understanding the importance and impact of anonymity and authentication in a networked society
navigation menu top border

.:home:.     .:project:.    .:people:.     .:research:.     .:blog:.     .:resources:.     .:media:.

navigation menu bottom border
main display area top border

Call For Papers: Graduate Student Symposium @ NYU

posted by:Jeremy Hessing-Lewis // 01:58 PM // June 19, 2006 // Digital Activism and Advocacy | General | Walking On the Identity Trail

Identity and Identification in a Networked World: A Multidisciplinary Graduate Student Symposium

Increasingly, who we are is represented by key bits of information scattered throughout the data-intensive, networked world. Online and off, these core identifiers mediate our sense of self, social interactions, movements through space, and access to goods and services. There is much at stake in designing systems of identification and identity management, deciding who or what will be in control of them, and building in adequate protection for our bits of identity permeating the network.

The symposium will examine critical and controversial issues surrounding the socio- technical systems of identity, identifiability and identification. The goal is to showcase emerging scholarship of graduate students at the cutting edge of humanities, social sciences, artists, systems design & engineering, philosophy, law, and policy to work towards a clearer understanding of these complex problems, and build foundations for future collaborative work.

In addition to presenting and discussing their work, students will have the opportunity to interact with prominent scholars and professionals related to their fields of interest. The symposium will feature a keynote talk by Ian Kerr, Canada Research Chair in Ethics, Law & Technology at the University of Ottawa.

Submission Information:
We invite submissions on the function of identity, identifiability and identification in the following general areas:

# Media & communication: DRM systems, e-mail & instant messaging, discussion forums
# Online: Identity 2.0, web cookies, IP logging, firewalls, personal encryption
# Social interaction: online social networks, blogging, meetups
# Consumer culture: RFID product tags, reputational systems, commercial data aggregation
# Mobility: electronic tolls, auto black boxes, RFID passports, SecureFlight, V-ID cards
# Security: video surveillance, facial recognition, biometric identification systems, national ID cards

Please submit abstracts, position pieces, demos or full papers for a 10-15 minute presentation to michael.zimmer@nyu.edu by July 5, 2006. Include contact and brief biographical information with your submission. Notification of submission acceptance will be given by July 17, 2006. Limited travel stipends will be available for presenters. Students in need of travel funds should indicate so with their submission.


Program chairs:
Tim Schneider, JD student, New York University School of Law
Michael Zimmer, Ph.D. candidate, NYU Steinhardt Department of Culture & Communication
Faculty advisor: Helen Nissenbaum, NYU Steinhardt Department of Culture & Communication

New York University Coordinating Council for Culture and Communications, Journalism, and Media Studies
New York University, Steinhardt School, Department of Culture and Communication
New York University Information Law Institute
New York University School of Law

For more information, visit the Symposium's Site Here.

| Comments (1) |

Spread the Word -- Ottawa now hosts a "Copynight"

posted by:Ambrese Montagu // 10:14 AM // May 19, 2006 // Core Concepts: language and labels | Digital Activism and Advocacy | Digital Democracy: law, policy and politics | TechLife | Walking On the Identity Trail

Ottawa's first ever Copynight will be held at 6pm Tuesday May 23rd at The Royal Oak Pub (161 Laurier Avenue Eas, which is located on the north edge of the Ottawa University campus).

CopyNight is a monthly social gathering of people interested in restoring balance in copyright law. We meet over drinks once a month in many cities to discuss new developments and build social ties between artists, engineers, filmmakers, academics, lawyers, and many others. Everyone is welcome.

In future, Copynight's will be held on the 4th Tuesday of every month. To learn more or get on the mailing list, please email ottawa (at) copynight.org.

| Comments (0) |

Anti-Spyware Coalition: Public Workshop Part II

posted by:Jeremy Hessing-Lewis // 02:24 PM // May 16, 2006 // Commentary &/or random thoughts | Digital Activism and Advocacy | Surveillance and social sorting

Everyone should be happy to know that Microsoft and the Department of Homeland Security are looking-out for your personal privacy. They represent the so-called "international public-private cooperation" that is hard at work keeping your computer free from all kinds of scary threats.

Joe Jarzombek, the Director for Software Assurance in the Policy and Strategic Initiatives Branch of the National Cyber Security Division (phew), spoke of the DHS' efforts (see National Cybersecurity Division) to contain risks presented by a non-standard, outsourced supply chain. That's right, the threat isn't local, its from one of the "stans" or "anias." They've established a common directory of malware in order to standardize spyware definitions. They are also kindly offering a software assurance program so that the DHS can have a look at your code and make sure its alright.

