Identity Management; and PIAs

Roger Clarke

Principal, Xamax Consultancy Pty Ltd, Canberra

Visiting Professor, Baker & McKenzie Cyberspace Law & Policy Centre, University of N.S.W.

Visiting Professor, E-Commerce Programme, University of Hong Kong

Visiting Fellow, Department of Computer Science, Australian National University

Abstract and Slides for a Presentation and Discussion at the Office of the Privacy Commissioner of Canada on 11 June 2004

Version of 20 May 2004

© Xamax Consultancy Pty Ltd, 2004

Available under an AEShareNet Free
for Education licence

This document is at http://www.anu.edu.au/people/Roger.Clarke/DV/OPCC0406.html

The PowerPoint slide presentation is at http://www.anu.edu.au/people/Roger.Clarke/DV/OPCC0406.ppt


Abstract

The Internet revolution caught organisations unawares in the mid-1990s, and it continues to befuddle them. Among the latest in a long series of ill-judged fads is 'identity management'. It is envisaged that service providers will make profits, companies and government agencies will be assured who they are dealing with over the 'net, and consumers and citizens will get better services, because someone is managing their identity.

The first part of this presentation reports on the outcomes of a study of identity management published in March 2004. It categorises the many schemes, and shows how they are failing to confront the complexities.

The second part of the session draws on long experience in the conduct of Privacy Impact Assessments, including several recent and current PIAs of identity authentication projects.

The importance of PIAs is obvious to privacy advocates and regulators. Attention is drawn to the reasons why corporations and government agencies find it advantageous to conduct them. Observations are also offered on the critical features of an effective PIA process. Finally, attention is drawn to some limitations of PIAs, with a view to stimulating discussion about whether and how constraints can be imposed on the many privacy-invasive technologies that currently challenge society.


References - Identity Management

Clarke R. (1994) 'Human Identification in Information Systems: Management Challenges and Public Policy Issues' Info. Technology & People 7,4 (December 1994). At http://www.anu.edu.au/people/Roger.Clarke/DV/HumanID.html

Clarke R. (1999) 'Anonymous, Pseudonymous and Identified Transactions: The Spectrum of Choice', Proc. IFIP User Identification & Privacy Protection Conference, Stockholm, June 1999, at http://www.anu.edu.au/people/Roger.Clarke/DV/UIPP99.html

Clarke R. (2001) 'Authentication: A Sufficiently Rich Model to Enable e-Business' Review Draft of 26 December 2001, at http://www.anu.edu.au/people/Roger.Clarke/EC/AuthModel.html

Clarke R. (2003) 'Authentication Re-visited: How Public Key Infrastructure Could Yet Prosper' Proc. 16th Bled Electronic Commerce Conf., Bled, Slovenia, 9-11 June 2003, at http://www.anu.edu.au/people/Roger.Clarke/EC/Bled03.html

Clarke R. (2004) 'Identity Management: The Technologies, Their Business Value, Their Problems, Their Prospects' Xamax Consultancy Pty Ltd, March 2004, at http://www.xamax.com.au/EC/IdMngt.html

The presenter's many other papers on related topics are on the Web, and indexed at:


References - PIAs

Clarke R. (1995) 'Computer Matching by Government Agencies: The Failure of Cost/Benefit Analysis as a Control Mechanism', Informatization and the Public Sector (March 1995), in particular the section on Cost/Benefit Analysis, at http://www.anu.edu.au/people/Roger.Clarke/DV/MatchCBA.html#CBA

Clarke R. (1996) 'Privacy and Dataveillance, and Organisational Strategy', Proc. Conf. I.S. Audit & Control Association (EDPAC'96), Perth, 28 May 1996, at http://www.anu.edu.au/people/Roger.Clarke/DV/PStrat.html

Clarke R. (1998) 'Privacy Impact Assessments', Xamax Consultancy Pty Ltd, 10 February 1998, at http://www.anu.edu.au/people/Roger.Clarke/DV/PIA.html

Clarke R. (2004) 'A History of Privacy Impact Assessments', Xamax Consultancy Pty Ltd, 5 February 2004, at http://www.anu.edu.au/people/Roger.Clarke/DV/PIAHist.html

Clarke R. (2004) 'The Search for Balance: The Past, Present and Future of Privacy Impact Assessments', Xamax Consultancy Pty Ltd, June 2004, at http://www.anu.edu.au/people/Roger.Clarke/DV/PIAPPF.html


Navigation

Go to Roger's Home Page.

Go to the contents-page for this segment.

Send an email to Roger

Created: 20 May 2004

Last Amended: 20 May 2004


These community service pages are a joint offering of the Australian National University (which provides the infrastructure), and Roger Clarke (who provides the content).
The Australian National University
Visiting Fellow, Faculty of
Engineering and Information Technology,
Information Sciences Building Room 211
Xamax Consultancy Pty Ltd, ACN: 002 360 456
78 Sidaway St
Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 1472, 6288 6916