Identity Management as a Cybersecurity Case Study
August 31, 2005
In our increasingly networked world, information relating to an individual is of interest for its commercial value and for its potential to help promote a safe electronic realm, among other things. In the area of commerce, there are markets demanding the collection of personal data, and at the same time there are markets demanding the protection of that data. Likewise, in the field of public safety, some international agreements provide for the monitoring of individuals, while others call for the protection of their privacy. In the midst of these tensions, new technological tools are emerging to allow increased control over personal data. It is unclear, however, how these digital identity management tools will be used, and what their deployment will mean for the individual.
This paper explores the intersection of international law and technology in the area of digital identity management. First the paper highlights provisions in international treaties and guidelines that have identity management dimensions. Next it provides an overview and technological critique of a new system for digital identity management that the Microsoft Corporation is pushing. Finally, after signaling some ambiguities regarding the interplay of the international rules and the system, the paper offers some suggestions for enhancing accountability to the public.