Spyware is a serious threat to your privacy, but Microsoft and Homeland Security are doing their best to ensure that your personal information doesn't get into the wrong hands. Trust them.

While the FCC is pushing for their The Safe Web Act, it seems that the DHS is sitting pretty. Big business is openly sharing information with them and, in turn, they are sheltering big business from the public's prying eyes through "critical information protections". The key phrase that was left unspoken by all parties was "mandatory backdoors".

(By Ambrese and Jeremy HL)

| Comments (2) |

Anti-Spyware Coalition Public Workshop

posted by:Jeremy Hessing-Lewis // 10:41 AM // // Commentary &/or random thoughts | Digital Activism and Advocacy | Digital Democracy: law, policy and politics | Surveillance and social sorting | Walking On the Identity Trail

Jeremy HL and Ambrese reporting from the Anti-Spyware Coalition Public Workshop: Developing International Solutions for Global Spyware Problems. The Workshop has brought together an interesting mix of consumer advocates, anti-spyware vendors, regulatory agencies, and public interest groups.

Ari Schwartz, of the Center for Democracy and Technology, presented a survey of some of the harms of spyware including:
1. Identity Theft
2. Corporate Espionage
3. Domestic Violence
4. Extortion
5. Unfair and Deceptive Trade Practices
6. General Privacy Invasions

Although the connection may not be immediately obvious, the relationship between domestic violence and spyware is particularly interesting. Both Anne Mau, of lokk.dk, as well as Cindy Southworth, of the National Network to End Domestic Violence, spoke of how women in abusive relationships can be put under surveillance by their own computers. The monitoring becomes an additional method of asserting complete control. One example marketed as "lovespy" was deployed as a harmless greeting card that would then install key tracking software. This is especially dangerous when women are trying to find social support information or are organizing themselves to leave the relationship.

Ambrese investigated the support services related to spyware and domestic violence only to find that they remain totally inadequate. One support worker offered the helpful advice: "Don't use the Internet." CIPPIC will be hosting Cindy Southwark this week as she trains social service workers to deal with these issues.

Stay Tuned.

| Comments (0) |

Money's Nice, but Freedom's Nicer

posted by:Mohamed Layouni // 09:46 AM // November 10, 2005 // Digital Activism and Advocacy

Prominent technology companies such as Google, Yahoo, Cisco, and Microsoft, have been accused in the past of conspiring with repressive governments to trace dissident Internet users in countries where they operate. Reporters Without Borders, the human rights watchdog group, claims that such practices are driven by greed and done in pure pursuit of the almighty dollar. Recently, the watchdog group joined an alliance of researchers and investors to call on technology companies to "proclaim their commitment to freedom of expression", and stop betraying their customers...

For more, see the full Wired News article.

| Comments (0) |

On E-Government Authentication and Privacy

posted by:Stefan Brands // 01:40 PM // November 01, 2005 // Computers, Freedom & Privacy Conference (CFP) | Digital Activism and Advocacy | Digital Democracy: law, policy and politics | ID TRAIL MIX | Surveillance and social sorting | TechLife

Governments around the world are working to implement digital identity and access management infrastructures for access to government services by citizens and businesses. E-government has the potential of bringing major cost, convenience, and security benefits to citizens, businesses, and government alike. There are major architecture challenges, however, which cannot be solved by simply adopting modern enterprise architectures for identity management. Namely, these architectures involve a central server that houses the capability to electronically trace, profile, impersonate, and falsely deny access to any user. In the context of an e-government infrastructure, the privacy and security implications for citizens of such a panoptical identity architecture would be unprecedented.

By way of example, consider the implications of adopting the Liberty Alliance ID-FF architecture (the leading industry effort for so-called "federated" identity management) for e-government. The ID-FF describes a mechanism by which a group of service providers and one or more identity providers form circles of trust. Within a circle of trust, users can federate their identities at multiple service providers with a central identity provider. Users can also engage in single sign-on to access all federated local identities without needing to authenticate individually with each service provider. Liberty Alliance ID-FF leaves the creation of user account information at the service provider level, and in addition each service provider only knows each user under a unique “alias” (also referred to by ID-FF as “pseudonyms”). However, the user aliases in Liberty Alliance ID-FF are not pseudonyms at all: they are centrally generated and doled out by the identity provider, which acts in the security interests of the service providers.

