In our increasingly networked world, information relating to an
individual is of interest for its commercial value and for its
potential to help promote a safe electronic realm, among other things.
In the area of commerce, there are markets demanding the collection of
personal data, and at the same time there are markets demanding the
protection of that data. Likewise, in the field of public safety, some
international agreements provide for the monitoring of individuals,
while others call for the protection of their privacy. In the midst of
these tensions, new technological tools are emerging to allow increased
control over personal data. It is unclear, however, how these digital
identity management tools will be used, and what their deployment will
mean for the individual.
paper explores the intersection of international law and technology in
the area of digital identity management. First the paper highlights
provisions in international treaties and guidelines that have identity
management dimensions. Next it provides an overview and technological
critique of a new system for digital identity management that the
Microsoft Corporation is pushing. Finally, after signaling some
ambiguities regarding the interplay of the international rules and the
system, the paper offers some suggestions for enhancing accountability
to the public.