This document summarizes Patrick McCormick's presentation on how digital identity is being transformed by social media and citizen behaviors online. The presentation covered: 1) How Australians are increasingly spending more time online and on mobile devices, changing expectations. 2) The importance of trust but also verification in the digital world. 3) How identity information is currently fragmented across different silos. 4) Potential new directions for digital identity including user control, reputation, and trusted frameworks.
the Victorian Public Service Innovation Action Plan
Rebooting digital identity: how the social web is transforming citizen behaviours and expectations
1. rebooting digital identity
how the social web is transforming citizen
behaviours and expectations
Patrick McCormick @solutist
Special Adviser and MAMS Program Director
Department of Premier and Cabinet
Identity Conference 2012
1 May 2012 - Wellington, NZ
3. rebooting digital identity
how the social web is transforming citizen
behaviours and expectations
1 we are here now
2 trust but verify
3 silos and shoe boxes
4 new directions
5. Australians spending more time online
according to ComScore State of the Internet 2010
• 18.8 hours per month online on average
• 36.3% used Apple iTunes
• 42.6% used online banking services
• 81.6% used social networks
6. and increasingly access web on mobiles
Australians with web capable mobiles
• 43% - 2009
• 65% - 2010
Internet access via mobiles in Australia
• 29% - 2009
• 52% - 2010
Nielson White Paper 2011
8. citizen expectations are changing
3 types of expectations - Charlie Leadbeater
• I need – essential services government must provide
• I want – discretionary services responding to demand
• I can – option to self select, participate, co-produce
why now?
• Internet 1.0 – low or no cost production and distribution
• netizens 1.0 – surplus computing and doing capacity
• web 2.0 - new tools, behaviours, expectations
9. the Internet has something to do with it
it is compact yet immense, a ‘small world’
• 10x growth adds „one hop‟
power law distribution
• growth is organic and ad hoc mostly below and above mean
In Search of Jefferson‟s Moose - David G. Post • few with many links
• many with few links
power law distribution
mostly below and above the mean
•few with many links
•many with few links
10. the public sector is evolving
read-only
1. 20th century administrative bureaucracy rigid, prescriptive, hierarchical
2. new public management - performance
3. triple bottom line – shareholders, stakeholders
read-write
4. co-productive, shared enterprise, Gov 2.0 agile, principled, collaborative
11. what is the significance of Gov 2.0?
Gov 2.0
government web 2.0
the new economy begins with technology and ends with trust
- Alan Webber 1993
12. the public sector develops policy, delivers
services and manages goods
laws regulating drinking are enforced by police in parks
public public
sector policy
public public
services goods
13. we need to go back to first principles to
identify, agree on public purpose
public purpose
public public
sector policy
public public
services goods
14. new tools, changing citizen behaviours
and the Internet are driving change
citizens technology
internet
PSI government
15. but trust is key to exploiting opportunities
of collective public purpose
public
trust
purpose
16. 16
Gov 2.0 begins with public
purpose and ends with trust
technology
citizens
public internet trust
purpose
PSI government
17. the public sector needs to change
a new approach
• share (not cede) power, when and where appropriate
• maintain authority in old and new models
• government as a platform, providing a citizen „API‟
key challenges
• culture of experimentation and collaboration
• open access to public sector data and information
• voice of authenticity, uncertainty and contestability
18. an emerging policy platform
Victoria
• parliamentary inquiry into PSI
• VPS innovation action plan
• government 2.0 action plan
Commonwealth
• Gov 2.0 Taskforce report
• APSC online engagement guidelines
• declaration of open government
22. peer to peer support in real time
CNNhttp://edition.cnn.com/2011/WORLD/asiapcf/07/14/india.blasts.help/index.html?hpt=hp_bn2
2011 Mumbai bomb blasts spark social media response
27. changing community engagement
• 31,852 followers - Victoria Police on Twitter
• 51,133 downloads - CFA FireReady mobile app
• 261,270 likes - Queensland Police on Facebook
27
29. public conversations with government
(cc @justice_vic) Working with Children
check was 90% done (almost 11 weeks),
lodged an Employ instead, and it will restart
and take another 12 weeks. What a stupid
system…
@deonwentworth Deon - thx for your
feedback. Don't know right now what
happened or why it's like that - but will have
someone look into ^D
30. responding to citizens openly, honestly
@deonwentworth Have chased up and have
an answer for you. Pls dm your email addy or
contact # as response won't fit in 140 spaces.
