digital identity 2.0: how technology is transforming behaviours and raising citizen expectations


Published on

My talk from the Digital ID World conference (part of Cards and Payments hosted by Terapinn) in Sydney on 29 March 2011

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

digital identity 2.0: how technology is transforming behaviours and raising citizen expectations

  1. 1. digital identity 2.0 how technology is transforming behaviours and raising citizen expectations Patrick McCormick Manager Digital Engagement Department of Justice Victoria Digital ID World Sydney 29 March 2011 Unless indicated otherwise, content in this presentation is licensed:
  2. 2. digital identity 2.0 how technology is transforming behaviours and raising citizen expectations <ul><li>we are here now </li></ul><ul><li>the times , they are a- changin </li></ul><ul><li>silos and shoe boxes </li></ul><ul><li>rebooting digital identity </li></ul>
  3. 3. 1. we are here now M ap of Online Communities 2010: Randall Munroe/xkcd, Ethan Bloch/Flowtown
  4. 4. Australians mostly prefer the web (AGIMO: Australia in the Digital Economy, 2009 )
  5. 5. and are spending more time online <ul><li>according to comScore’s State of the Internet 2010 </li></ul><ul><li>18.8 hours per month online on average </li></ul><ul><li>36.3% used Apple iTunes </li></ul><ul><li>42.6% used online banking services </li></ul><ul><li>81.6% used social networks </li></ul>
  6. 6. exponential growth of social media
  7. 7. public sector social media approach
  8. 8. Department of Justice social media policy
  9. 9. citizen expectations are changing <ul><li>3 types of expectations - Charlie Leadbeater </li></ul><ul><li>I need – essential services government must provide </li></ul><ul><li>I want – discretionary services responding to demand </li></ul><ul><li>I can – option to self select, participate, co-produce </li></ul><ul><li>why now? </li></ul><ul><li>Internet 1.0 – low or no cost production and distribution </li></ul><ul><li>netizens 1.0 – surplus computing and doing capacity </li></ul><ul><li>web 2.0 - new tools, behaviours , expectations </li></ul>
  10. 10. the Internet has something to do with it <ul><li>compact yet immense, a ‘small world’ </li></ul><ul><li>10x growth adds ‘one hop’ </li></ul><ul><li>growth is organic and ad hoc </li></ul><ul><li>power law distribution </li></ul><ul><li>mostly below and above the mean </li></ul><ul><li>few with many links </li></ul><ul><li>many with few links </li></ul>In Search of Jefferson’s Moose - David G. Post <ul><li>power law distribution </li></ul><ul><li>mostly below and above mean </li></ul><ul><li>few with many links </li></ul><ul><li>many with few links </li></ul>
  11. 11. the public sector is evolving <ul><li>20th century administrative bureaucracy </li></ul><ul><li>new public management - performance </li></ul><ul><li>triple bottom line - shareholders and stakeholders </li></ul><ul><li>co-productive , shared enterprise </li></ul>read-only rigid, prescriptive, hierarchical read-write agile, principled, collaborative
  12. 12. so what is Gov 2.0 all about? <ul><li>the new economy begins with technology and ends with trust </li></ul><ul><li>- Alan Webber 1993 </li></ul>web 2.0 Gov 2.0 government
  13. 13. what implications for the public sector? public sector public policy
  14. 14. need to go back to first principles public sector public policy
  15. 15. Gov 2.0 is not about technology public purpose trust
  16. 16. but Gov 2.0 is powered by technology citizens internet government PSI technology
  17. 17. Gov 2.0 begins with public purpose and ends with trust technology citizens government PSI internet public purpose trust
  18. 18. what does this mean for government ? <ul><li>a new approach </li></ul><ul><li>share (not cede) power, when and where appropriate </li></ul><ul><li>maintain authority in old and new models </li></ul><ul><li>moving from a PDF to a Wiki approach </li></ul><ul><li>key components </li></ul><ul><li>culture of experimentation and collaboration </li></ul><ul><li>open access to public sector data and information </li></ul><ul><li>voice of authenticity, uncertainty and contestability </li></ul>
  19. 19. an emerging policy platform <ul><li>Victoria </li></ul><ul><li>parliamentary inquiry into PSI </li></ul><ul><li>VPS innovation action plan </li></ul><ul><li>government response on PSI </li></ul><ul><li>government 2.0 action plan </li></ul><ul><li>Commonwealth </li></ul><ul><li>Gov 2.0 Taskforce report </li></ul><ul><li>APSC online engagement guidelines </li></ul><ul><li>declaration of open government </li></ul>
  20. 20. 3. the times , they are a- changin
  21. 21. the Wikileaks ‘age of transparency’ <ul><li>“ information wants to be free” </li></ul>- Stewart Brand at first Hackers' Conference in 1984
