Bob's new draft

Information technology and the law have not been designed for each other. To cite just one example, technologists who did not understand the law of signatures designed an artifact called a "digital signature" which had few of the legal properties of a pen-and-ink signature; the result was a set of changes in the law of signatures to accomodate the new artifact. But the "digital signature" is neither technically nor legally an improvement on the old pen-and-ink signature. It places much stricter liability burdens on the signer (or presumed signer) than the pen-and-ink signature did, and it provides fewer due-process protections for those whose signatures are forged.

Technologists are in the process of inventing artifacts called "digital identities". These seem likely to take on some of the properties of legal persons online. But they are not legal persons, and they have not (yet) been designed to keep real persons who come in contact with them safe.

Digital identities, like robots, can be dangerous to real people. Isaac Asimov envisioned robots who would live by (that is, be compelled by their programming to obey) laws designed to keep humans safe.

The purpose of the Legal IIW workshop is to bring lawyers and technologists together to understand how the law and technology of digital identity interact, so that digital identity and the law can evolve together in ways that keep humans safe.

There is some urgency to the task. Social networks are aggregating large amounts of personal data, and pressure is building on these networks to open their databases in the name of "data portability". ISPs and telecommunications providers are carrying huge volumes of conversations whose status with respect to government surveillance, carrier surveillance, and subpoena is unclear. Data moves back and forth across jurisdictional and national boundaries whose rules for protection of data (and even protection of persons) are unclear, or clear and incompatible. Location-aware handheld devices are tagging huge quantities of information with geographic data, allowing detailed reconstruction of many individuals' daily lives. It would be good to optimize both technology and the law to make the use of digital identity safe for humans before we have to learn where the hazards are the hard way - by experiencing disasters of privacy or fraud.

The law, as usual, lags behind the technology - but as it works to clean up the mess disruptive technologies have caused, it undermines the assumptions made by the technologists and thereby creates uncertainty both in technology markets and in the people who use technology. The technology, as usual, moves forward without much consideration of how it will change the assumptions on which the law rests.

Legal IIW aims to start a conversation which will answer questions like these:

What does the law think "an identity" is? What do technologists mean when they use words like "identity" and "privacy"? Who adjudicates disputes in matters of digital identity and privacy? What happens when disputes involve multiple jurisdictions? How can we make better laws to support safe use of digital identity? How can we make better identity technology to minimize legal risks and maximize legal protections? How can we engineer the user experience of online identity so that people have realistic expectations about the legal implications of its use?