ID-Legal

Participation
If you would like to participate in the work of ID-Legal please join the mailing list by following this link.

Notes from IIW in November

NEXT CALLS
Call details:
 * TBD - listen on mailing list for annoucement
 * Tue 07/01/08 10:00 AM - IIW Legal: Setting Goals, Review Draft Description   ID-Legal 07-01-08 Call
 * Tue 07/08/08 10:00 AM - IIW Legal: People and Groups ID-Legal 07-08-08
 * Thurs 07/18/08 10:00 AM - IIW Legal: Goal Review, Potential Partners ID-Legal 07-18-08
 * Thurs 08/28/08 10:00 AM PDT - IIW Legal: Review Charter and Articulation ID-Legal 08-28-08
 * Monday 10/06/08 4:00 PM PDT - Figuring out Next Steps for Jan Conference ID-Legal 10-06-08
 * Thursday 10/09/08 2PM PDT - 2nd call building from Monday's goof up ID-Legal 10-09-08

Dedicated Dial-In Number: 1(309)946-5255  Access Code:659714

Draft Statement of Purpose
Legal IIW aims to start a conversation which will answer questions like these:


 * What does the law think "an identity" is?
 * What do technologists mean when they use words like "identity" and "privacy"?
 * Who adjudicates disputes in matters of online and digital identity and privacy?
 * What happens when disputes involve multiple jurisdictions?
 * How can we make better laws to support safe use of online and digital identity?
 * How can we make better identity technology to minimize legal risks and maximize legal protections?
 * How can we engineer the user experience of online and digital identity so that people have realistic expectations about the legal implications of their use?

Information technology and the law have not been designed for each other. To cite just one example, technologists who did not understand the law of signatures designed an artifact called a "digital signature" which had few of the legal properties of a pen-and-ink signature; the result was a set of changes in the law of signatures to accomodate the new artifact. But the "digital signature" is neither technically nor legally an improvement on the old pen-and-ink signature. It places much stricter liability burdens on the signer (or presumed signer) than the pen-and-ink signature did, and it provides fewer due-process protections for those whose signatures are forged.

Technologists are in the process of inventing artifacts called "digital identities". These seem likely to take on some of the properties of legal persons online. But they are not legal persons, and they have not (yet) been designed to keep real persons who come in contact with them safe.

Digital and online identities, like robots, can be dangerous to real people. Isaac Asimov envisioned robots who would live by (that is, be compelled by their programming to obey) laws designed to keep humans safe.

The purpose of the Legal IIW workshop is to bring lawyers and technologists together to understand how the law and technology of digital and online identity interact, so that digital and online identity and the law can evolve together in ways that keep humans safe.

There is some urgency to the task. Social networks are aggregating large amounts of personal data, and pressure is building on these networks to open their databases in the name of "data portability". ISPs and telecommunications providers are carrying huge volumes of conversations whose status with respect to government surveillance, carrier surveillance, and subpoena is unclear. Data moves back and forth across jurisdictional and national boundaries whose rules for protection of data (and even protection of persons) are unclear, or clear and incompatible. Location-aware handheld devices are tagging huge quantities of information with geographic data, allowing detailed reconstruction of many individuals' daily lives. It would be good to optimize both technology and the law to make the use of digital and online identity safe for humans before we have to learn where the hazards are the hard way - by experiencing disasters of privacy or fraud.

The law, as usual, lags behind the technology - but as it works to clean up the mess disruptive technologies have caused, it undermines the assumptions made by the technologists and thereby creates uncertainty both in technology markets and in the people who use technology. The technology, as usual, moves forward without much consideration of how it will change the assumptions on which the law rests.

Draft Event Description
There is a lack of cross pollination between the legal community and technical community innovating digital identity systems.


 * laws not in sync with technology - creating friction (e-signature)
 * Tech comes out disruptive and the law doesn't know how to deal - causing evolution
 * New Laws coming out - creating uncertainty back into technology markets.

