Learn how you can register.

Register to Vote!

Aug 9, 2012 2 Comments ›› Phil Wolff

To vote in the spring elections you MUST register to be a part of the Identity Ecosystem Steering Group by February 14th.  

Membership is open to any person and any organization (any citizenship, any location in the world). 

  • The first set of elections is mid-March for at large positions (elected by everyone in the IDESG).
  • The second round of elections  is mid-April.  This is where you will vote for me as your stakeholder delegate if you sign up in the Small Business Entrepreneur Category.

If you registered in the summer you must update/reregister because the membership agreement changed and it must be signed now.  E-mail   administrator@idecosystem.org to do so.  You can change from one stakeholder category to another (from Consumer to Small Business #11)

If you are registering with the IDESG for the first time  go to this page and fill out this form on the site.  http://www.idecosystem.org/page/new-member-registration-form

Select:

  • stakeholder category 11 Small Business & Entreprenuers. 
  • Participating Member (then if you are an individual or organization you can be one or the other)

The Secretariat will e-mail you the membership agreement – you sign it and return it one of two ways

  1.  ”digitally” in a program like Adobe that lets you do put it in to forms like this

  2. “manually” by printing it out and either scanning + email or faxing it back to them.

Please don’t hesitate to contact them administrator@idecosystem.org if you have trouble with the process and feel free to CC me kaliya@kaliyaformayor.org

 

Bonus Step - tell your friends!

An organization or individual shall be permitted to join the Steering Group by executing the Membership Agreement as a Participating Member or by expressing the intent to join as an Interim Member.  Interim Members shall have the same rights and responsibilities as Participating Members. Interim Members shall execute the Membership Agreement no later than the end of the initial interim period in order to remain members.

 

Q. Why does PDEC care about NSTIC?

Feb 11, 2013 No Comments ›› Phil Wolff

Q. You’re the executive director of the Personal Data Ecosystem Consortium. Why does PDEC care about NSTIC? 

I am focused on making a personal data ecosystem (PDE) real. And a rich, strong, diverse identity ecosystem lowers common barriers our PDE participants confront. 

The big vision of an Identity Ecosystem articulated in NSTIC goes well beyond identity credentials for verified identities. It envisions a future with both the technical and policy infrastructure needed for people to share all types of personal data associated with themselves.  

NSTIC efforts in these areas will help a personal data ecosystem emerge more quickly :

  • Stronger logins. Multi-factor authentication is helpful/useful for a personal data ecosystem to help people protect their personal clouds / personal data stores. 
  • Work with “real” names. People have records in services that use their “real names” like utility companies, health records, phone companies, governments, businesses. They must “prove” who they are before these risk averse services permit copying their data into their personal data banks. 
  • Support anonymity. Let people use pseudonyms in transactions. 

Q. What is a “Regulate Forward” strategy?

Feb 10, 2013 No Comments ›› Phil Wolff

NSTIC is a Regulate Forward strategy

The US government is keen for markets to solve Internet information sharing, privacy and trust challenges. Theirs is a “Regulate Forward” approach. NSTIC strives to establish policy for where technology will be instead of regulating for where it’s been: past societal conditions, rapidly obsolescing technologies, and old industry models.

“A good hockey player plays where the puck is. A great hockey player plays where the puck is going to be.” — Wayne Gretzky

Q. Lawyers like the term “trust framework.” Is there a better framing?

Feb 10, 2013 No Comments ›› Phil Wolff

Q. Lawyers like the term “trust framework.” Is there a better framing? 

I prefer “accountability framework.” Here’s why. 

Trust is a meta-goal for the overall system and transactions within it. I think naming the techno-legal policy sandwiches “trust frameworks” is a mistake.  

These frameworks, which are the Identity Ecosystem’s default, connect the Identity Ecosystem’s participants through technology, contractual, and economic layers. Each of these layers have their own design and implementation challenges. Making the layers support each other is another kind of challenge. We expect accountability framework layers to complement each other, reinforcing constructive behavior, leading to a healthy ecosystem. 

Credit card networks work this way. They connect banks, merchants, and individuals to each other in ways that build trust in the network, pay for the network, and manage individual and network risks.  

Legal liability and political concerns are thorny. If a citizen uses a bank-issued digital identity credential to login to the IRS, who is liable if something goes wrong? These “trust frameworks” combine technology interop and contractual policy frameworks that help the parties “trust” identities (believe they are accurate) issued by another party in the system. Within a section of my NSTIC NOI response, I suggested a better name for the frameworks might be “accountability frameworks.” The Trouble With Trust: The Case For Accountability Frameworks is my post on the topic. 

The issue at its core is about how “trust” means different things in different contexts at different scales. Regular citizens participating in a “trust framework” will think all the people and entities within a “trust framework” are trustworthy and the underlying policies are good and respect people’s data and identities. That’s not necessarily true. All a trust framework’s rules do is name the policies for a particular system; these may not be good for users or organizations within them. 

