digital identity 2.0how technology is transforming behaviours

and raising citizen expectations

Patrick McCormickManager Digital EngagementDepartment of Justice Victoria Digital ID World Sydney29 March 2011

Unless indicated otherwise, content in this presentation is licensed:

digital identity 2.0how technology is transforming behaviours

and raising citizen expectations

1. we are here now

2. the times, they are a-changin

3. silos and shoe boxes

4. rebooting digital identity

1. we are here now

Map of Online Communities 2010: Randall Munroe/xkcd, Ethan Bloch/Flowtown

(AGIMO: Australia in the Digital Economy, 2009)

Australians mostly prefer the web

and are spending more time online

according to comScore’s State of the Internet 2010• 18.8 hours per month online on average

• 36.3% used Apple iTunes

• 42.6% used online banking services

• 81.6% used social networks

exponential growth of social media

public sector social media approach

Department of Justice social media policyhttp://www.youtube.com/watch?v=8iQLkt5CG8I&feature=youtu.be

citizen expectations are changing

3 types of expectations - Charlie Leadbeater

• I need – essential services government must provide

• I want – discretionary services responding to demand

• I can – option to self select, participate, co-produce

why now?

• Internet 1.0 – low or no cost production and distribution

• netizens 1.0 – surplus computing and doing capacity

• web 2.0 - new tools, behaviours, expectations

the Internet has something to do with it

compact yet immense, a ‘small world’• 10x growth adds ‘one hop’

• growth is organic and ad hoc

power law distribution mostly below and above the mean•few with many links•many with few links

In Search of Jefferson’s Moose - David G. Post

power law distribution mostly below and above mean• few with many links• many with few links

the public sector is evolving

1. 20th century administrative bureaucracy

2. new public management - performance

3. triple bottom line - shareholders and stakeholders

4. co-productive, shared enterprise

read-onlyrigid, prescriptive, hierarchical

read-writeagile, principled, collaborative

so what is Gov 2.0 all about?

the new economy begins with technology and ends with trust

- Alan Webber 1993

web 2.0

Gov 2.0

government

what implications for the public sector?

public sector

public policy

need to go back to first principles

public sector

public policy

public purpose

trust

Gov 2.0 is not about technology

but Gov 2.0 is powered by technology

citizens

internet

governmentPSI

technology

public purpose

trust

Gov 2.0 begins with public purpose and ends with trust

technologycitizens

governmentPSI

internet

what does this mean for government?

a new approach

• share (not cede) power, when and where appropriate

• maintain authority in old and new models

• moving from a PDF to a Wiki approach

key components

• culture of experimentation and collaboration

• open access to public sector data and information

• voice of authenticity, uncertainty and contestability

an emerging policy platform

Victoria• parliamentary inquiry into PSI• VPS innovation action plan• government response on PSI• government 2.0 action plan

Commonwealth• Gov 2.0 Taskforce report• APSC online engagement guidelines• declaration of open government

3. the times, they are a-changin

the Wikileaks ‘age of transparency’

“information wants to be free” - Stewart Brand at first Hackers' Conference in 1984

public policy challenge perception is reality

United States Social Security Administration• pioneering late 90s initiative move services online

• users query retirement accounts – same as phone

• backlash against perceived privacy and security risks

from CCTV state to peer to peer surveillance

Banksy

many people choose to make some personal information public

analysing our book purchases to predict future reading

scanning our music and video collections to make recommendations

175,398 friends like Queensland Police

supporting community role and establishing trusted, authentic new presence

active communication with citizens

(cc @justice_vic) Working with Children check was 90% done (almost 11 weeks), lodged an Employ instead, and it will restart and take another 12 weeks. What a stupid system…

(cc @justice_vic) Working with Children check was 90% done (almost 11 weeks), lodged an Employ instead, and it will restart and take another 12 weeks. What a stupid system…

exceeding expectations by following up

@deonwentworth Have chased up and have an answer for you. Pls dm your email addy or contact # as response won't fit in 140 spaces. Thanks J

@deonwentworth Have chased up and have an answer for you. Pls dm your email addy or contact # as response won't fit in 140 spaces. Thanks J

building trust through an open exchange

@deonwentworth Simple answer: starts over when changing categ. - makes extra sure no charges after applying. Annoying yes, but we err on side of extra protection for kids. D

@justice_vic thanks. Got my card earlier in the week.@justice_vic thanks. Got my card earlier in the week.

going where people are to get information out

(9,300 fans) x (average of 150 friends) = 1,209,000 people

people want to help and government is well placed to facilitate

seeking citizen input, educating interactively

mobile apps enable citizens to help themselves and their neighbors

Victoria Police serve intervention order on FB

2. silos and shoe boxes

the current state of digital identity and personal information sharing

individuals

third parties

our data

public bodies

suppliers

identifiers identifiers

claims, assertionsinteractionstransactionsentitlementsservice end points

nameaddressdate of birthgender

circumstanceassets, liabilitiespreferencespeer to peer interactionsfuture intentions

central governmentlocal governmentbanks, utilitiesretail, products, services

postal addresselectoral rolegeo-codescalendar

marketingcredit bureau credit applicationscourt judgmentsbankruptciesvehicle data

