understanding the importance and impact of anonymity and authentication in a networked society
navigation menu top border

.:home:.     .:project:.    .:people:.     .:research:.     .:blog:.     .:resources:.     .:media:.

navigation menu bottom border
main display area top border

In summary...(The Economist's Technology Quarterly)

posted by:Jeremy Hessing-Lewis // 03:06 PM // March 15, 2007 // Commentary &/or random thoughts | General | Walking On the Identity Trail

This blog, at its best, can be an excellent distillery. As part of a multidiscilplinary project, the idea is to influence each other by sharing incremental developments in our respective fields. Unfortunately, time constraints often narrow our academic focus down to headlines. This academic gap is mended by forced confrontation during workshops and conferences. The blog operates in-between these encounters as a distillery producing a palatable exchange of soundbytes. In light of this raison d'etre (accents are difficult in MovableType), let me offer a distilled techno-update drawn from The Economist's Technology Quarterly.

The full report is available HERE. Distilling after the jump....

1. Call and response
Next generation call-centres with sophisticated "speech analytics" to be deployed as chatbots.

Dr Brahnam has also found that the appearance of the chatbot's on-screen persona, or avatar, has signficiant impact on how much abuse is leveled at it. "My study showed that you get more abuse and sexual cooments with a white female compared with a white male," she says. Black female avatars were the most abused of all.

2. Working the crowd
New start-ups allow for users to install tracking software that tracks online habits. This information can then be sold through a data market with a commission going to the software vendor. This is essentially Google's business model but for entrepreneurial individuals.

In effect, Google users trade personal information in return for free use of Google's online services. But some people think this is a bad deal. They think the personal information is worth far more than the services that Google and others offer in return. Seth Goldstein, a serial entrepreneur based in San Francisco, believes that the personal information contained in users' click trails, online chats and transactions is something they ought to take hold of and sell themselves, generating direct payback. “Attention is a valuable resource, and we're getting to the point where it can be parsed in real time,” he says. So he has co-founded a new venture called AttentionTrust.

3. Big brother just wants to help
Government agencies applying data mining techniques to improve the delivery of public services.

Dr Paul Henman from the University of Queensland, who has written extensively on the subject, raises a rather more philosophical objection to government data-mining: that the technology starts to transform the nature of government itself, so that the population is seen as a collection of sub-populations with different risk profiles—based on factors such as education, health, ethnic origin, gender and so on—rather than a single social body. He worries that this undermines social cohesion.

4. Go with the flow
Mobile photo data is being used to map human activitiy in urban centres.

WHERE is everybody? Being able to monitor the flow of people around a city in real time would provide invaluable information to urban planners, transport authorities, traffic engineers and even some businesses. Bus timetables could take account of hourly or daily variations; advertisers would be able to tell which billboards were most valuable.

5. How touching
How haptic (touch) technology is being deployed on consumer electronics. Get your minds out of the gutter, this article is mostly about mobile phones (see e.gl. iPhone).

Dr Hayward's idea is that such switches could be used to convey information to the user without the need to look at the device. Skin stretch could be used to present the tactile equivalent of icons to the user, rather like a simple form of Braille.

6. What's in a name?
Bureaucratic glitches arising from converting foreign languages. This is in itself a matter of national security. Software is being applied to databases that "enriches" the names with cultural information.

Credit-card companies use the software to spot recidivists applying for new cards under modified names. (Names are cross-referenced with addresses, dates of birth and other data.) Developers and users are hesitant to discuss costs. But OMS Services, a British software firm, says government agencies pay a lot more than commercial users, who pay about $50,000 for its NameX programme.

7. Watching the web grow-up
Sir Tim Berners-Lee's three trends to watch (beyond the hype of Web 2.0): 1)mobile devices, 2)technology's growing social and political impact, 2)the semantic web.

These examples may not sound like a revolution in the making. But doubters would do well to remember the web's own humble origins. In 1989 Sir Tim submitted a rather impenetrable document to his superiors at CERN, entitled “Information Management: A Proposal”, describing what would later become the web. “Vague but exciting” was the comment his boss, the late Mike Sendall, scribbled in the margin.

| Comments (0) |

Username and Password: Repeat ad infinitum

posted by:Jeremy Hessing-Lewis // 07:22 PM // March 03, 2007 // Commentary &/or random thoughts | Digital Identity Management | General | TechLife | Walking On the Identity Trail

The Globe's Ivor Tossel has a nice little piece on online identity management entitled: Who do you want to be?.

Tossel writes:

It's a problem that's older than the Web itself. One of the Internet's basic weaknesses is that there's no central way of keeping track of who you are. In real life, we have one identity that we take everywhere (it's the one on your passport, assuming you can get one these days). But there's no virtual passport in cyberspace: People change names online more often than they change underpants. Every time you go to a new website, you have to start the process of identifying yourself all over again.

Interestingly, I spent 45 minutes trying to find my username and password so that I could login to make this blog post.

I also broke my usual prohibition on reading comments and was delighted by the following reader wisdom:

B H from Toronto, Canada writes: 'It's not a bug, it's a feature.'

Well said my friend.

| Comments (0) |

EPIC Contributions

posted by:Jeremy Hessing-Lewis // 11:46 AM // February 06, 2007 // Commentary &/or random thoughts | Digital Identity Management | General | Walking On the Identity Trail

Three IDTrail students have recently returned from an EPIC retreat in Washington, D.C. The 2nd year law students, Jena McGill, Felix Tang, and myself (Jeremy HL), completed a January term internship at the Electronic Privacy Information Center (EPIC) where they completed Freedom of Information Act requests, electronic privacy news updates, and a passionate yet well-reasoned comment to the FTC on Identity Theft.

