Friday, February 19, 2010

THE REGULATORY FUTURE OF DIGITAL IDENTITY - WORKSHOP REPORT



The workshop opened with an Introduction by Rowena Rodrigues. The aims of the workshop were elaborated: first, to facilitate and broaden the understanding of the complexities and issues prevalent in the interplay between digital identity, its technologies, law and policy and second, to explore the regulatory future of digital identity with experts from the legal, technical and policy domains. Introductions followed.

Session 1 (0945 -1050) was led by Mr Burkhard Schafer (Senior Lecturer in Computational Legal Theory School of Law, University of Edinburgh). The title of his talk was, “Deceptively Simple – Deception, Identity and Culture.” Schafer talked about the complex interactions between deception and identity, which are two sides of the same coin. That deception and identity have a strong connection with culture, is another point Schafer made. What is permissible in one culture in relation to identity and deception is not permissible in another. Schafer used British and Indian legendary examples to make his point – like that of Uther Pendragon, the father of King Arthur and the Blue Jackal respectively, both of which illustrate how identity and deception are used in interpersonal and social relationships, and the consequences of the use of identity and deception. The fact of deception largely depends on the observer’s perspective. The creative aspects of deception are evident in evolution and the natural world. In specific relation to digital identity, Schafer spoke about the law of agency and electronic agents and deceptive practices connected therewith. How and should deception be employed in electronic agency, should agents be taught how to lie, should there be a right to know the true identity of an entity (whether an entity is an agent or a robot) were some of the questions Schafer raised.

In Session 2 (1100 -1145), Professor Lilian Edwards (Professor of Internet Law at Sheffield University), spoke about “Who am I, Avatar? Protecting Digital Identities Online and Offline.” This session was interspersed with identity examples from popular culture, mainly the media of cinema and television like Jake Scully and his avatar from the movie Avatar, and Dr Who. Edwards explained that there was a straddling of online and offline digital identities, and the merging of the essentialist and non-essentialist selves. Digital identity was more and more coming to be about digital presence. In addition to simultaneous digital identities, Edwards explained that there can be non-simultanoeus digital identities like that of Jake Scully and his Avatar in the movie ‘Avatar’ – such identities were those one transferred from and into and occupied, one at a time. She also laid stress on the immersive effects of digital identities. She also talked about how digital identities could be sequential in nature (using the example of in Dr Who of how the tenth doctor transforms into the eleventh doctor). This session also explored how law regulates digital identity through intellectual property law like trademarks, copyright and personality rights. Edwards felt these were largely ineffective in protecting a digital identity subject as they often did not give the identity subject many rights to their identity, rather mainly enabled intellectual property owners to protect their rights in their intellectual property. Edwards then ventured into privacy and reputation based protection of identity (libel), particularly in the light of the Firsht case [Applause Store Productions Ltd & Firsht v Raphael. Case Reference [2008] EWHC 1781 (QB)]. In regards the regulatory future of digital identity, Edwards queried whether future trends would show increasing support for single essentialist identities or multiple distributed identities.

A refreshments break followed (1145 – 1200).

Session 3 (1215 -1300) focussed on “Whether human rights law in the digital age needs an extra right to identity or would the privacy right do?” Professor Paul de Hert (Professor of Law at the Faculty of Law and Criminology of Vrije Universiteit Brussel), talked about the right to identity – a right he had proposed to deal with “the Internet of things.” De Hert favoured the creation of a new human right to identity, incorporating ipse and idem elements of identity, which he felt was a good instrument to stress governmental duties in relation to protecting individual identities. A new right to identity can complement the existing human rights apparatus and help balance the different stakeholder interests at stake. De Hert strongly opined that even though the conceptualisation of such a right was fraught with difficulties, identity was a high quality tool of making democracy work.

Lunch ensued.

Session 4 (1415-1530) was taken up by Mr Caspar Bowden (Chief Privacy Adviser for Microsoft in Europe, Middle-East and Africa). Bowden talked about “Privacy Engineering meets Law: The Case of U-Prove Minimum Disclosure Tokens, Data Protection and the ECHR.” Bowden talked about the technical aspects of identity - identity management. He introduced some traditional identity management technologies like public key infrastructure (PKI) before introducing the concept of anonymous credentials or minimum disclosure tokens, Caspar talked about Microsoft’s implementation of minimum disclosure tokens - U-Prove technology. Caspar opined that there is sufficient basis for the use of privacy enhancing technologies (PETS) like U-Prove in the European Convention of Human Rights. More vitally, he proposed a way forward in terms of the regulatory future of digital identity in terms of three specific measures – regulating data mining, regulating specific legal conditions under which persons can be recognised digitally without their consent and finally, building systems around subject access.

Session 5 (1530-1630) was led by Professor Charles Raab (Professor Emeritus in the department of Politics and International Relations and Honorary Professorial Fellow School of Social and Political Science, University of Edinburgh). Raab’s talk, titled, “Privacy Principles for Identity Management: A Regulatory Solution,” delved into Scotland recently proposed policy solution to digital identity management in the public sector – the Privacy and Identity Management Principles. These principles, recently opened for consultation (now closed) are aimed at PSO’s (public sector organisations) in Scotland to guide them in privacy and identity management. These principles, Raab outlined would help do away with the problems of “tunnel vision of data security,” bring about greater data transparency, promote good data practices and help data grievance redressal.

All sessions were interactive sessions with every session averaging 15 minutes of discussion time. Rowena Rodrigues summarised the day in the plenary session and called for future collaboration in terms of future activities and dissemination. The day ended with networking teas and coffees.