Source: TVC 2002

guesswork:your preferencesyour requirementsyour intentions

tackling either technology or policy challenging enough

low medium

medium high

tech

nolo

gy

sop

hist

ica

tion

policy/services breadth

mostly simple identity solutions

low medium

medium high

tech

nolo

gy

sop

hist

ica

tion

policy/services breadth

some more advanced in one dimension

low medium

medium high

tech

nolo

gy

sop

hist

ica

tion

policy/services breadth

few solutions advance in both dimensions

low medium

medium high

tech

nolo

gy

sop

hist

ica

tion

policy/services breadth

Australia’s tyranny of resistance

• NO universal identifying number

– TFN, Medicare number, state driver's license

• 1987 - Australia Card abandoned

• 2007 - Access Card abandoned

– Medicare, Centrelink, CSA, Veterans Affairs

• exploring gov.au electronic ID – AFR 5 Oct 2010

• National Authentication Service for Health (Nash) 2011

– improve security of electronic health communications,

– underpin personally-controlled e-health records

RSA authentication leaks

• token generates new security code every 60 sec

• two factor authentication - PIN and dynamically generated code

• victim of “extremely sophisticated cyber attack”

• potential impact: Departments of Defence, Prime Minister and Cabinet and Treasury, Crimtrac and Australian Electoral Commission21 March 2011 www.theage.com.au/technology/security/hacked-security-firm-leaves-aussies-vulnerable-20110321-1c2i4.html

pubs fight violence with biometrics

• biometrics databases capture patron fingerprints, photos, and scanned driver licenses

• individuals banned at one location could be refused entry in multiple venues

Source: 1 Feb 2011 http://news.cnet.com/8301-31921_3-20030234-281.html#ixzz1HT8C9mGB

• databases free from regulation - biometrics not covered by privacy laws i.e. left to discretion of technology vendors

Americans also resist national IDs

• government will enable creation of verified identities, to support “identity ecosystem”

• getting verified identity will be elective

• user would be able to use one login for all sites

“We are not talking about a national ID card. What we are talking about is enhancing online security and privacy, and reducing and perhaps even eliminating the need to memorize a dozen passwords, through creation and use of more trusted digital identities.”

Commerce Secretary Gary Locke – Jan 2011

http://www.readwriteweb.com/archives/us_commerce_department_in_charge_of_national_inter.php

• NO universal identifying number – SSN de facto national ID

Hong Kong makes everyday life easier

• world’s first contactless smart card system – 1997

• payment system used for virtually all public transport

– and convenience stores, supermarkets, restaurants, parking meters, car parks, service stations and vending machines

• used by 95% of Hong Kong population aged 16 to 65

• over 11M transactions worth over US$12.8M – every day

Estonia’s citizen centric digital ID

4. rebooting digital identitySource: LinkedIn

what is digital identity?

• mediating experience of own identity and of other people

• authentication of trust-based attribution, providing codified assurance of identity of one entity to another

• identifiers used by parties to agree on entity being represented

• self-determination and freedom of expression - a new human right?

Source: http://en.wikipedia.org/wiki/Digital_identity

digital identity and the freedom to be…

1. unidentified

2. pseudonymous

3. identified

virtues of forgetting in a digital age

• 2011 EU data protection goals include clarifying right to be forgotten

• i.e. right of individuals to have their data deleted when no longer needed for legitimate purposes

“Regulating the Internet to correct the excesses and abuses that come from the total absence of rules is a moral imperative!” French President Sarkozy

making the case for user control

The UK Conservative Party Manifesto – Apr 2010

World Economic Forum: Rethinking Personal Data Project – Jun 2010

The Economist Special Report: the Data Deluge – Feb 2010

This ‘data vault’ concept, an intermediary collecting user data and giving 3rd parties access to this data in line with individual users’ specifications, is one potential solution that offers many theoretical advantages

Rather than owning and controlling their own personal data, people very often find that they have lost control over it.

Wherever possible we believe that personal data should be controlled by individual citizens themselves.

federated social networks

• leading federated social network software open-source so anyone can re-use code to create and maintain profiles

• common language so profiles can talk to one another

• choose from array of "profile providers” like email providers

• option to set up own server, provide own social profile

• profiles are interoperable even on different servershttp://www.eff.org/deeplinks/2011/03/introduction-distributed-social-network

trust frameworks

Source: http://mashable.com/2010/03/03/google-paypal-oix/

• U.S. Government sites require certification system enabling party accepting credential to trust identity, policies of issuing party credential

• OIX is first Open Identity Trust Framework provider – Open Identity Exchange founded by Google, PayPal, Equifax, VeriSign,

Verizon, CA and Booz Allen Hamilton in 2010

– enables exchange of credentials across public and private sectors to certify identity providers to federal standards

– different from OpenID which lets sites share same credentials

personal data stores

Source: MyDex, The Case for Personal Information Empowerment: The rise of the personal data store

• individuals as data managers – user control and choice

• lower costs and new opportunities for organisations

• environment of trust and platform for innovation

digital identity 2.0 – emerging principles

• one size does not fit all

• support for different types of identity

• privacy & security expectations vary

• maximise user control and choice

• trusted relationships critical

• information may need expiration date

digital identity 2.0how technology is transforming behaviours

and raising citizen expectations

1. we are here now

2. the times, they are a-changin

3. silos and shoe boxes

4. rebooting digital identity

Patrick McCormickpat.mccormick@justice.vic.gov.au@solutist

IS Parade

re-using this presentation? the fine print…

• Parts of this presentation not under copyright or licensed to others (as indicated) have been made available under the Creative Commons Licence 3.0

• Put simply, this means:– you are free to share, copy and distribute this work– you can remix and adapt this work

• Under the following conditions– you must attribute the work to the author:

Patrick McCormick (pat.mccormick@justice.vic.gov.au or paddy@post.harvard.edu)– you must share alike – so if you alter or build upon this work you have to keep these same conditions

• Unless stated otherwise, the information in this presentation is the personal view of the author and does not represent official policy or position of his employer