The comment borrows an analysis from the environmental movement and argues that the costs of identity theft should be internalized upon data collectors through technology investments and reductions in overall data collection. A complete copy of our comments is available for download HERE.

| Comments (0) |

We Have the Technology

posted by:Jeremy Hessing-Lewis // 03:48 PM // July 10, 2006 // Commentary &/or random thoughts | General | TechLife | Walking On the Identity Trail

Said the Gramophone, a particularly good MP3 blog, has posted a copy of We Have the Technology by Peter Ubu. I'll leave the explaining to the Gramophone, but I believe that this song is perfectly relevant to the IDTrail project.


| Comments (0) |

Call For Papers: Graduate Student Symposium @ NYU

posted by:Jeremy Hessing-Lewis // 01:58 PM // June 19, 2006 // Digital Activism and Advocacy | General | Walking On the Identity Trail

Identity and Identification in a Networked World: A Multidisciplinary Graduate Student Symposium

Increasingly, who we are is represented by key bits of information scattered throughout the data-intensive, networked world. Online and off, these core identifiers mediate our sense of self, social interactions, movements through space, and access to goods and services. There is much at stake in designing systems of identification and identity management, deciding who or what will be in control of them, and building in adequate protection for our bits of identity permeating the network.

The symposium will examine critical and controversial issues surrounding the socio- technical systems of identity, identifiability and identification. The goal is to showcase emerging scholarship of graduate students at the cutting edge of humanities, social sciences, artists, systems design & engineering, philosophy, law, and policy to work towards a clearer understanding of these complex problems, and build foundations for future collaborative work.

In addition to presenting and discussing their work, students will have the opportunity to interact with prominent scholars and professionals related to their fields of interest. The symposium will feature a keynote talk by Ian Kerr, Canada Research Chair in Ethics, Law & Technology at the University of Ottawa.

Submission Information:
We invite submissions on the function of identity, identifiability and identification in the following general areas:

# Media & communication: DRM systems, e-mail & instant messaging, discussion forums
# Online: Identity 2.0, web cookies, IP logging, firewalls, personal encryption
# Social interaction: online social networks, blogging, meetups
# Consumer culture: RFID product tags, reputational systems, commercial data aggregation
# Mobility: electronic tolls, auto black boxes, RFID passports, SecureFlight, V-ID cards
# Security: video surveillance, facial recognition, biometric identification systems, national ID cards

Please submit abstracts, position pieces, demos or full papers for a 10-15 minute presentation to michael.zimmer@nyu.edu by July 5, 2006. Include contact and brief biographical information with your submission. Notification of submission acceptance will be given by July 17, 2006. Limited travel stipends will be available for presenters. Students in need of travel funds should indicate so with their submission.


Program chairs:
Tim Schneider, JD student, New York University School of Law
Michael Zimmer, Ph.D. candidate, NYU Steinhardt Department of Culture & Communication
Faculty advisor: Helen Nissenbaum, NYU Steinhardt Department of Culture & Communication

New York University Coordinating Council for Culture and Communications, Journalism, and Media Studies
New York University, Steinhardt School, Department of Culture and Communication
New York University Information Law Institute
New York University School of Law

For more information, visit the Symposium's Site Here.

| Comments (1) |

Surveillance Goes Mainstream

posted by:Jeremy Hessing-Lewis // 02:02 PM // June 14, 2006 // Commentary &/or random thoughts | General | Surveillance and social sorting | Walking On the Identity Trail

While researching how the major telcos are bundling their products, I was somewhat surprised to see that Telus has now added retail sales of consumer surveillance products to its online store. There are at least three immediate observations to be made about this development.

1. Web-based video surveillance is now mainstream. While similar products have been available for years, Linksys (a division of Cisco Systems) is a major market player with a variety of high-volume retail distributors. Telus is also prominently marketing these products through the main products page of their online store.
2. Web-based video surveillance is easy to use. Unlike the James Bond surveillance of years past, the Linksys models are ready to run out of the box. According to the product description, the Wireless G Video Camera contains its own web-server and does not require a computer. Just provide power and a nearby wireless network connection and the camera will stream live video (with sound) straight to any web-browser. For mobile monitoring, the camera can notify a cell-phone, pager, or e-mail address whenever the motion sensor is triggered. When operating in "Security Mode," the camera can be configured to send short video clips to up to 3 e-mail addresses.

3. Web-based video surveillance is cheap. Telus offers two models. The cheaper version retails for $99.95 and contains all the basic functionality. For $274.95, the deluxe version includes a motion sensor and microphone.

Such products will likely have significant privacy implications. Their ease-of-use and low-cost will allow a much broader market of users than have previous versions. It is foreseeable that many of these users will devise illicit uses beyond the "home monitoring" described by Telus. As these products continue to shrink in size and wireless capabilities improve, the threat is only likely to increase.

We are left with the recurring question: Does the democratization of surveillance equipment present a threat?

One might argue, as has Steve Mann with the concept of sousveillance, that providing such tools to citizens counterbalances the powers of otherwise one-sided surveillance. I consider this to be somewhat of a "right to bear arms" argument and am forced to wonder whether such a state is at all desirable. Are many weapons preferable to a single weapon?

In contrast, one might also see Telus' foray into video surveillance as part of the surveillance "arms race" that will inevitably be a race to the bottom (the always enjoyable skeptic's position).

Alas, I fear this moral debate will only be resolved by the great oracle of our time... the market.

| Comments (1) |

Flying sans ID

posted by:Jeremy Clark // 03:02 PM // June 11, 2006 // Walking On the Identity Trail

Here is quick but amusing article on Jim Harper (CATO) taking a challenge from John Gilmore (EFF) to fly on an inter-USA flight without an ID.

| Comments (0) |

Spread the Word -- Ottawa now hosts a "Copynight"

posted by:Ambrese Montagu // 10:14 AM // May 19, 2006 // Core Concepts: language and labels | Digital Activism and Advocacy | Digital Democracy: law, policy and politics | TechLife | Walking On the Identity Trail

Ottawa's first ever Copynight will be held at 6pm Tuesday May 23rd at The Royal Oak Pub (161 Laurier Avenue Eas, which is located on the north edge of the Ottawa University campus).

CopyNight is a monthly social gathering of people interested in restoring balance in copyright law. We meet over drinks once a month in many cities to discuss new developments and build social ties between artists, engineers, filmmakers, academics, lawyers, and many others. Everyone is welcome.

In future, Copynight's will be held on the 4th Tuesday of every month. To learn more or get on the mailing list, please email ottawa (at) copynight.org.

| Comments (0) |

Jargon Watch

posted by:Jeremy Hessing-Lewis // 03:05 PM // May 16, 2006 // Commentary &/or random thoughts | Core Concepts: language and labels | Walking On the Identity Trail

New words to keep in mind.

