The protection of digital The protection of digital identities in the context of identities in the context of big data analyticsbig data analytics

Harry HalpinHarry HalpinOECD Technology Foresight Forum OECD Technology Foresight Forum 23 October 201223 October 2012

1

2

There are real-life consequences

Of data analytics and regulations

•Technical Solutions do not work by themselvesTechnical Solutions do not work by themselves• Mathematically impossible to truly anonymize large data Mathematically impossible to truly anonymize large data • Signals for user-intent (Do-Not-Track) require co-operationSignals for user-intent (Do-Not-Track) require co-operationof the analyticsof the analytics• How to even retrieve your personal data from the cloud? How to even retrieve your personal data from the cloud?

•Legal solutions have to be based in technologyLegal solutions have to be based in technology• Cost is very high to remove content from large data. Cost is very high to remove content from large data. • Users often can't understand their consent to terms-of-Users often can't understand their consent to terms-of-

service legal contracts, and these contracts often cannot service legal contracts, and these contracts often cannot be enforced technically. be enforced technically.

• We can't turn back the clock..We can't turn back the clock..• Large data has revolutionary consequences for individual Large data has revolutionary consequences for individual

users and wider society beyond just advertisements users and wider society beyond just advertisements • Carbon emissions, health, scientific discoveryCarbon emissions, health, scientific discovery

3

Yet currently you do not control your dataWho does? Can you?

–

4

Policy must become technological

Technology then becomes policy

1.1.The current identity standards The current identity standards fragmentation (OpenID Connect, Mozilla fragmentation (OpenID Connect, Mozilla Personae, Facebook Connect)Personae, Facebook Connect)

2.2.The need for secure digital signatures and The need for secure digital signatures and better cryptography for high-value data: better cryptography for high-value data: See W3C Web Cryptography API. See W3C Web Cryptography API.

3.3.The need to secure the Web in general:The need to secure the Web in general:W3C Web Application Security Working W3C Web Application Security Working

Group and IETF Web Security/JOSE Group and IETF Web Security/JOSE groups.groups.

1.1. Need to co-ordinate national-level Need to co-ordinate national-level attempts (NSTIC, India) with global open attempts (NSTIC, India) with global open standard-bodies standard-bodies 5

Standards are the Key!

6

The value of data is inherently collective,not individual.

The Web becomes the Web of Data

7

Enabling the protection of identity while allowing value to be created

Think Answers to Questions, Not Collecting Large Data