameworks On my Identity Woman blog
National Strategy Trusted Identities
Identity is socially constructed and contextual.
Identity is subjective
Identity is subjective
Pointers to things within particular contexts.
Abrahamic Cultural Frame Relational Cultural Frame
Identity along with all things flows down from GOD. Identity and all things are present in the world and relate to each other.
What does industry mean by “Trusted Identity”? Here are some headlines + press releases.
“Verified” AirBnB
“Verified” AirBnB
What does this mean toVerified
What does this mean toVerified
What does this mean to beVerified? Who is qualified to validate or verify. Who is qualified to certify verifiers.
FCCX - system with Post Office run by Secure Key (said: f6) We didn’t have time to get into this.
? Anonymous Limited Liability Persona
? Anonymous ? ? ? ? Per-Post Per-Session Anonymous Limited Liability Persona
? Anonymous Limited Liability Persona
? Anonymous ! Verified
? Anonymous ! Verified ! ! ! Verified ! !! Documentation In Person Verification Biometric Capture
? Anonymous ! Verified
? Anonymous One Site Multi-Site Self-Asserted VerifiedSocially Validated ! Pseudonymous
? Anonymous One Site Multi-Site Self-Asserted Socially Validated Verified ! Pseudonymous
? Anonymous One Site Multi-Site Self-Asserted Socially Validated Verified ! Pseudonymous ? ! Verified Anonymity
? Anonymous One Site Multi-Site Self-Asserted Socially Validated Verified ! Pseudonymous ? ! Verified Anonymity Ms.Sue Donna DOB = 1/21/1982 1823 6th Ave. Alameda, CA
? Anonymous One Site Multi-Site Self-Asserted Socially Validated Verified ! Pseudonymous ? ! Verified Anonymity Ms.Sue Donna DOB = 1/21/1982 1823 6th Ave. Alameda, CA
? Anonymous One Site Multi-Site Self-Asserted Socially Validated Verified ! Pseudonymous ? ! Verified Anonymity Over 18 years Woman Voter CA Congressional District 9 Ms.Sue Donna DOB = 1/21/1982 1823 6th Ave. Alameda, CA
? Anonymous One Site Multi-Site Self-Asserted Socially Validated Verified ! Pseudonymous !!
? Anonymous One Site Multi-Site Self-Asserted Socially Validated Verified ! Pseudonymous !! Limited Liability Persona
Persona 1 Persona 2 Context 1 Context 2
Persona 1 Persona 2 Context
Context 1 Context 2 Persona
Reputation
Reputation Klout scores all the way down…
HoloCosmos.com Turtle Island
Back to Circles and Triangles
We won #nymwars….. right? In Conclusion: HOPE!
We won #nymwars….. right? In Conclusion: HOPE!
USING THE BC SERVICES CARD TO ACCESS ONLINE SERVICES British Columbia Services Card A Triple Blind System - very good & model to consider. In Conclusion: HOPE!
The Government set two specific tasks for the Panel: 1. Review the Province’s approach to digital services, recommending actions the Province can take to build citizens’ confidence in the Services Card and in the digital services that take advantage of the opportunities it creates. 2. Recommend principles and priorities for the design and implementa- tion of digital services and the next phase of the provincial identity management program to support the Province’s vision to save citizens’ time in their interaction with government and make it easier to access better quality services. From the White Paper: Designing the Digital Service Consultation 36 random from diversity of provinces met over 2 weekends to determine future policies of how tech should be used. In Conclusion: HOPE! Citizen Engagement for the British Columbia Services Card
In Conclusion: HOPE!
Opportunity that is NSTIC! Protect Anonymity and Pseudonymity Prevent Defense Industry Running ID In Conclusion: HOPE!
CREEPY NSA (and others) SPYING Rules for Lawful Intercept IN THIS BIGYELLOW BOX Where is NSTIC ? Not - SEXY Secrecy Not Resisting “the Man” In an Open Government Process - anyone can join. The results will become Tech+ policy and affect EVERYONE! DEFINING NORMATIVE RULES BUSINESS PRACTICES TECHNOLOGIES FOR EVERY DAY LIFE Citizen/Person - Gov Business - Consumer Business - Government Business - Business
Share your eMail with us. Join an NSTIC andVOTE Join an NSTIC Committee My blog has details - its a simple 15 step process :) Join Nym Rights! www.nymrights.org
Come to next Plenary: Florida at the Biometrics Conference Sept 17-19 www.idecosystem.org
Come to the next IIW last week of October :) Internet Identity Workshop
Questions + We posted a resource list identitywoman.net/hopex

Check these out next

Hope x talk

Recommended

More Related Content

Slideshows for you(20)

Similar to Hope x talk(20)

More from Kaliya "Identity Woman" Young(19)

Hope x talk