Donate
Getting to “Better” – Reflecting on Ongoing Privacy and Identity Work Thumbnail
‹ Back
Identity 19 June 2015

Getting to “Better” – Reflecting on Ongoing Privacy and Identity Work

Robin Wilton
By Robin WiltonSenior Advisor for Internet Trust

A couple of days ago, Christine Runnegar outlined all the Internet Security conferences, events, and activities happening this month related to Internet security. Today, I’d like to share some perspective on the work happening within the identity and privacy communities. In the last 18 days, I’ve been lucky enough to take part in conferences which brought together some of the most interesting specialists in these areas – from the UN’s WSIS+10 forum in Geneva, to Forgerock’s Identity Conference in the Bay Area, to Ping Identity’s Cloud Identity Summit in San Diego. Logistics aside, it was a valuable chance to hear about the state of the art, to experience the scope and breadth of this sector, and to reflect on how our thinking should adapt to the ever-changing circumstances of digital identity. I’ll be following up with some more detailed posts on specific topics, but in the meantime, here’s the high-level summary.

  • Identity and privacy could not be more central to the work of the commercial and public sectors. We knew that already, of course, but as a foundational truth, it’s just getting stronger.
  • In parallel, identity and privacy reach into our lives, as citizens and consumers, in ever-increasing depth and intimacy. Again, we know that, but the Internet of Things is about to introduce exponential growth in scale and detail.
  • The online world is so immersive that we sometimes don’t notice the pace of incremental change… then we look up and find that everything has changed except our mental model of how things work.

At one level, I was reassured that the Internet Society’s work on identity and privacy, as key trust factors in the Internet, aligns so well with the technical direction of travel. We’re working on topics like:

  • User consent and control, in the disclosure of personal data
  • User choice in the selection of identity providers
  • The ethics and user experience of privacy
  • Integrity and security of the Internet infrastructure

And we’re engaging at several points in the life-cycle: in standardisation (with the IETF, the W3C, Kantara, OASIS and others), in policy-making (at the IGF, WSIS, the OECD, the European Commission, the Council of Europe and elsewhere); in awareness-raising, through our own regional bureaux and chapters, and in deployment, with projects like ToSback/2, UnitedID and Cryptech.

Our topics were reflected in so much of the technical and deployment work showcased over the last couple of weeks; here’s a fly-by of just some of what I saw:

  • Breaking new ground on consent receipts, user-controlled data sharing, identity relationship management, at Kantara, Gluu and elsewhere
  • Evolving the infrastructure for stronger authentication, with Yubico, Feitian, FIDO/U2F, SecureKey, etc.
  • Building assurance, through US and UK programs for identity assurance, and related work by NIST, Confyrm, national and regional governments
  • Adapting identity and privacy to the Internet of Things, with all that it brings in terms of scale and pervasiveness
  • … and much, much more.

At another level, though, it’s impossible not to be somewhat awed by the scale of work going on, the pace of change, and the work ahead of us. Here’s another foundational truth:

Our work is not about getting to “finished”; it’s about getting to “better”.

We find problems, we take a crack at them, and we succeed to some degree. But in doing so, we change the nature of the problem, the world around us moves on, and next time we look, our solution is no longer the best we could do. So we iterate again. Solving the privacy problem for browsers is not the same as solving it for mobile apps, or for embedded systems, or for smart objects. Each set of solutions opens up new possibilities, and exposes a new set of problems to fix.
That’s why I think it’s so important, occasionally, to have the opportunity to take stock and update our own preconceptions. After all, as Ferris Bueller so wisely observed:

“Life moves pretty fast. If you don’t stop and look around once in a while, you could miss it.”

‹ Back

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

ISOC has goals at TNC18
ISOC has goals at TNC18
Deploy36011 June 2018

ISOC has goals at TNC18

This week is TNC18, the largest European research and education networking conference, which is being held at the Lerkendal Stadium...

NDSS Gathers Top Researchers to Discuss Internet Security Issues
NDSS Gathers Top Researchers to Discuss Internet Security Issues
Building Trust5 February 2015

NDSS Gathers Top Researchers to Discuss Internet Security Issues

The 2015 Network and Distributed System Security Symposium (NDSS) is just a few days away, happening from 8-11 February in...

INET Trinidad & Tobago Covers IPv6, DNSSEC, Privacy, IXPs, CyberSecurity, and More This Week
INET Trinidad & Tobago Covers IPv6, DNSSEC, Privacy, IXPs, CyberSecurity, and More This Week
Domain Name System Security Extensions (DNSSEC)6 October 2014

INET Trinidad & Tobago Covers IPv6, DNSSEC, Privacy, IXPs, CyberSecurity, and More This Week

This week, we are organizing INET Trinidad & Tobago, on 8-9 October 2014. The Telecommunications Authority of Trinidad & Tobago...

Join the conversation with Internet Society members around the world