"Techade"(noun): Technology emerging over the next ten years.

"Co-operation Superhighway"(noun): Ongoing private-public international partnerships. eg. FTC attorneys being helped by law enforcement and/or ISPs in the country where the problem originates.

"Best-of-breed Anti-fishing Security Vendor" (noun): Depends on which anti-phishing vendor you ask.

"Evasive Malware"(noun): see Sony Rootkit.

"Tricklers"(noun): Automatic download software. See Windows Update.

"Potentially Unwanted Technologies"(noun): Something you may not want on your computer. See also spyware.

| Comments (0) |

Anti-Spyware Coalition Public Workshop

posted by:Jeremy Hessing-Lewis // 10:41 AM // // Commentary &/or random thoughts | Digital Activism and Advocacy | Digital Democracy: law, policy and politics | Surveillance and social sorting | Walking On the Identity Trail

Jeremy HL and Ambrese reporting from the Anti-Spyware Coalition Public Workshop: Developing International Solutions for Global Spyware Problems. The Workshop has brought together an interesting mix of consumer advocates, anti-spyware vendors, regulatory agencies, and public interest groups.

Ari Schwartz, of the Center for Democracy and Technology, presented a survey of some of the harms of spyware including:
1. Identity Theft
2. Corporate Espionage
3. Domestic Violence
4. Extortion
5. Unfair and Deceptive Trade Practices
6. General Privacy Invasions

Although the connection may not be immediately obvious, the relationship between domestic violence and spyware is particularly interesting. Both Anne Mau, of lokk.dk, as well as Cindy Southworth, of the National Network to End Domestic Violence, spoke of how women in abusive relationships can be put under surveillance by their own computers. The monitoring becomes an additional method of asserting complete control. One example marketed as "lovespy" was deployed as a harmless greeting card that would then install key tracking software. This is especially dangerous when women are trying to find social support information or are organizing themselves to leave the relationship.

Ambrese investigated the support services related to spyware and domestic violence only to find that they remain totally inadequate. One support worker offered the helpful advice: "Don't use the Internet." CIPPIC will be hosting Cindy Southwark this week as she trains social service workers to deal with these issues.

Stay Tuned.

| Comments (0) |

3 Week Getaway in Washington, D.C.

posted by:Natalie Bellefeuille // 10:01 AM // February 02, 2006 // Walking On the Identity Trail

For the month of January, three graduate law students involved in the Anonymity Project, including myself, had the privilege of participating in an internship at the Electronic Privacy Information Center (EPIC) located in Washington, D.C.

Upon our arrival, we were welcomed by spring-like weather, an amazing city waiting to be explored, and the young group of devoted individuals that makes up the EPIC team.

During our time there, we were each assigned one major project. The main project on which I worked consisted of preparing comments to a proposed rule according to which airlines and shiplines would be obligated to collect a greater amount of personal information from passengers, to store it in an electronic database, and to communicate this information to the Centers for Disease Control and Prevention either upon request or when an ill passenger is identified.

But our time at EPIC was not exclusively spent working on our various projects. From following the Alito Supreme Court nomination hearings to attending a speech by Al Gore and a discussion panel at George Washington University on NSA Eavesdropping, there was no shortage of activities in which we were invited to take part. On the last day of our internship, we attended the Privacy Coalition Meeting, an annual event where representatives of various NGOs discuss the privacy issues faced by their organization. The Privacy Commissioner of Canada was a guest speaker at the Meeting.

This internship was a truly rewarding experience, and I thank everyone on the Anonymity Project who was involved in making it happen.

| Comments (0) |

Contours Programme Is Now Up!

posted by:David Matheson // 01:24 PM // October 17, 2005 // Walking On the Identity Trail

The programme for our upcoming Contours of Privacy conference (November 5 and 6) is now on-line. You can download it here.

We're very excited about the range of diverse perspectives that will be brought by our speakers, who include:

Ian Kerr, University of Ottawa
Jacquelyn Burkell, University of Western Ontario
Alessandro Acquisti, Carnegie Mellon University
Krista Boa, University of Toronto
Stephen Margulis, Grand Valley State University
Krystal Kreye, University of Victoria
Mariam Thalos, University of Utah
Travis Dumsday, University of Waterloo
Lysiane Gagnon, La Presse and The Globe and Mail
Michael Zimmer, New York University
Alan Borovoy, Canadian Civil Liberties Association
Robert Ellis Smith, Privacy Journal
Hugh Hunter, University of British Columbia
Catarina Frois, University of Lisbon
Aritha Van Herk, University of Calgary

You don't want to miss this event! And, happily, there's still time to register. For more information please visit the conference Website.

| Comments (0) |


posted by:Ian Kerr // 05:53 PM // July 20, 2005 // Walking On the Identity Trail

almost everyone knows of steve mann's work on sousveillance. today, it was covered in the washington post.

| Comments (0) | | TrackBack

Do Privacy Advocates Blog?

posted by:Marc Rotenberg // 08:33 PM // July 19, 2005 // Walking On the Identity Trail

Ian Kerr kindly asked if I would guest blog at blog-on-nymity. We discussed dates, annnouncements, format. Then I just decided to show up. Sorry. I'm going to spend the next week expressing views on privacy, EPIC, and a bunch of other stuff. I don't like long entries. So, I'll try to be brief. And interesting. And informative. Check back here. It should be fun.

| Comments (0) | | TrackBack

ITAC Meeting

posted by:Catherine Thompson // 04:42 PM // June 01, 2005 // Walking On the Identity Trail

Yesterday I went to the Information Technology Association of Canada (ITAC) Cyber Security Forum held at the Standards Council of Canada on behalf of the Canadian Internet Policy and Public Interest Clinic.

A few matters arose that relate directly to the Anonymity Project’s activities.

First, Bill Munson of ITAC mentioned that the RCMP recently gave a presentation to ITAC in which it was mentioned they were going ahead with biometric and real time ID proposals, including chips in passports.

Industry Canada Director General of E-Commerce Richard Simpson spoke about the recently released Spam Task Force Report. At the end of his presentation, Simpson said he wanted to emphasize two points.

First, Simpson said if the Internet is to be an economic infrastructure, authentication and identity management ‘need to be dealt with.’ He said the days when we go on the Internet anonymously might have to end.