While the Liberty Alliance ID-FF architecture may be fine for the corporate management of the identities of employees who access their corporate resources, it would have scary implications when adopted for government-to-citizen identity management. The identity provider and the service providers would house the power to electronic monitor all citizens in real time across government services. Furthermore, insiders (including hackers and viruses) would have the power to commit undetectable massive identity theft with a single press of a central button. Carving out independent “circles of trust” is not a solution: the only way to break out of the individual circle-of trust “silos” that would result would be to merge them into a “super” circle by reconciling all user identifiers at the level of the identity providers. This would only exacerbate the ID-FF privacy and security problems.

More generally, replacing local non-electronic identifiers by universal electronic identifiers has the effect of removing the natural segmentation of traditional activity domains; as a consequence, the damage that identity thieves can do is no longer confined to narrow domains, nor are identity thieves impaired any longer by the inherent slowdowns of a non-electronic identity infrastructure. At the same time, when the same universal electronic identifiers are relied on by a plurality of autonomous service providers in different domains, the security and privacy threats for the service providers no longer come only from wiretappers and other traditional outsiders: a rogue system administrator, a hacker, a virus, or an identity thief with insider status can cause massive damage to service providers, can electronically monitor the identities and visiting times of all clients of service providers, and can impersonate and falsely deny access to the clients of service providers.

On the legal side, the compatibility of modern enterprise identity architectures with data protection legislation and program statutes is highly questionable. Also, the adoption of enterprise identity architectures in the context of e-government would directly interfere with Article 8 rights under the European Convention on Human Rights. Specifically, any interference with privacy rights under Article 8 must do so to the minimum degree necessary. Enterprise identity architectures violate this requirement: far less intrusive means exist for achieving the objectives of e-government.

Specifically, over the course of the past two decades, the cryptographic research community has developed an array of privacy-preserving technologies that can be used as building blocks for e-government in a manner that simultaneously meets the security needs of government and the legitimate privacy and security needs of individuals and service providers. Relevant privacy-preserving technologies include digital credentials, secret sharing, private information retrieval, and privacy-preserving data mining.

By properly using privacy-preserving technologies, individuals can be represented in their interactions with service providers by local electronic identifiers. Service providers can electronically link their legacy account data on individuals to these local electronic identifiers, which by themselves are untraceable and unlinkable. As a result, any pre-existing segmentation of activity domains is fully preserved. At the same time, verifier-trusted authorities can securely embed into all of an individual’s local identifiers a unique “master identifier” (such as a random number). These embedded identifiers remain unconditionally hidden when individuals identify themselves on the basis of their local electronic identifiers, but their hidden presence can be leveraged by service providers for all kinds of security and data sharing purposes without introducing privacy problems. The privacy guarantees do not require users to rely on third parties - the power to link and trace the activities of a user across his or her activity domains resides solely in the hands of that user.

In the context of e-government, security and privacy are not opposites but mutually reinforcing, assuming proper privacy-preserving technologies are deployed. In order to move forward with e-government, it is important for government to adopt technological alternatives that hold the promise of multi-party security while preserving privacy.

For more information, interested readers are referred to my personal blog at www.idcorner.org.

| Comments (0) |

Handbook for Bloggers and Cyber-Dissidents

posted by:Alison Gardner Biggs // 02:21 PM // September 22, 2005 // Digital Activism and Advocacy

Reporters Without Borders has released a free Handbook for Bloggers and Cyber-Dissidents, downloadable as a PDF. Aimed at citizens in countries where media and expression are censored, the handbook gives tips and advice on how to remain anonymous and avoid censorship, and also gives practical tips for setting up and promoting a blog.

For commentary and a review of the handbook, check out the article at Global Voices.

| Comments (0) |


posted by:Ian Kerr // 07:21 PM // September 19, 2005 // Digital Activism and Advocacy

According to the organizers of an upcoming event at MIT, US citizens' digital and physical identities may be about to merge under a new US federal law that requires a standard federally controlled identity card.

Consequently, the MIT Media Lab and MIT E-Commerce Architecture Program are hosting a two part Real ID Forum that aims to explore. the Real ID Act of 2005 [which sets up a new federally controlled driver license that can be read by computers according to common national standards, raising many public policy, technical and business problems and prospects].

