Inferred Vs. Actual - The evolution of policy

From IdCommons

Identity Trust - Next steps: Perspective for IIW

 'Inferred Vs. Actual -  The Policy Gap'

A year ago being enthusiastic and passionate I suggested the development of 'best practice' to develop the policy of liberating personal information. The original strategy for this working group was to look at best practices and advocate policy to reinforce the commercial aspects of freeing identifiers and increasing the commercial capitol that digital identity information can create.

After working with this strategy for a little while it became clear that we may be asking the right things in the wrong way. For an Identity Commons working group to be effective in what ways might we move the focus in discussing personal information and best practices to how value is 'actually' created from implementing policies which free personal information (AKA enabling identity)?

The infrastructure for a consumer/citizen side contract which enables contractual obligations in freeing personal information (like IRA ICONS, usage centric policy) is non-existent. Vendor Relationship Management directly addresses this gap from a commercial infrastructure perspective and is engendering the architecture of commercial applications that can circumvent the issues at the legal/ policy level. This unfortunately still leaves the actual policy legal/ regulatory architecture which deals with the concept of Identity Rights, consumer bill of rights, claims of ownership over personal information, non consensual use of personal information, and the transparency of actual implementation (amongst many other issues)of policy un-addressed. The need to articulate in a more granular way usage centric policy for how identifiers are controlled is a great challenge to 'enforce' commercially. Mechanisms of this infrastructure for the intent and purpose of freeing information (implicitly) applied through usage centric initiated consent still needs to be engineered. With out this intent of purpose inherent in the use of personal information flip side is information function creep, which devalues the information for the individual and increases the value of the information to third parties. With out having limits placed on the use and management of information which the intentional use of information achieves the end user is left dis-empowered and systems loose integrity.

Another lesson learned in the last year has been that 'best practices' are like 'inferred policy' and to address the core issues the focus needs to come from inherent practices like transparency over actual policy, and automated usage centric disclosure.

The freedom of information in commerce is definitely a piece of the empowerment puzzle that is going to make money, but is it a piece of the puzzle that will address the 'liberation of identity' systemically, inherently in our community, and society? A discussion that illustrates the root of the problem address not only the issues of physical transparency in identity, but also the empowerment transparency issues that are achieved through leveraging personal information.

What I would like to continue to discuss is the empowerment dimension of policy something a kin to a more positive policy paradigm interpretation. A dimension illustrated by the perspective in which knowledge power is usage centric. If consent implies personal information usage, positive policy/privacy implies usage centric advertising, so that consent is implicitly and actually implied/ applied. In many ways the same as VRM but not specific to Vendors. Identity Trust has the intent of focusing on these issues in relation to information sharing in a much broader and deeper context through open discussion of actual policy.

I propose at the minimum the option of gestating this working group until the discussion of inferred vs. actual policy can add real value or until another working group addresses these 'actual policy' issues.