Secondly, Industry Canada will be looking to reinforce the ground rules of the Internet as an economic marketplace. It is Simpson’s belief that clear and consistent rules will lead to economic growth and that privacy will necessarily play a part.

Despite the brevity of his comments, it would seem part of Industry Canada’s next major focus could relate specifically to the subject matter of the Anonymity Project.

| Comments (0) | | TrackBack

Broadcast: If I Were an iPod, live - sort of

posted by:Marty // 09:09 AM // May 05, 2005 // Walking On the Identity Trail

On Monday, May 9, beginning at 11:00am, Local Revolutions-Calgary Talks on CJSW 90.9FM will broadcast "If I were an Ipod": Privacy, Autonomy, and the Internet for Dummies.


Monday, May 9, 11:00am – 12:00pm (Mountain Time)

If I were an Ipod: Privacy, Autonomy and the Internet for Dummies One of two Sheldon Chumir Foundation broadcasts for this month of May, “If I were an Ipod” features Ian Kerr as he takes the audience through the ethical significance of powerful identification technologies as well as privacy in the digital age. Ian Kerr holds the Canada Research Chair in Ethics, Law and Technology at the University of Ottawa.
| Comments (0) | | TrackBack


posted by:Ian Kerr // 05:00 PM // April 26, 2005 // Walking On the Identity Trail

On the Identity Trail is pleased to announce that Carole Lucock will join us in May as our new Project Manager.

Carole was Senior Legal Counsel and Chief Privacy Officer with the Canadian Medical Association, a not-for-profit corporation, where she has acted as counsel for 15 years. During her tenure with CMA, in addition to corporate legal work, Carole worked on numerous health and medical profession policy files and was very active in matters concerning health information privacy. While at CMA, Carole instituted an articling program and has worked with numerous articling students during the course of their training.

Carole obtained her LL.B from Queens University and is currently completing her LL.M, with a concentration in law and technology, at Ottawa University, researching the law and policy challenges associated with the anonymization of personal health data. She will enroll as an LL.D candidate in September. Her research interests include the intersection of privacy, anonymity and identity, and the potential distinctions between imposed versus assumed anonymity.

Prior to becoming a lawyer, Carole worked for a number of years as a high school teacher in England, where she taught science, social science and physical education.

| Comments (1) | | TrackBack


posted by:Marty // 09:41 PM // April 21, 2005 // Walking On the Identity Trail

The Federal Court of Appeal case of BMG Canada Inc. v. John Doe, took place yesterday and today (see Google News for coverage)

On the Identity Trail's Ian Kerr & Alex Cameron have written NYMITY, P2P & ISPS: Lessons learned from BMG Canada Inc. v. John Doe. This piece explores the reasons why a Canadian Federal Court refused to compel five Internet service providers to disclose the identities of twenty nine ISP subscribers alleged to have been engaged in P2P file-sharing. Further, they argue that there are important lessons to be learned from the decision, particularly in the area of online privacy, including the possibility that the decision may lead to powerful though unintended consequences.

Click here to download the text.

| Comments (0) | | TrackBack

Wired on Sousveillance

posted by:Marty // 09:22 AM // April 14, 2005 // Digital Activism and Advocacy | Walking On the Identity Trail

Kim Zetter has published this article at Wired on the sousveillance escapades of Steve Mann while he's attending CFP in Seatlle. For those familliar with souveillance [a word-play on the French words sur (over) and sous (under). The term essentially means watching the watchers], this article provides a glimpse of what On the Identity Trail's own Steve Mann has been up to...

He has designed a wallet that requires someone to show ID in order to see his ID. The device consists of a wallet with a card reader on it. His driver's license can be seen only partially through a display. And in order for someone to see the rest of his ID, they have to swipe their own ID through the card reader to open the wallet.

He also made a briefcase that has a fingerprint scan that requires the fingerprint of someone else to open it.

| Comments (0) | | TrackBack

On the Identity Trail papers

posted by:Marty // 08:39 PM // April 10, 2005 // Walking On the Identity Trail

In advance of this week's Computers, Freedom & Privacy conference (cfp.org), members of the On the Identity Trail project are publishing a wide array of papers.Click here to view the papers.

| Comments (0) | | TrackBack

If I were an iPod

posted by:Marty // 09:37 AM // April 06, 2005 // Walking On the Identity Trail

On the Identity Trail's own Ian Kerr has been touring Alberta, B.C. and Saskatchewan delivering his talk dubbed "If I Were an iPod", which posits the notion that "we are moving from a network of ideas, to a network of things, to a network of people."

Follow this link to read one Univeristy of Regina audience member's oberservations of this talk.

| Comments (0) | | TrackBack

The Concealed I: Day 2 Afternoon events

posted by:Alex Cameron // 05:22 PM // March 05, 2005 // Walking On the Identity Trail

Life During Wartime: Is our Legal System Protecting the Human Face of Privacy?

Stephanie Perrin introduced and moderated our first afternoon panel discussing privacy and the legal system during wartime.

This impressive panel was expanded from the panel listed in the conference program and comprised of:

Peter Hustinix (European Data Protection Supervisor)
Jennifer Stoddart (Privacy Commissioner of Canada),
John Borking (Director, Borking Consultancy; Associate Board member, Dutch Data Protection Authority),
Andrew Clement, (Professor, Faculty of Information Studies, University of Toronto)
Mark Rotenberg, (Electronic Privacy Information Center)

Peter Hustinix spoke about a number of European developments, many very positive, in the context of privacy as a human right.

Jennifer Stoddart talked about the situation in Canada and indicated that it was not as positive as the European situation. She described Canadians’ feelings of their current state in society before their government as ‘naked citizens’ in front of a fully clothed emperor who keeps adding more and more layers of clothes through the seasons. The Commissioner is participating with the government on a number of projects in post 9/11 atmosphere. For example, the Commissioner has been in a waiting position regarding no fly lists (or watch lists) for six months. They have been waiting for a privacy impact assessment on this project which is not forthcoming despite the development of the list. The Commissioner has also been consulted regarding a biometric passport which apparently is being rolled out for diplomats. She expressed concern about disturbing trends and projects in Canada, including lawful access, DNA databanks, weakening of PIPEDA to conscript private sector for law enforcement. We are faced with a diminished expectation of privacy. We are left in the dark as things are developed in Canada.