We need to create a space for collaboration to understand
 * what does the law really think 'an identity is' (depends on context: Homeland Security/travel vs financial vs criminal?)
 * what do technologist mean when they use language describing identity and the technology they are building.

"THE LAW" needs to needs to evolve Solove's thesis the law needs to carefully evolve to handle notions of reputations and identity in the online world.

Individuals and Businesses have a joint interest in an identity system that allocates risk and rewards in a socially optimal way.

An example where this kind of early collaboration would have been helpful is the PKI this can be written into a better paragraph Technologists take things at face value
 * previous wave of badness (post PKC) digital signature ( wouldn't it be cool if we could use them instead of paper ones)
 * never bothered to ask what a 'signature' was from the point of view of the law - shape of the ink on the paper - performance of the act - intention to commit oneself to the contract

In the end Techies and Lawyers must make this whole environment that normal people can live in - they have not been talking to each other re: the problems let alone working better together to help regular people.

WHO

 * Governmental entitles (fed, state, local, courts) & politicians
 * DHS (Homeland Security) - some good folks
 * Lawyers and staff for decision makers and the law (in congress, governors and state level), Barak and MaCain staff
 * Commerce Committee
 * NSA (Stewart Baker)
 * Law Enforcement
 * NCCUSL (Nat'l Conf Commission on Unified State Laws)
 * NCSL (Nat'l Conf State Legislators)
 * ALEC (Amer Legis Exchange Council)


 * Business and Corporate interests
 * MySpace, Facebook
 * Google, Yahoo, etc.
 * Intel


 * Universities, professors who have published papers, and law clinics
 * Solove
 * Susan Crawford
 * Michael Froomkin - U Florida
 * Beth Novak
 * Holly Tolle and Ray (?)


 * Consumer interest groups
 * Consumer's Union
 * National Consumer Law Center
 * Privacy Coalition people
 * EPIC


 * Professional associations
 * State and National Bar Assocs
 * CyberLaw Committees of Bar Associations - and chairs
 * ACM
 * IEEE
 * Private Investigator Lobbying groups


 * Related interests
 * 22y olds - interesting Big learning curve
 * Direct Marketing Assn.
 * US Chamber of Commerce


 * International Interests
 * Prime Project? (part of 7th framework, ITU)
 * Cisco & Joe Aledef (also International)
 * International Chamber of Commerce


 * RELEVANT Conferences
 * IIW
 * CFP
 * (others from call?)

Eventually is Quick - in terms of going internationally

International Businesses are already that way.


 * Entities from economic side are already dealing with it.

By Proxy - UN folks from different initiatives, those thinking about the entire world - surrogate.

Institutional Co-Conveners?

 * MIT Media Lab - called for a dialogue about id bill of rights
 * Careful of Gov. conveners - restrictions
 * Common scaffolding - survey type thing - set of protocols. Blind men examining the elephant - handiness
 * Different Languages coming together
 * Framework for them to invite a variety - more useful
 * Berkman
 * UN?
 * OECD - many initiatives going on

For Further Reading
Here are some pointers to papers on legal aspects of online identity that =JeffH has collected:

Bibliography: Legal Aspects of Online Identity

Links to Related Efforts
Here are a few more pages that might facilitate our future conversations. The first link is to the scenarios group.

Scenarios Group http://wiki.idcommons.net/index.php/Identity_Futures

Identipedia http://wiki.idcommons.net/index.php/Identipedia

Systemic Elements http://wiki.idcommons.net/index.php/Systemic_Elements

Inferred vs Actual - The evolution of policy http://wiki.idcommons.net/index.php/Inferred_Vs._Actual_-_The_evolution_of_policy

2008 Q1 Report Identity Rights http://wiki.idcommons.net/index.php/2008_Q1_Report_Identity_Rights

We're also related to Identity Rights Agreements group http://wiki.idcommons.net/index.php/Identity_Rights_Agreements_Charter

--- Logistical Details http://www.freeconference.com Login - ID-Legal PW:privacyonline