[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [atlarge-discuss] Authentication Privacy Principles
Secrecy is the badge of fraud.
-John, Sir Chadwick (b. 1941), British judge.-
---------- Original Message ----------------------------------
From: "J-F C. (Jefsey) Morfin" <jefsey@club-internet.fr>
Date: Fri, 06 Jun 2003 22:15:52 +0200
On 21:00 06/06/03, DannyYounger@cs.com said:
>Eight months ago, the Center for Democracy and Technology convened an
>Authentication Privacy Principles Working Group. It recently released the
>results of
>that effort which are available at
>http://www.cdt.org/privacy/authentication/030513interim.shtml
Thank you for this link. This report lists six good requirments, I am not
sure the current lunacy fully respect:
1) Provide User Control - The informed consent of the individual should be
obtained before information is used for enrollment, authentication and any
subsequent uses.
2) Support a Diversity of Services - Individuals should have a choice of
authentication tools and providers in the marketplace.
3) Use Individual Authentication Only When Appropriate -Authentication
systems should be designed to authenticate individuals by use of identity
only when such information is needed to complete the transaction.
Individual identity need not and should not be a part of all forms of
authentication.
4) Provide Notice -Individuals should be provided with a clear statement
about the collection and use of information upon which to make informed
decisions.
5) Minimize Collection and Storage- Institutions deploying or using
authentication systems should collect only the information necessary to
complete the intended authentication function.
6) Provide Accountability - Authentication providers should be able to
verify that they are complying with applicable privacy practices
I would add that some legal systems like the European, Israelian,
Argentinian etc. ones are based upon a very simple concept with many
additional consequences: personal information is proprietary to the person.
Divulgation of private indormation obtained in trust as in the case of Joey
Borda is a crime, the same as physically abusing or raping the person.
Not only the divulgation but the drum justice around it and the way it was
obtained. For example, I don't think there would be real problems in France
to send SS a few weeks to jail for his demeanor of the last few days and
why Joop's mails are so upsetting. This may explain why those accustomed to
the respect of privacy (what means the respect of the real person for us)
are genuninely chocked by these attitudes - what Members from other legal
culture may not be?
To the point while I feel there is a growing consensus to think SS only
does that to ascertain a weak Panelist capacity by terrorism, this may only
be in his cultural environement some acceptable zeal?
O regiones O mores.
This is also international. This is why I favor - as the Members do - local
@large structures.
jfc
--
Micheal Sherrill
micheal@beethoven.com
The owner of this signature has been authenticated by www.thawte.com as
a Real Person. The owner is also a Notary of the Web of Trust for
www.thawte.com which is a third party verifier of high level
certification. Please go to their Web of Trust page at
https://www.thawte.com/html/SUPPORT/wot/general.html for information.
--
*************************************************
Listen to the "World's Classical Radio Station"
http://www.beethoven.com
Great Music, Free Email, Exciting Bulletin Board!
---------------------------------------------------------------------
To unsubscribe, e-mail: atlarge-discuss-unsubscribe@lists.fitug.de
For additional commands, e-mail: atlarge-discuss-help@lists.fitug.de