The first forum is on online discussion, facilitated by experts in the relevant fields, and taking place from Monday, September 19th at 3pm Eastern Time through Friday, September 23rd. It addresses Qs such as:

>Is the Real ID going to be a National Identity for the USA?
>Does it represent the ultimate convergence of physical identity cards and your digital log in?
>Are the privacy, civil liberties and administrative issues addressed adequately?
>How should the various competing interests surrounding implementation of the Real ID Act be balanced?

There will also be a face to face meeting, held at the MIT Media Lab in November, 2005.

To find out more information and to register for this free program, CLICK HERE

| Comments (0) |

The Privacy "Movement"

posted by:Marc Rotenberg // 11:29 PM // July 19, 2005 // Digital Activism and Advocacy

So, I am often asked whether there is a privacy "movement," like the environmental movement or the civil rights movement. The short answer is "no." Privacy is too diffuse, there are too many issues, and too much change to find the clear historical milestones and political achievements that helped to define earlier movements. Still, it is worth taking a moment to recognize some of the people who have had enormous success bringing public attention to privacy concerns. At the top of my list would be Simon Davies, the founder of Privacy International. It is hard to say exactly what makes Simon the brilliant organizer that he is. He is wonderful with the press, lacks pretense, and enjoys drinking with his friends when he is not battling Big Brother. Credit Simon with the ingenious Big Brother Awards and an extraordinary campaign taking place right now in Britain against the national ID card. Many international organizations have large budgets, fancy offices, and a decent cappuccino machine. Privacy International has Simon Davies, Gus Hosein, Dave Banisar, and a few other privacy stalwarts. If history is smart, it will side with them.

There are a lot of people I should know by name but I don't. I will say that when I sit down each year to review the draft of our annual Privacy and Human Rights report, I am struck by the courage and the decency of people all around the world who find a way to express their views about privacy, to join with others, and to make real political change. I think about teachers in South Korea who opposed a database on schoolchildren, activists in Peru who stopped the installation of camera surveillance, protesters in Germany who stood up against RFID, and local officials in Japan who objected to the creation of a national ID card.

Maybe there are many privacy movements. And maybe that is as it should be.

Good night. I'll be back tomorrow.


| Comments (1) | | TrackBack

Wired on Sousveillance

posted by:Marty // 09:22 AM // April 14, 2005 // Digital Activism and Advocacy | Walking On the Identity Trail

Kim Zetter has published this article at Wired on the sousveillance escapades of Steve Mann while he's attending CFP in Seatlle. For those familliar with souveillance [a word-play on the French words sur (over) and sous (under). The term essentially means watching the watchers], this article provides a glimpse of what On the Identity Trail's own Steve Mann has been up to...

He has designed a wallet that requires someone to show ID in order to see his ID. The device consists of a wallet with a card reader on it. His driver's license can be seen only partially through a display. And in order for someone to see the rest of his ID, they have to swipe their own ID through the card reader to open the wallet.

He also made a briefcase that has a fingerprint scan that requires the fingerprint of someone else to open it.

| Comments (0) | | TrackBack

Bloggers, spammers face clampdown

posted by:Jennifer Manning // 12:02 PM // March 16, 2005 // Digital Activism and Advocacy

An end to anonymous political speech? Australia plans to require bloggers and spammers to put their names to political commentary.

Australia's electoral laws force publishers of any electoral material to identify a person who agrees to authorise the content, and plans to extend them to apply to the Internet.

Click here for the article.

| Comments (0) |


posted by:Ian Kerr // 04:15 PM // January 21, 2005 // Digital Activism and Advocacy | Digital Identity Management | TechLife

just before the winter break, a few of us from on the identity trial and cippic were contacted by folks at ciphire labs about a new crypto product that sounded too good to be true.

ciphire mail, "a new and soon-to-be-open-source application," promises strong and user-friendly e-mail authentication and encryption.

in addition to promising to release the source code, ciphire is free for individual users, nonprofit organizations and the press. it is used in conjunction with standard e-mail programs and operates almost invisibly in the background, encrypting and decrypting e-mail and digitally signing each message to confirm its source.

i have been using it, seamlessly, for about a month now and like it very much! the folks at ciphire have been very generous with us and have provided excellent service and support (though there really isn't much to support, once up and running!!)

for those who might be interested in reading further on this, check out this interesting story on ciphire in wired from yesterday.

| Comments (0) |

main display area bottom border

.:privacy:. | .:contact:.

This is a SSHRC funded project:
Social Sciences and Humanities Research Council of Canada