John Borking, discussed a number of his thoughts about privacy developments in ‘wartime’, particularly with regard to his paper on Privacy Enhancing Technologies recently submitted to the University of Ottawa Technology law Journal (stay tuned). He talked about his work on the PRIME project in Europe. The focus of his talk was in relation to airport security. He said we will get biometric identifiers on our passports and see the use of RFIDs in airports. His research analyzed the parties involved and the flow of data in airports, from check-in to boarding etc. He talked about the solution to some of these privacy problems suggested by the PRIME project – a type of smart card.

Andrew Clement talked about biometric passports proposed in Canada and generally. He suggested that they will not work in stopping people with ill-intent. It will not be effective because people without a record of bad behaviour will pass through even the tightest security, not because the technologies are ineffective (which they in any event are). No evidence every presented to suggest it will be effective.

Marc Rotenberg spoke about how the systems that we had to maintain balance and accountability are under attack, there is increased secrecy in government activities that implicate privacy (particularly in the area of passenger profiling).

Who Are the Privacy Advocates?: From CIPPIC to Sousveillance

David Matheson introduced our final panel of speakers regarding privacy advocacy:

Colin Bennett, Professor, Department of Political Science, University of Victoria
Steve Mann, Professor, Department of Electrical and Computer Engineering, University of Toronto
Philippa Lawson, Executive Director, Canadian Internet Policy and Public Interest Clinic (CIPPIC)
Stefan Brands, Adjunct Professor, McGill University, School of Computer Science

Colin Bennett talked about a new research project he is embarking on in a presentation titled “Privacy Advocacy and Activism: Spotlighting Surveillance Practices in a Networked World”. He reviewed a number of background assumptions including globalization, a proliferation of policy instruments (regulatory instruments, self-regulatory instruments, technological instruments, transnational instruments) and increased frequency of resistance to surveillance practices. Colin provided a typology of advocacy coalition to demonstrate how privacy activism is embedded within other groups (e.g. civil liberties, Internet rights, human rights, consumer rights, software provider advocates, academic advocates etc.). He asked why the “Friends of the Earth of Privacy” has never formed? In response to this he posed several possible hypotheses: free-rider problem, strange bedfellows, contradictory interests, crowding of privacy space, abstract issue.

Steve Mann, gave a fascinating and thought-provoking talk about his concept of “Equiveillance: The equilibrium between Surveillance and Sous-veillance”. Steve reflected on his thoughts about the contrasts between surveillance and sousveillence on a number of different levels and grounds. He reflected on his experiences as an inventor and showed some excellent videos of his sousveillance work in department stores. Steve also showed us his “Funtain” instrument – a wild human-computer fluid interface!

Philippa Lawson gave a presentation titled “Privacy Activism in Canada: CIPPIC's Approach”. She described why privacy advocacy work is so important: hidden nature of violations, power imbalance, law lags business practices and technology, individuals don’t have the time or energy to pursue complaints, and privacy commissioners have many conflicting roles. She provided an overview of CIPPIC’s approaches to advocacy: establishing rights, exercising rights, exposing violations, etc. In terms of technique, CIPPIC acts both reactively and proactively. On the proactive side, CIPPIC writes research reports, exposing facts, assessing policies, ‘mystery shopping’, filing complaints, lawsuits, lobbying etc. Lessons learned: solid research, caution about collaborating with adversaries, no one right approach to advocacy.

Stefan closed the panel by likening the current battle of privacy advocates to a rope-pulling effort with an increasingly powerful opponent. The privacy opponent is not driven by evil intent but by globalization, computerization, efficiency imperatives, and a resulting need for better security. Stefan argued that privacy advocates and regulators are hurting the privacy cause by not adequately integrating what he calls Privacy Technology Advocates into privacy debates. He cautioned that many privacy battles and regulatory efforts are based on erroneous implicit assumptions about what technology can and cannot do. He illustrated this by discussing how identity data can be electronically shared across unlinkable domains without destroying the unlinkability. He ended with a plea for regulators and privacy advocates to work more closely with privacy technology advocates in order to make the privacy debate less polarized and thereby help the privacy cause.

Closing remarks

Closing remarks from Ian Kerr wrapped up this amazing conference! Ian thanked the students who helped organize the conference and talked a little about the role of academics in inspiring students who truly care about the issues explored at conference. Ian mentioned a number of concrete items that will come out of the conference:

- Policy Scan summary from Federal Privacy Commissioner's office
- written report on the conference to come from the Privacy Commissioner's office (posted on our site too)
- video archive of the conference
- special symposium in University of Ottawa Law and Technology Journal

Ian thanked the sponsors, including SSHRC and the Privacy Commissioner of Canada's office, Department of Justice, Bell, Microsoft.

Watch for the Contours of Privacy conference...

| Comments (3) |

The Concealed I: Day 2 Morning events

posted by:Alex Cameron // 12:27 PM // // Walking On the Identity Trail

Anonymity, Identity and Constitutions

The first panel today was introduced and moderated by Peter Hustinix, European Data Protection Supervisor.

Daphne Gilbert (Professor, Faculty of Law, University of Ottawa) gave a presentation titled “Seeking Equality Anonymously: Naming names in Section 15 litigation “. She reviewed two Supreme Court of Canada cases considering section15 of the Charter to demonstrate a number of points in connection with human dignity. She examined how the identity of the claimant factored into these decisions and what the impact was for human dignity. For example, she asked whether the claimant was a representative stand-in for a broader group or class of individuals. In the Gosselin case, the answer was certainly ‘yes’ given that it was a class action. She suggested that the personal aspect and facts of a case are necessary to put the case into a context but that it is not clear that specific facts actually make a difference when it comes to the analysis. She discussed a number of reasons why this is an important problem and why the details of an individual claimant’s identity are so important. She suggested that all details of a claimant’s identity that pertain to the impact of the legislation should matter. In Gosselin, this means that the fact that she was a woman and that she was on social assistance were key factors that matters – her age should not have been the key factor. Finally, Daphne asked what happens when the individual identity of claimants does not seem to matter. She said that we get decisions like Gosselin – among other things, decontextualized, without regard to human dignity. Gosselin was not anonymous and should not have been made so by the decision.