Thanks ^J
@justice_vic No need, got the check
yesterday, start 2morrow. Thx a lot 4
following this up, thought You'd forgotten. If
you still need to, you can email me at…
31. establishing trust in peer to peer context
@deonwentworth Simple answer: starts over
when changing categ. - makes extra sure no
charges after applying. Annoying yes, but we
err on side of extra protection for kids. ^D
@justice_vic thanks. Got my card earlier in
the week.
#goodjob @justice_vic for not giving up on
customer enquiries and following through
right to the end
32. going where people are with useful information
15,450 fans x average of 150 friends = 2,317,500 people
33. mobile apps extend frontline crisis
response but raise identity questions
35. Map of Online Communities 2010: Randall Munroe/xkcd, Ethan Bloch/Flowtown
3. silos and shoe boxes
36. expectations for digital identity today
• mediating experience of own identity and of other people
• authenticating trust-based attribution – assurance between entities
• identifiers used by parties to agree on entity being represented
• self-determination and freedom of expression
Source: http://en.wikipedia.org/wiki/Digital_identity
37. citizen comfort level online is inconsistent
United States Social Security Administration
• pioneering 1990s initiative moved services online
• users query retirement accounts – same as phone
• backlash against perceived privacy and security risks
38. but many people are comfortable sharing…
• shopping histories for „informed advertising‟
• activities and location for social connectivity
• problems and questions for support and assistance
39. acceptable boundaries still emerging
• Apple caught tracking iPhone user movements
• Australian court convicts jilted boyfriend for sharing
nude photos on Facebook*
• Maryland law forbids employers from accessing
Facebook accounts*
• Obama administration says CISPA does not sufficiently
protect privacy, civil liberties*
*all in April 2012
40. digital identity on the web - freedom to be…
1. unidentified
2. pseudonymous
3. identified
http://googlepublicpolicy.blogspot.com.au/2011/02/freedom-to-be-who-you-want-to-be.html
41. pseudonymous identity relies on reputation
• identity and reputation as
interdependent, tightly linked
• social filtering, meritocracy used to
establish trust
• pseudonyms could be privately
verified with government ID or other
standard
• user could remain publicly
pseudonymous but privately verified
by reputation system
42. current state of identity, personal information
sharing fragmented
suppliers
individuals our data central government
circumstance local government
claims, assertions banks, utilities
assets, liabilities interactions
preferences retail, products, services
transactions
peer to peer interactions entitlements guesswork:
future intentions service end points your preferences
your requirements
your intentions
name
identifiers address identifiers
date of birth
gender
third parties
public bodies marketing
postal address credit bureau
electoral role credit applications
geo-codes court judgments
calendar bankruptcies
vehicle data
Source: TVC 2002
43. challenges in technology and
policy dimensions
medium high
technology sophistication
low medium
policy/services breadth
44. mostly simple identity solutions
medium high
technology sophistication
low medium
policy/services breadth
45. some more advanced in one dimension
medium high
technology sophistication
low medium
policy/services breadth
46. few solutions advance in both
dimensions
medium high
technology sophistication
low medium
policy/services breadth
48. what is government’s role in digital identity?
Competing policy interests range from protecting citizen
freedoms, privacy and other prerogatives on one end of the
scale to ensuring law, order, national security, and
institutional efficiencies on the other end.
Philosophical and political implications of choosing various
proposed solutions cut to the core of the relationship between
government and citizen – is creation and use of a person‟s
identity flatly subject to central decree or must it be based
upon consent of the governed?
Authentication and Identity Management: Information Age Policy Considerations - Daniel J. Greenwood
49. Australia’s legacy of resistance
• NO universal identifying number
– TFN, Medicare number, state
driver's license
– 1987 Australia Card abandoned
– 2007 Access Card abandoned
• National Authentication Service for Health (Nash) 2011
– to underpin personally-controlled e-health records
• databases free from regulation –biometrics not covered by
privacy laws i.e. left to discretion of technology vendors
Source: 1 Feb 2011 http://news.cnet.com/8301-31921_3-20030234-281.html#ixzz1HT8C9mGB
50. similar history of resistance in U.S.
