[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [atlarge-discuss] Authentication Privacy Principles

To: Atlarge Discuss List <atlarge-discuss@lists.fitug.de>
Subject: Re: [atlarge-discuss] Authentication Privacy Principles
From: "J-F C. (Jefsey) Morfin" <jefsey@club-internet.fr>
Date: Fri, 06 Jun 2003 22:15:52 +0200
Delivered-to: mailing list atlarge-discuss@lists.fitug.de
In-reply-to: <7b.12a6b72c.2c123eb2@cs.com>
List-help: <mailto:atlarge-discuss-help@lists.fitug.de>
List-post: <mailto:atlarge-discuss@lists.fitug.de>
List-subscribe: <mailto:atlarge-discuss-subscribe@lists.fitug.de>
List-unsubscribe: <mailto:atlarge-discuss-unsubscribe@lists.fitug.de>
Mailing-list: contact atlarge-discuss-help@lists.fitug.de; run by ezmlm

On 21:00 06/06/03, DannyYounger@cs.com said:

Eight months ago, the Center for Democracy and Technology convened an
Authentication Privacy Principles Working Group. It recently released the results of
that effort which are available at
http://www.cdt.org/privacy/authentication/030513interim.shtml

Thank you for this link. This report lists six good requirments, I am not sure the current lunacy fully respect:

1) Provide User Control - The informed consent of the individual should be obtained before information is used for enrollment, authentication and any subsequent uses.

2) Support a Diversity of Services - Individuals should have a choice of authentication tools and providers in the marketplace.

3) Use Individual Authentication Only When Appropriate -Authentication systems should be designed to authenticate individuals by use of identity only when such information is needed to complete the transaction. Individual identity need not and should not be a part of all forms of authentication.

4) Provide Notice -Individuals should be provided with a clear statement about the collection and use of information upon which to make informed decisions.

5) Minimize Collection and Storage- Institutions deploying or using authentication systems should collect only the information necessary to complete the intended authentication function.

6) Provide Accountability - Authentication providers should be able to verify that they are complying with applicable privacy practices

I would add that some legal systems like the European, Israelian, Argentinian etc. ones are based upon a very simple concept with many additional consequences: personal information is proprietary to the person. Divulgation of private indormation obtained in trust as in the case of Joey Borda is a crime, the same as physically abusing or raping the person.

Not only the divulgation but the drum justice around it and the way it was obtained. For example, I don't think there would be real problems in France to send SS a few weeks to jail for his demeanor of the last few days and why Joop's mails are so upsetting. This may explain why those accustomed to the respect of privacy (what means the respect of the real person for us) are genuninely chocked by these attitudes - what Members from other legal culture may not be?

To the point while I feel there is a growing consensus to think SS only does that to ascertain a weak Panelist capacity by terrorism, this may only be in his cultural environement some acceptable zeal?

O regiones O mores.
This is also international. This is why I favor - as the Members do - local @large structures.
jfc

References:
- [atlarge-discuss] Authentication Privacy Principles
  - From: DannyYounger@cs.com

Prev by Date: Re: [atlarge-discuss] Verisign Spam [Fwd: Service Enhancements - Account Review Recommended]
Next by Date: FWD: Re: [atlarge-discuss] Election SOddities and DanIrregularities (was something...
Previous by thread: [atlarge-discuss] Authentication Privacy Principles
Next by thread: Re: [atlarge-discuss] Authentication Privacy Principles
Index(es):
- Date
- Thread