Paul de Hert (Professor, Faculty of Law, Leiden University & Free University Brussels) gave a presentation titled “Trumping surveillance with anonymity or with opacity? A European perspective”. After introducing the idea of trumps, he discussed two tools of power governance: blocking power (idea of privacy) and allowing power but channeling it (idea of data protection). He pointed out that data protection can merely channel power that is itself illegitimate. He suggests that more attention should be paid to the blocking aspect of privacy, particularly in light of the Charter of Fundamental Rights and Freedoms (2001).

A. Michael Froomkin (Professor, Faculty of Law, University of Miami) gave a fascinating presentation titled “Anonymity Law in the US: Latest Developments, Familiar Problems”. He covered the foundations of the debate (harms and benefits of anonymity recognized in the USA), the regulation of anonymity (eg DRM), access to communicative anonymizing technology (crypto) and the destabilizing effects of new technologies. He discussed a number of positive and negative developments in the USA, including exploring the status of anonymity in political speech, private civil actions, Patriot Act etc. In terms of destabilizing technologies, he mentioned massive databases, facial recognition and DRM (making the world a safer place for copyright). Michael concluded his presentation with two suggestions about what is to be done. The first task is legislative but he recognized that the current US administration doesn’t care about privacy and that for now we must rely on the courts to police (only the grossest) privacy violations. Second, and more important than the legal solutions, are setting standards in new technologies and developing tools as a couple of examples.

Gender, Race & the Social Casualties of Information Policy

After a short break, Marsha Hanen introduced and moderated a panel on Gender, Race & the Social Casualties of Information Policy.

Jane Doe spoke first and gave a tremendous presentation titled “Anonymity, Women ad Sexual Assault”. Jane’s presentation reflected a number of her personal experiences and the results of her interviews with women who had been sexually assaulted. Jane has an upcoming paper discussing these issues. She stated that woman who file sexual assault charges are themselves criminalized and that the criminal justice system poses a threat to them. Women are shamed, not believed, subjected to medical exams, humiliated, lied-to and insulted by court officials, shunned by friends and family and community and forbidden to speak about their experiences. She gave a moving account of how women’s bodies function as crime sites and how women must remove themselves from their own bodies in this process. Why would any woman report a sexual assault and subject herself to all this abuse, especially when the conviction rate in Ontario is under 5%? For many of the women Jane interviewed, the notion of privacy through a publication ban is exactly that – a notion. It only prevents certain kinds of publication. Women in small communities, for example, found that the entire community had full knowledge because the women could not be protected in the court room.

Oscar Gandy’s presentation was titled “Racial Profiling: They say it’s against the law.” He reported on a continuing project on policy formation in the area of racial profiling, describing past research into how racial profiling was framed in major newspapers. That research found that most articles concluded that racial profiling was wrong, particularly where newspapers were based in areas with large black populations. He pointed out that since 9/11, racial profiling has come to the fore again. In his latest research, he used Lexis/Nexis to look at 1999-2004 legislative developments at the state level. He found 24 laws that were a response to racial profiling. Found considerable variation between laws, particularly in the way that racial profiling was defined. For example, there were differences between states that base their approach to the issue on “sole” factor and those that say any reliance on race to justify investigatory activity is illegal.

Following the presentations, a number of excellent questions were posed by the audience and an excellent discussion ensued and continued into the lunch break.

| Comments (1) |

The Concealed I: Blog of Day 1 events

posted by:Alex Cameron // 06:04 PM // March 04, 2005 // Walking On the Identity Trail

Bonjour and hello! Events got underway today at our multi-disciplinary conference at the University of Ottawa, Faculty of Law: “The Concealed I: Anonymity, Identity and the Prospect of Identity”. This blog entry sketches events of the day in a general way, and without purporting to be an accurate or complete transcript of events.

Introductions and welcomes were made by Ian Kerr, Bruce Feldthusen (Dean of the Common Law Section, Faculty of Law, University of Ottawa) and Pamela Wiggin, (Vice-President, Knowledge Products and Mobilization, Social Sciences and Humanities Research Council).

Nature and Value of Privacy and Anonymity

Following the introduction to the conference, Valerie Steeves introduced the first panel, including Alan Westin. Alan set the scene for the morning’s events and for the conference. Drawing from his work, he conducted a fascinating review of the concept of anonymity in the biblical Hebrews, the Roman Empire, and the American Republic. Helen Nissenbaum, Dept. of Culture and Communication, New York University continued the theme of setting the stage for the conference by posing a number of additional thought-provoking questions for the audience to think about. These questions included: Do we have a right to anonymous speech? Do we have a right to read anonymously? Should we allow anonymous email? In thinking about ways that we might go about answering these questions, she explored several different layers of analysis. At bottom – interest politics. At top – conflicts of rights and values. Middle – social systems, institutions, cultures… etc. (eg. Walzer’s “Spheres of Justice”, Bourdieu’s “fields”, Luhman’s “systems”). She discussed norms of information flow in terms of appropriateness of the information and method/means of transmission. The presentation concluded with presentation of an “Application Heuristic” that asked the following questions: (a) what is the governing context? (b) what types of information are in question? (c) according to what principles is the information in question (e.g. identifying information) transmitted among (what) actors, in the context? A number of questions were posed by audience members and an excellent discussion ensued.

Public Perceptions of Privacy and Anonymity

After a short break, Steven Davis introduced our next panel, comprised of David Lyon (Prof., Dept. of Sociology, Queens University) and Gary Marx (Prof. Emeritus, M.I.T.). David Lyon’s presentation was titled “Systematic surveillance and perceptions of privacy”. David talked about aspects and preliminary results of his survey research into attitudes regarding privacy in Canada and other countries around the world. Further details can be found at http://www.queensu.ca/sociology/Surveillance/research.htm. Gary Marx’s presentation was titled “What’s in a Concept?: Some Reflections on the Complications and Complexities of Personal Information and Anonymity?”. Gary explored ideas about different types and sources of personal information, including indications of social perceptions and reflections of personal information and anonymity.

