Ben Laurie blathering

If You Have Laws, Are You A Politician?

A while back, I posted about Ontario’s love affair with Cardspace (I notice, btw, that Ann Cavoukian is so hip to this ‘net thing that she’s broken the link to her white paper, which is now here – confidence inspiring). In that post, I said that there was a false claim that the laws were “developed through an open consensus process”.

Kim, being a smart guy, responded thusly

there were many people who interacted with me when I was articulating the laws. I listed them all in the laws – and no one asked not to be mentioned, so far! I’ve actually been under the impression that there is general consensus that the laws move us forward. EVen you seem to agree.

So I don’t get your point. You don’t want people like Anne Cavoukian to get involved? You don’t think the laws are a good handle for doing so? You don’t think the laws have had a defining role in the emergence of user centric approaches? Or are you arguing that there is no consensus because we didn’t take a formal vote?

I actually thought the laws were a good way for the privacy community to hook up with those of us doing identity.

This strikes me as a politician’s response. I didn’t say there wasn’t a consensus that the laws move us forward. I didn’t say I disagreed with them. I didn’t say Anne Cavoukian should not get involved. I didn’t say the laws were a bad handle for involvement. I didn’t say that the laws have not had a defining role. I didn’t say there was no consensus because we didn’t vote.

What I did say is that the laws were not evolved through an open consensus process. Kim wrote them down. Many people said they were cool, including me. Kim may have made minor changes in response to discussion, but they are not the result of some kind of groupthink.

For example, I have often pointed out that the laws do not include the requirement for unlinkability but they have not been updated to include it (presumably either because Kim doesn’t think its a requirement, or, perhaps more realistically, because Cardspace does not support unlinkability). I and others have pointed out that law 4 is practically unreadable on its own – what are “omnidirectional” and “unidirectional” identifiers? Indeed, what are “public” and “private” entities – now I think about it, this law needs serious redrafting to make any sense.

Kim also says I should read Cavoukian’s version of the laws, and he’s right. She’s redrafted law 4 rather well:

A universal identity metasystem must be capable of supporting a range of identifiers with varying degrees of observability and privacy. Unidirectional identifiers are used by the user exclusively for the other party, and support an individual’s right to minimize data linkage across different sites. This is consistent with privacy principles that place limitations on the use and disclosure of one’s personal information. At the same time, users must also be able make use of omnidirectional identifiers provided by public entities in order to confirm who they are dealing with online and, thereby ensure that that their personal information is being disclosed appropriately. To further promote openness and accountability in business practices, other types of identifiers may be necessary to allow for appropriate oversight through the creation of audit trails.

I’m particularly interested by “unidirectional identifiers are used by the user exclusively for the other party, and support an individual’s right to minimize data linkage across different sites” – in other words, she recognizes the need for unlinkability. And its true that unidirectional identifiers support the right to minimize data linkage – but they don’t achieve it on their own, and this is where Cardspace currently falls down – unidirectional credentials are issued through a process that is entirely linkable. Unlinkability is achieved only if everyone agrees not to link.

Kim also says that no-one has asked to be removed from his list of “contributors”. This is totally unsurprising – many of them have a vested interest in staying friendly with Microsoft – but I know from private communications that not all of them actually agree that they have contributed.

Kim could easily refute my claim with facts rather than rhetoric. All he needs to do is point to the “wide-ranging conversation documented at” and show how his laws evolved through that conversation. I’ve looked – indeed, I’ve followed the discussion – and I haven’t found any evidence at all that supports this claim, let alone contributions by each of the listed people.

Incidentally, I notice that Kim links to practically every blog out there that talks about identity – but not mine. Is that because he doesn’t want to link to anyone that’s not 100% positive about Cardspace?


  1. Hi Ben,

    You wrote that “unidirectional credentials are issued through a process that is entirely linkable”. I don’t know what you’re referring to here, because self-issued cards provide different key material to each site exactly to that there’s no global correlation handle. Care to fill in the details you’re referring to?

    — Mike

    Comment by Mike Jones — 9 Nov 2006 @ 1:42

  2. I’m referring to the situation where I (the user) want a unidirectional credential that is signed by an authority the relying party trusts. The flow, as I understand it, is my agent goes to the trusted third party and shows them a credential they (or someone they trust) signed earlier, the TTP then issues a new credential which I can show to the relying party.

    Self-issued cards obviously work fine from an unlinkability POV (my Law 3), but they provide nothing from a verifiability POV (my Law 1).

    Comment by Ben — 9 Nov 2006 @ 10:45

  3. Ben & Mike,

    Ben’s point about “unlinkability” within CardSpace strikes me as potentially critical to understanding the degree of “privacy” that Cardspace provides.

    Therefore, I invite you both to participate in a podcast with me in which we (well, both of you primarily) analyze this issue in more detail (an hour of recorded discussion?).

    Please let me know if you’re interested (aldo a t stodid d o t c o m).



    Comment by Aldo Castañeda — 19 Jan 2007 @ 15:51

  4. Dear Ben

    I think there is “Groupthink” in evidence in the Home Office’s ID plans. I wdnt criticise the “Laws” process for showing a lack of it – it’s not, as I understand the term, a good thing (see ).

    My own experience is: I came across the laws, liked them, felt they were for commercial “customer” relationships and didnt really address the needs of government and regulated relationships (which is where our UK problem is pressing). I said so, felt the point was taken on board; no complaints.

    Similarly I introduced an EPG session incl Simon Davies to them; after some initial scepticism and friction it was a good engagement of mutual benefit AFAIK.

    Sense check: count up how many negatives there are in your post above. What do we actually want? What are the problems we want solved?

    Comment by William — 17 Feb 2007 @ 15:57

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

Powered by WordPress