The path to bringing a thriving personal data ecosystem into being will be through the development of multi-party networks using rules (accountability frameworks) in alignment with people, and that respect the individual. Let’s look for inspiration to the ways the banking/credit card network exchange valuable information/currency. You can see designs that manage risk and liability, and create accountability with trust-frameworks/system rules for digital systems.

Q. What does the NSTIC program look like now?

Feb 9, 2013 No Comments ›› Phil Wolff

Q. What does the NSTIC program look like now? 

There are six parts. 

NSTIC National Program Office. @NSTICNPOThe NSITIC NPO operates within the Department of Commerce’s National Institute of Standards. It is lead by Jeremy Grant. The office has several full time staff and they are responsible for the transition of NSTIC from a US government initiative to an independent, public-private organization. They’re smart, talented, and they care. 

Identity Ecosystem Steering Group (IDESG).The NPO invited many people, NGOs, government bodies, and companies to participate in building an identity ecosystem in the Identity Ecosystem Steering Group. All the people and organizations who sign up to be a part of this are together called “The Plenary.”  The NSTIC NPO wrote IDESG’s charter and its first bylaws.

IDESG Management Council. The IDESG management council is elected by the members of the plenary who self-selected into stakeholder categories. Each stakeholder category elects a delegate to the Management Council. The entire plenary also elects two at-large positions and two leadership positions. The management council creates sub-committees to get its work done. I’m chairing one that collects holistic ecosystem pictures, for example.

Committees within the IDESG Plenary. These committees do the actual work of making the identity ecosystem’s vision a reality. New committees can be proposed by any member. Committee membership is open to all plenary members. The work and activity of the committees is shared openly. A few of the active committees are working on standards, privacy, trust frameworks, accreditation, and nymrights. 

The Secretariat. The NSTIC NPO awarded a $2.5 million dollar contract to provide support services to the Identity Ecosystem Steering Group. Trusted Federal Systems won the contract to act as the IESG’s “Secretariat.” They coordinate meetings, manage listservs, and the like. 

NSTIC Pilot Projects. In early 2011, the National Program Office put forward $10 million in funding for five pilot projects that worked to solve some of NSTIC’s challenges. Grants were awarded in September 2012 and run for one year. The pilot projects were set up before the IDESG existed and the IDESG had no input into the selection of the the winning pilots. 187 different initial pilot projects applied for grants, 27 were selected to submit full proposals, and five were selected. Applications for a second round of pilots are coming in Q1 2013. 

Right now, there’s a lot of activity. Many of the groups have weekly conference calls and are working to define their goals, name their concerns, and agree on achievable road map milestones. Most of the administrivia basics are done. 

Q. What triggered the whole NSTIC thing?

Feb 8, 2013 No Comments ›› Phil Wolff

Q. What triggered the whole NSTIC thing? 

When the Obama administration came into office in 2008, it started a cyber security review. Password re-use was identified as a real threat. Simply put, the fact that people use the same password for multiple sites where they also use the same user-name, likely their e-mail address, is a vulnerability. People use the same password at a small unimportant site with low security where, if compromised, the same user-name/password combination would work to access their accounts on more important and secure sites. This is a vector for privacy, identity theft, and national security.

One result of the cyber security review was the development of a National Strategy for Trusted Identities in Cyberspace (NSTIC).

Another thread that lead to NSTIC was the ongoing work of the Federal Identity and Access Management (FICAM) sub-committee of the Chief Information Officer Council within the General Services Administration. They were working on the challenges of how to support citizens logging into government sites (Departments of Health, Education, Social Security Administration, etc.) to access services government services. These agencies often don’t need to know who a citizen is when offering them services, like looking up things in a government library. When it comes to sharing records with a citizen, like tax or educational loans or anything very personal, the government must assure the citizen is who they say they are. NSTIC is supporting a larger conversation about how to enable government trusting private sector issued credentials used by citizens to login to government sites to access services.

Q. What are 3 things you would do to increase public participation in NSTIC?

Aug 9, 2012 No Comments ›› Phil Wolff

Q. What are 3 things you would do to increase public participation in NSTIC?

Since I was elected to the Management Council I have been advocating for better meeting processes that are more inclusive and diverse.  I am working to help articulate how those with only a very
I have been advocating to small business owners get involved and will continue to do so (I recently recruited my Hairdresser to join). In the coming years I plan to advocate for out reach events for particular constituencies who will use the Identity Ecosystem.
I hope that we can work to develop a discussion guide about identity and encourage small local conversations about it with the results being fed back to the NSTIC process.

Q. What should be government’s role in NSTIC at its beginning?

Aug 8, 2012 No Comments ›› Phil Wolff

What should be government’s role in NSTIC at its beginning?

The government can’t abdicate responsibility and just collaborate with companies. Its job is to be an advocate for the people and ensure that the guiding principles are not left behind because they are inconvenient or perceived to cost too much.

The private sector is not just the largest IT companies; government must remember to foster space for new innovations to emerge.

Government must, in this phase of emerging activity:

  • develop with the ecosystem the broadest possible range of stakeholders;
  • agree on metrics (both qualitative and quantitative) for ecosystem health, balance and success;
  • monitor and feedback to the system the results from the agreed-upon indicators.