• NO universal identifying number – SSN de facto national ID
“We are not talking about a national ID card.
What we are talking about is enhancing online
security and privacy, and reducing and perhaps
even eliminating the need to memorize a dozen
passwords, through creation and use of more
trusted digital identities.”
Commerce Secretary Gary Locke – Jan 2011
• government will enable creation of verified identities, to support
“identity ecosystem”
• getting verified identity will be elective
• user would be able to use one login for all sites
source: http://www.readwriteweb.com/archives/us_commerce_department_in_charge_of_national_inter.php
52. cultural and social norms – law and identity
civil law tradition
• rules determined from
sovereign above
• code is law – trace history to
Roman law, Napoleonic code
common law tradition
• judge discovers law from
practices of the people
• stare decisis - similar cases
should be decided by consistent
rules to reach similar results
53. virtues of forgetting in digital age
• 2011 EU data protection goals included
clarifying right to be forgotten
• right of individuals to have their data deleted
when no longer needed for legitimate purpose
“Regulating the Internet to correct the
excesses and abuses that come from
the total absence of rules is a moral
imperative!” French President Sarkozy
54. making the case for user control
Wherever possible we believe that
personal data should be controlled by
individual citizens themselves.
Rather than owning and controlling their
The UK Conservative Party own personal data, people very often find
Manifesto – Apr 2010 that they have lost control over it.
This „data vault‟ concept, an intermediary
collecting user data and giving 3rd parties The Economist Special Report:
access to this data in line with individual users‟ the Data Deluge – Feb 2010
specifications, is one potential solution that
offers many theoretical advantages
World Economic Forum: Rethinking
Personal Data Project – Jun 2010
55. PDS (personal data stores) for user control
• individuals as data managers – user control and choice
• lower costs and new opportunities for organisations
• environment of trust and platform for innovation
Source: MyDex, The Case for Personal Information Empowerment: The rise of the personal data store
56. federated social identity networks
• consider open-source federated social network software so
anyone can re-use to create and maintain profiles
• use common language so profiles can talk to one another
• choose from array of "profile providers” like email providers
• option to set up own server, provide own social profile
• profiles are interoperable even on different servers
http://www.eff.org/deeplinks/2011/03/introduction-distributed-social-network
57. Jericho Forum IdEA commandments
14 commandments across 5 areas to inform Identity,
Entitlement & Access Management systems
1. Identity and Core Identity
2. Multiple Identities (Persona)
3. Persona (Identity) Attributes
4. Entitlement management and resource access
5. Usage and Delegation
58. trust frameworks
• U.S. National Strategy for Trusted Identities in Cyberspace (NSTIC)
– to enable trusted identity through policies of party issuing credentials
– proposed solutions currently under review
• open identity trust framework provider OIX
– Open Identity Exchange founded by Google, PayPal, Equifax, VeriSign, Verizon, CA
and Booz Allen Hamilton in 2010
– enables exchange of credentials across public and private sectors to certify identity
providers to federal standards
– different from OpenID which lets sites share same credentials
Source: http://mashable.com/2010/03/03/google-paypal-oix/
59. digital identity – emerging principles
• one size does not fit all
• support different types of identity
• privacy and security expectations vary
• maximise user control and choice
• trusted relationships critical, contextual
• identity and reputation are linked
• information may need expiration date
60. rebooting digital identity
how the social web is transforming citizen
behaviours and expectations
1 we are here now
2 trust but verify
3 silos and shoe boxes
4 new directions
61. thanks!
questions?
kia ora.
Patrick McCormick
patrick.mccormick@dpc.vic.gov.au
@solutist
62. re-using this presentation? the fine print…
• Parts of this presentation not under copyright or licensed to others (as indicated) have been
made available under the Creative Commons Licence 3.0
• Put simply, this means:
– you are free to share, copy and distribute this work
– you can remix and adapt this work
• Under the following conditions
– you must attribute the work to the author:
Patrick McCormick - paddy@post.harvard.edu
– you must share alike – so if you alter or build upon this work you have to keep these same conditions
• Unless stated otherwise, the information in this presentation is the personal
view of the author and does not represent official policy or position of his employer