- Lunch -

Privacy Commissioners Panel

After lunch, Bruce Phillips gave an inspired introduction for the panel of privacy commissioner speakers. He praised the work of the commissioners and emphasized the importance of the public education aspect of the role of commissioners. He feels that people can make intelligent decisions about privacy, as long as they are informed!

The first speaker on the panel was the Privacy Commissioner of Canada, Jennifer Stoddart. The Commissioner spoke about the role of privacy commissioners and issues facing the commissioner’s community. She viewed the commissioners’ role as pragmatic, flexible to respond, and principally to apply the standards that are set down by legislation in response to the needs of local constituents. She noted that the commissioners themselves reflect a wide array pf personal information defining issue in the public and private sphere, making them a bell-weather of privacy issues. She emphasized the importance of public participation as a key to the solution to identity challenges through public education, public debate and education.

Frank Work, Information and Privacy Commissioner of Alberta talked about developments and privacy issues in Alberta. He noted that his office is now allied with police forces in the area of ID theft. He stated that his office now receives bags and bags of commercial papers. For example, where the police bust a drug operation, they will often find a lot of documents with personal information. These documents are referred to the privacy commissioner to look for possible ID theft and begin investigations where appropriate. Frank Work noted that his office has been involved in reviewing hundreds of PIAs. Finally, he stated that the government wants more information about his office because, in some cases, the government wants to service the commissioner better.

Peter Bower, Executive Director, Access and Privacy Ombudsman, Manitoba spoke about (1) state of information management (records management systems) and (2) state of research in social sciences and natural sciences, particularly medical research. Peter remarked that the state of information management is terrible. He noted that research into archives is being held up as a result of privacy concerns. While the medical community has made progress on this issue, the social sciences are way behind.

Mary O’Donoghue, Senior Counsel and Manager of Legal Services - Information and Privacy Commissioner/Ontario, spoke about recent issues facing the Ontario commissioner’s office. Among the issues discussed was police retention of fingerprint and photos. The IPC Ontario was able to persuade the police to reconsider their policy in light of privacy considerations. She also noted that a number of privacy issues had arisen in schools – searching students for drugs, strip searches, video surveillance, police dogs in schools etc. The IPC Ontario developed guidelines which are now in place and well-received.

Prof. Michael Geist asked the commissioners about outsourcing issue and international data transfers. He also asked about how commissioners’ viewed their jurisdiction to pursue foreign entities (eg.. the Abika complaint filed by CIPPIC). Commissioner Stoddart replied that they have material on their site regarding the outsourcing issue and pointed to a number of ongoing initiatives in the area. She also advised that her office is conducting an audit of transborder flow of data in the public sector. With respect to the collection of Canadians’ personal information by outside entities, she remarked that the chain of collection is partly in Canada and so they do have jurisdiction over that and are investigating it. Further, where a US company is doing the collecting, she stated that her office is in talks with the US FTC regarding the possibility of a joint approach to the issue.

Philippa Lawson of CIPPIC asked excellent questions about the decisions of the commissioners. Commissioner Stoddart responded to these questions. She noted that where there is a written complaint, the commissioner is supposed to respond in writing every time. Not the same with phone calls regarding complaints. Why not name names? The commissioner is actively looking into criteria for doing this soon. She advised that not every finding is published, but rather only those that bring up new educational value issues.

The Great Debate

Following the panel, Declan McCullough of CNet moderated a spirited and lively debate between Marc Rotenberg of EPIC and David Harris, Director of INSIGNIS and former Chief of Strategic Planning at CSIS. The topic: Be it resolved that a national identity card should be established in Canada and the United States. Following a great face-off between Marc and David, Declan asked a number of questions and moderated questions from the audience.

Is the Future the P.I.T.s?: Implanting and Extracting Identity

After a brief break, we reconvened and Paul Van Oorschot moderated an excellent panel of final speakers for the day: Ian Kerr, Latanya Sweeney ( and Michael Krawitz (Executive VP and CPO of Applied Digital).

Michael spoke first and discussed the VeriChip produced by Applied Digital. He focused his discussion on the medical, financial and security uses and advantages of VeriChip. He described the example of seniors using VeriChip to contain health information so that doctors and hospitals can rely on the chip rather than the imperfect memory of the person. He compared the VeriChip to a medic-alert bracelet. In the financial context, he described how VeriChip can be used to protect against ID theft by acting as a secondary authentication device.

Next up, Latanya Sweeney of the Data Privacy Lab at Carnegie Mellon (Associate Professor of Computer Science, Technology and Policy, Institute for Software Research International) gave an amazing presentation of her research areas. She reviewed a number of areas and focused her talk regarding RFIDs on ID theft. She described how Zip Code, Birth Date and Sex information can be used to link and uniquely identify 87% of US population. She talked about her Identity Angel project which scans the web to see if there is enough information available about you to enable someone to commit a fraud against you or to commit ID theft. The idea is to then contact the vulnerable person. The ID Angel project found evidence of online resumes with lots of information about people. For example, 140 or 150 resumes with SSNs. They contacted 105 of the people at issue and received a variety of different replies ranging from thanks to threats of lawsuit! She discussed how the VeriChip will eventually lead to all the same kinds of problems we see in the data explosion now and with online databases. For example, restaurants will want its customers to have VeriChips and to have access to information about allergies. Same thing for amusement parks and heart condition information as another example.

To conclude the presentations for the day, Ian Kerr gave an energized presentation “Still feelin ‘icky’: The Utopias of Conrad Chase, Kevin Warwick and other Digital Angels”. This presentation recounted Ian’s experience with the Baja Beach Club in Barcelona. This club was implanting customers with “VIP” chips that permitted access to the VIP lounge at the club and enabled payment. Ian’s presentation explored what it might be like to live in a wireless world in which our devices all talk to one another in an automated way that doesn’t necessarily involve us. We move from a world of local area networks to ‘PANs’ – Personal Area Networks. Ian discussed Kevin Warwick’s neural transducer surgical implants intended to send and receive signals from computers and others. Other implantable devices include insulin, cochlear implants (phones, MP3 players etc. can be linked). He pointed out that the nature of the information created in the PANs (like blood sugar, neural signals etc.) leads to heightened security and privacy needs. Are we moving from the network of ideas, to the network of things, to the network of people? Ian is very interested in this apparent move towards the merger of human and machines.

Great discussion ensued…. lots of questions for Michael!