  22. 22. public policy challenge perception is reality <ul><li>United States Social Security Administration </li></ul><ul><li>pioneering late 90s initiative move services online </li></ul><ul><li>users query retirement accounts – same as phone </li></ul><ul><li>backlash against perceived privacy and security risks </li></ul>
  23. 23. from CCTV state to peer to peer surveillance Banksy
  24. 24. many people choose to make some personal information public
  25. 25. analysing our book purchases to predict future reading
  26. 26. scanning our music and video collections to make recommendations
  27. 27. 175,398 friends like Queensland Police
  28. 28. supporting community role and establishing trusted, authentic new presence
  29. 29. active communication with citizens
  30. 30. exceeding expectations by following up
  31. 31. building trust through an open exchange
  32. 32. going where people are to get information out <ul><li>(9,300 fans) x (average of 150 friends) = 1,209,000 people </li></ul>
  33. 33. people want to help and government is well placed to facilitate
  34. 34. seeking citizen input , educating interactively
  35. 35. mobile apps enable citizens to help themselves and their neighbors
  36. 36. Victoria Police serve intervention order on FB
  37. 37. 2. silos and shoe boxes
  38. 38. the current state of digital identity and personal information sharing individuals third parties our data public bodies suppliers identifiers identifiers claims, assertions interactions transactions entitlements service end points name address date of birth gender circumstance assets, liabilities preferences peer to peer interactions future intentions central government local government banks, utilities retail, products, services postal address electoral role geo-codes calendar marketing credit bureau credit applications court judgments bankruptcies vehicle data Source: TVC 2002 guesswork: your preferences your requirements your intentions
  39. 39. tackling either technology or policy challenging enough low medium medium high technology sophistication policy/services breadth
  40. 40. mostly simple identity solutions low medium medium high technology sophistication policy/services breadth
  41. 41. some more advanced in one dimension low medium medium high technology sophistication policy/services breadth
  42. 42. few solutions advance in both dimensions low medium medium high technology sophistication policy/services breadth
  43. 43. Australia’s tyranny of resistance <ul><li>NO universal identifying number </li></ul><ul><ul><li>TFN, Medicare number, state driver's license </li></ul></ul><ul><li>1987 - Australia Card abandoned </li></ul><ul><li>2007 - Access Card abandoned </li></ul><ul><ul><li>Medicare, Centrelink, CSA, Veterans Affairs </li></ul></ul><ul><li>exploring electronic ID – AFR 5 Oct 2010 </li></ul><ul><li>National Authentication Service for Health (Nash) 2011 </li></ul><ul><ul><li>improve security of electronic health communications, </li></ul></ul><ul><ul><li>underpin personally-controlled e-health records </li></ul></ul>
  44. 44. RSA authentication leaks <ul><li>token generates new security code every 60 sec </li></ul><ul><li>two factor authentication - PIN and dynamically generated code </li></ul><ul><li>victim of “extremely sophisticated cyber attack” </li></ul><ul><li>potential impact : Departments of Defence, Prime Minister and Cabinet and Treasury, Crimtrac and Australian Electoral Commission </li></ul>21 March 2011
  45. 45. pubs fight violence with biometrics <ul><li>biometrics databases capture patron fingerprints, photos, and scanned driver licenses </li></ul><ul><li>individuals banned at one location could be refused entry in multiple venues </li></ul>Source: 1 Feb 2011 <ul><li>databases free from regulation - biometrics not covered by privacy laws i.e. left to discretion of technology vendors </li></ul>
  46. 46. Americans also resist national IDs <ul><li>government will enable creation of verified identities, to support “identity ecosystem” </li></ul><ul><li>getting verified identity will be elective </li></ul><ul><li>user would be able to use one login for all sites </li></ul>“ We are not talking about a national ID card. What we are talking about is enhancing online security and privacy, and reducing and perhaps even eliminating the need to memorize a dozen passwords, through creation and use of more trusted digital identities.” Commerce Secretary Gary Locke – Jan 2011 <ul><li>NO universal identifying number – SSN de facto national ID </li></ul>
  47. 47. Hong Kong makes everyday life easier <ul><li>world’s first contactless smart card system – 1997 </li></ul><ul><li>payment system used for virtually all public transport </li></ul><ul><ul><li>and convenience stores, supermarkets, restaurants, parking meters, car parks, service stations and vending machines </li></ul></ul><ul><li>used by 95% of Hong Kong population aged 16 to 65 </li></ul><ul><li>over 11M transactions worth over US$12.8M – every day </li></ul>
