Principal, Xamax Consultancy Pty Ltd, Canberra
Visiting Professor, Baker & McKenzie Cyberspace Law & Policy Centre, University of N.S.W.
Visiting Professor, E-Commerce Programme, University of Hong Kong
Visiting Fellow, Department of Computer Science, Australian National University
Abstract and Slides for a Presentation and Discussion at the Office of the Privacy Commissioner of Canada on 11 June 2004
Version of 20 May 2004
© Xamax Consultancy Pty Ltd, 2004
Available under an AEShareNet licence
This document is at http://www.anu.edu.au/people/Roger.Clarke/DV/OPCC0406.html
The PowerPoint slide presentation is at http://www.anu.edu.au/people/Roger.Clarke/DV/OPCC0406.ppt
The Internet revolution caught organisations unawares in the mid-1990s, and it continues to befuddle them. Among the latest in a long series of ill-judged fads is 'identity management'. It is envisaged that service providers will make profits, companies and government agencies will be assured who they are dealing with over the 'net, and consumers and citizens will get better services, because someone is managing their identity.
The first part of this presentation reports on the outcomes of a study of identity management published in March 2004. It categorises the many schemes, and shows how they are failing to confront the complexities.
The second part of the session draws on long experience in the conduct of Privacy Impact Assessments, including several recent and current PIAs of identity authentication projects.
The importance of PIAs is obvious to privacy advocates and regulators. Attention is drawn to the reasons why corporations and government agencies find it advantageous to conduct them. Observations are also offered on the critical features of an effective PIA process. Finally, attention is drawn to some limitations of PIAs, with a view to stimulating discussion about whether and how constraints can be imposed on the many privacy-invasive technologies that currently challenge society.
Clarke R. (1994) 'Human Identification in Information Systems: Management Challenges and Public Policy Issues' Info. Technology & People 7,4 (December 1994). At http://www.anu.edu.au/people/Roger.Clarke/DV/HumanID.html
Clarke R. (1999) 'Anonymous, Pseudonymous and Identified Transactions: The Spectrum of Choice', Proc. IFIP User Identification & Privacy Protection Conference, Stockholm, June 1999, at http://www.anu.edu.au/people/Roger.Clarke/DV/UIPP99.html
Clarke R. (2001) 'Authentication: A Sufficiently Rich Model to Enable e-Business' Review Draft of 26 December 2001, at http://www.anu.edu.au/people/Roger.Clarke/EC/AuthModel.html
Clarke R. (2003) 'Authentication Re-visited: How Public Key Infrastructure Could Yet Prosper' Proc. 16th Bled Electronic Commerce Conf., Bled, Slovenia, 9-11 June 2003, at http://www.anu.edu.au/people/Roger.Clarke/EC/Bled03.html
Clarke R. (2004) 'Identity Management: The Technologies, Their Business Value, Their Problems, Their Prospects' Xamax Consultancy Pty Ltd, March 2004, at http://www.xamax.com.au/EC/IdMngt.html
The presenter's many other papers on related topics are on the Web, and indexed at:
Clarke R. (1995) 'Computer Matching by Government Agencies: The Failure of Cost/Benefit Analysis as a Control Mechanism', Informatization and the Public Sector (March 1995), in particular the section on Cost/Benefit Analysis, at http://www.anu.edu.au/people/Roger.Clarke/DV/MatchCBA.html#CBA
Clarke R. (1996) 'Privacy and Dataveillance, and Organisational Strategy', Proc. Conf. I.S. Audit & Control Association (EDPAC'96), Perth, 28 May 1996, at http://www.anu.edu.au/people/Roger.Clarke/DV/PStrat.html
Clarke R. (1998) 'Privacy Impact Assessments', Xamax Consultancy Pty Ltd, 10 February 1998, at http://www.anu.edu.au/people/Roger.Clarke/DV/PIA.html
Clarke R. (2004) 'A History of Privacy Impact Assessments', Xamax Consultancy Pty Ltd, 5 February 2004, at http://www.anu.edu.au/people/Roger.Clarke/DV/PIAHist.html
Clarke R. (2004) 'The Search for Balance: The Past, Present and Future of Privacy Impact Assessments', Xamax Consultancy Pty Ltd, June 2004, at http://www.anu.edu.au/people/Roger.Clarke/DV/PIAPPF.html
Go to Roger's Home Page.
Go to the contents-page for this segment.
Send an email to Roger
Created: 20 May 2004
Last Amended: 20 May 2004
|These community service pages are a joint offering of the Australian National University (which provides the infrastructure), and Roger Clarke (who provides the content).|
| The Australian National University|
Visiting Fellow, Faculty of
Engineering and Information Technology,
Information Sciences Building Room 211
Pty Ltd, ACN: 002 360 456|
78 Sidaway St
Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 1472, 6288 6916