End of Day 1!

| Comments (2) |

Pre-conference events in Ottawa! Student Salon kicks-off events

posted by:Alex Cameron // 12:19 PM // March 03, 2005 // Walking On the Identity Trail

I am keeping a general blog of the proceedings of the Concealed I conference over the next few days in Ottawa. Pre-conference events kicked-off this morning with an exciting student salon and a keynote address by Prof. Emeritus Gary Marx.

The Student Salon on Anonymity, Identity and the Prospect of Privacy, presented in part by the IT Law Society, commenced with a welcome and introduction by Ian Kerr, principal investigator for On the Identity Trail.

The first group of speakers were students from the University of Toronto working with Bell Labs.

Rajen Akalu from UofT spoke first about implementation of PIPEDA and his work regarding the Openness principle under the Act. His research also focuses on how reasonable expectations regarding privacy are changing in the digital age. Research results will be presented soon at http://pipedaproject.rcat.utoronto.ca. conference March 18, 2005 (Toronto).

Barbara Bresssolles then talked about implementing PIPEDA in the airline industry. She says that the basic problem is over-collection and improper sharing of information for national security purposes. Barbara discussed a number of findings of the Privacy Commissioner of Canada in relation to airlines. She mentioned that the Public Safety Act 2002, s.98 removed the ability of the commissioner to investigate privacy complaints where the information at issues was collected, used or disclosed for national security purposes. She pointed out how this weakens privacy rights in PIPEDA. In her research, she reviewed the privacy polices of Air Canada, WestJet, CanJet and Jetsgo based on the 10 CSA principles.

Finally, Sapna Mahboobani talked about her research into how privacy policies placed on banking websites measure up to the openness principle.

Just after 10am, a panel of students working on the On the Identity Trail project spoke regarding their research. First up was. Catherine Thompson who discussed her work on an Access to Information manual and the case of Steve Mann’s privacy requests in connection with surveillance and security measures in Toronto. Mohammed Layouni spoke about his research into some of the building blocks for constructing privacy-regarding information systems. Finally, Alex Cameron spoke about his research into the conflict between privacy and copyright interests in our information society. He discussed the compelled disclosure of identity concept in connection with lawsuits filed against file-sharers and the privacy implications of DRM.

Ian Kerr introduced our keynote speaker, Prof. Emeritus Gary Marx. Gary’s speech was entitled “Windows into the Soul: Surveillance and Society in and Age of High Technology”. Gary gave an engaging and thought-provoking talk. Among the topics and questions Gary discussed were the “new surveillance”, including brainwave scanning. He posed a number of important questions about whether we are becoming a maximum security society and whether we still have privacy. In the context of new technologies, Gary explored how technologies continually develop to invade privacy and to get around those same technologies in numerous ways. A great discussion ensued with the audience before we broke for lunch.

| Comments (0) |

New Funding for Anon Education

posted by:Valerie Steeves // 11:26 AM // February 16, 2005 // Walking On the Identity Trail

With sniffer dogs and RFIDs coming into North American schools, it's never been more important to engage young people in the debate around anonymity, privacy and identity. We're pleased to announce that the SSHRC-funded Identity Trail Project led by Ian Kerr has received additional funding to help disseminate our research findings to the general public.

We've been awarded a Public Outreach Grant from the Social Sciences and Humanities Research Council in the amount of $44,765. Valerie Steeves (Criminology) is the principal investigator and will work with co-investigators Ian Kerr (Law) and Marsha Hanen of the Sheldon Chumir Foundation for Ethics and Leadership as well as with the Alberta Civil Liberties Research Centre. The team will develop educational outreach models, including in-class and on-line activities, that will engage secondary school students in thinking about privacy and identity issues such as the nature of privacy, the value of anonymity, and how to balance privacy and accountability.

University of Ottawa students will be involved in the development and implementation of the educational outreach project. Many thanks to first year law student Hilary Young who was instrumental in the preparation of the grant proposal.

| Comments (0) |


posted by:Ian Kerr // 12:55 PM // January 31, 2005 // Walking On the Identity Trail

many readers interested in authentication systems will know about the challenges of ensuring electronic privacy while, at the same time, maintaining adequate system security. for example, electronic voting systems need to be capable of ensuring the relative anonymity of each voter while also ensuring that a given individual is eligible to vote, casts no more votes than s/he is entitled, etc.

one of my colleagues, cryptographer david chaum, has been thinking about these sorts of problems for many years.

more recently, he has become involved in ensuring uniform standards for electronic voting through an organization dedicated to Voting System Performance Rating (VSPR) this group is focused on defining objective ways to measure performance of voting systems. VSPR comprises experts from a wide range of voting-related fields, including election officials, social scientists, technologists, vendors, advocates and standards body members.

one crucial aspect of VSPR is that it operates openly: anyone is free to sign up as a recipient to any of the Council Group or Working Group mailing lists, anyone can become a member-at-large of the VSPR Council, and all records of discussions are publicly available.

for a description of the issues to which VSPR is dedicated, read this interesting newsweek article

| Comments (0) |

your first taste of the id trail mix!

posted by:Ian Kerr // 11:46 PM // January 25, 2005 // ID TRAIL MIX | Walking On the Identity Trail

welcome to blog*on*nymity, a collaborative discussion led by the members of the On the Identity Trail research project, sponsored by the Social Sciences and Humanities Research Council of Canada.

as principle investigator for the project, i volunteered to author the first of our weekly id trail mix series. although part of the aim of our blog is to catalyze further discussion among team members, we hope that the blog also fosters a broader, more inclusive and public discussion, one that transcends various social sectors and transfers some of the knowledge products generated by the project and its research through less formal, alternative channels.

id trail mix is a weekly feature of our blog*on*nymity. these weekly articles are meant to be longer and slightly more rigorous than the typical posts found on our blog and across the blogosphere. they are more like a feature length news item but, hopefully, with a bit more bite!

contributions to id trail mix will generally come from members of on the identity trail and invited guest bloggers with subject matter expertise or interest. if you are interested in guest blogging, send an email to blog*on*nymity's editor marty.

| Comments (0) |

main display area bottom border

.:privacy:. | .:contact:.

This is a SSHRC funded project:
Social Sciences and Humanities Research Council of Canada