  48. 48. Estonia’s citizen centric digital ID
  49. 49. 4. rebooting digital identity Source: LinkedIn
  50. 50. what is digital identity? <ul><li>mediating experience of own identity and of other people </li></ul><ul><li>authentication of trust-based attribution, providing codified assurance of identity of one entity to another </li></ul><ul><li>identifiers used by parties to agree on entity being represented </li></ul><ul><li>self-determination and freedom of expression - a new human right? </li></ul>Source:
  51. 51. digital identity and the freedom to be… <ul><li>unidentified </li></ul><ul><li>pseudonymous </li></ul><ul><li>identified </li></ul>
  52. 52. virtues of forgetting in a digital age <ul><li>2011 EU data protection goals include clarifying right to be forgotten </li></ul><ul><li>i.e. right of individuals to have their data deleted when no longer needed for legitimate purposes </li></ul>“ Regulating the Internet to correct the excesses and abuses that come from the total absence of rules is a moral imperative!” French President Sarkozy
  53. 53. making the case for user control The UK Conservative Party Manifesto – Apr 2010 World Economic Forum: Rethinking Personal Data Project – Jun 2010 The Economist Special Report: the Data Deluge – Feb 2010 This ‘data vault’ concept, an intermediary collecting user data and giving 3 rd parties access to this data in line with individual users’ specifications, is one potential solution that offers many theoretical advantages Rather than owning and controlling their own personal data, people very often find that they have lost control over it. Wherever possible we believe that personal data should be controlled by individual citizens themselves.
  54. 54. federated social networks <ul><li>leading federated social network software open-source so anyone can re-use code to create and maintain profiles </li></ul><ul><li>common language so profiles can talk to one another </li></ul><ul><li>choose from array of &quot;profile providers” like email providers </li></ul><ul><li>option to set up own server, provide own social profile </li></ul><ul><li>profiles are interoperable even on different servers </li></ul>
  55. 55. trust frameworks <ul><li>U.S. Government sites require certification system enabling party accepting credential to trust identity, policies of issuing party credential </li></ul><ul><li>OIX is first Open Identity Trust Framework provider </li></ul><ul><ul><li>Open Identity Exchange founded by Google, PayPal, Equifax, VeriSign, Verizon, CA and Booz Allen Hamilton in 2010 </li></ul></ul><ul><ul><li>enables exchange of credentials across public and private sectors to certify identity providers to federal standards </li></ul></ul><ul><ul><li>different from OpenID which lets sites share same credentials </li></ul></ul>Source:
  56. 56. personal data stores <ul><li>individuals as data managers – user control and choice </li></ul><ul><li>lower costs and new opportunities for organisations </li></ul><ul><li>environment of trust and platform for innovation </li></ul>Source: MyDex, The Case for Personal Information Empowerment: The rise of the personal data store
  57. 57. digital identity 2.0 – emerging principles <ul><li>one size does not fit all </li></ul><ul><li>support for different types of identity </li></ul><ul><li>privacy & security expectations vary </li></ul><ul><li>maximise user control and choice </li></ul><ul><li>trusted relationships critical </li></ul><ul><li>information may need expiration date </li></ul>
  58. 58. digital identity 2.0 how technology is transforming behaviours and raising citizen expectations <ul><li>we are here now </li></ul><ul><li>the times , they are a- changin </li></ul><ul><li>silos and shoe boxes </li></ul><ul><li>rebooting digital identity </li></ul>
  59. 59. Patrick McCormick [email_address] @solutist IS Parade
  60. 60. re-using this presentation? the fine print… <ul><li>Parts of this presentation not under copyright or licensed to others (as indicated) have been made available under the Creative Commons Licence 3.0 </li></ul><ul><li>Put simply, this means: </li></ul><ul><ul><li>you are free to share, copy and distribute this work </li></ul></ul><ul><ul><li>you can remix and adapt this work </li></ul></ul><ul><li>Under the following conditions </li></ul><ul><ul><li>you must attribute the work to the author: </li></ul></ul><ul><ul><ul><li>Patrick McCormick ( or ) </li></ul></ul></ul><ul><ul><li>you must share alike – so if you alter or build upon this work you have to keep these same conditions </li></ul></ul><ul><li>Unless stated otherwise, the information in this presentation is the personal view of the author and does not represent official policy or position of his employer </li></ul>