Q. What risks rise with an “unbalanced” identity ecosystem?

Aug 8, 2012 No Comments ›› Phil Wolff

What risks rise with an “unbalanced” identity ecosystem?

On the one hand, it could become very easy for virtually any company online to request highly validated identities and require the presentation of identifiers associated with “real legal name” credentials for almost all transactions and comments. This inhibits civil freedoms and creates a participatory panopticon situation.

On the other hand, people may not adopt a diverse range of accountability networks because they are not well understood. So transactions online decline or people retreat into private commercially-controlled silos.

Fostering the emergence and governance of an Identity Ecosystem is challenging. I do think it is possible for a thriving ecosystem to emerge through the application of the best of available organizational, deliberative and governance processes and structures.

Q. How long is a term of service or membership?

Aug 8, 2012 No Comments ›› Phil Wolff

For how long am I signing up to participate?

You can withdraw from participating in the steering committee at any time by sending in a letter to the Secretariat.

Q. Does ‘participating’ mean lots of meetings?

Aug 8, 2012 No Comments ›› Phil Wolff

If I sign up for participating do I have to go to a lot of meetings?

Nope, you don’t have to go to a lot of meetings. Participation in the plenary can be online. It means paying attention a few days a year.

Q. Is this global or a US initiative?

Aug 8, 2012 No Comments ›› Phil Wolff

Isn’t the internet global in scope? This is a US initiative; how do these two things jive?

Yes, the web is global in scope, and the US is a large country with great influence. This initiative is open to participation to people and organizations from all over the world.

Q. What is the Secretariat?

Aug 8, 2012 No Comments ›› Phil Wolff

What is the Secretariat?

The NSTIC NPO awarded a $2.5 million dollar contract to provide support services to the Identity Ecosystem Steering Group. Trusted Federal Systems won the contract to act as the IESG’s “Secretariat.” They coordinate meetings, manage listservs, and the like.

Q. What would it look like to have greater citizen involvement and input?

Aug 8, 2012 No Comments ›› Phil Wolff

What would it look like to have greater citizen involvement and input?

It will be essential to have a number of delegates on the management council, who lead this initiative, to engage in citizen input and dialogue in a meaningful way.

Q. How did they come up with this organizational design and governance model?

Aug 8, 2012 No Comments ›› Phil Wolff

How did they come up with this organizational design and governance model?

Several months after the White House started the National Program Office, they issued a Notice of Inquiry to solicit written input from industry about what the Governance of the Identity Ecosystem could look like (see that NOI here). Many citizens and groups responded. You can read my NSTIC Governance NOI Response.

Q. Can people put themselves into a stakeholder group?

Aug 8, 2012 No Comments ›› Phil Wolff

When registering as participating individuals can people put themselves into a stakeholder group?

Yes. There is nothing saying that individuals need to be part of the unaffiliated individual category. An individual can register and assert belonging to any one of the stakeholder groups. They will vote for a delegate to the Management Council along with organizations who also nominate themselves into this stakeholder group.

Q. Who can vote?

Aug 8, 2012 No Comments ›› Phil Wolff

Who can vote for delegates on the Management Council? 

Only those who have registered as participating members can vote for a delegate on the Management Council.  You must register by February 14th, 2013 for Spring elections.

Who can vote in plenary wide – whole steering committed votes?

Only those who have registered as participating members.

Q. Is participation in the committees open?

Aug 8, 2012 No Comments ›› Phil Wolff

Is participation committees open?

Yes. Anyone who registers as a participating or observing member can participate in committees.

Q. Why are there so many parts to the steering committee?

Aug 8, 2012 No Comments ›› Phil Wolff

Why are there so many parts to the steering committee? 

The strategy calls for a steering committee In sticking with that terminology, those at the National Program Office for NSTIC decided to have two main parts.

The first part is the plenary, a group of all those who sign up to participate. 

The second part is a Management Council made up of 14 representatives, one from each of 14 designated categories, attempting to represent diverse interests and stakeholders.

Planners defined several standing committees and the possibility of many working groups. 

Q. How much does NSTIC need wide and diverse support?

Aug 8, 2012 No Comments ›› Phil Wolff

How much does NSTIC need wide and diverse support?

The high level vision outlined in the NSTIC has buy-in from a broad group of stakeholders. Making it real will involve government participation with the private commercial sector and civil society groups (neighborhood associations, schools, religious institutions, sports leagues, advocacy groups). 

Q. Is NSTIC a round-about way for putting in place a national ID?

Aug 8, 2012 No Comments ›› Phil Wolff

Is NSTIC a round-about way for putting in place a national ID?

Maybe. Will citizens and civil society organizations participate in the NSTIC process to define how identities work in cyberspace? You can read ”National! Identity! Cyberspace! Why we shouldn’t freak out about NSTIC” on my Fast Company blog.

Q. What does it mean that NSTIC is “industry lead”?

Aug 8, 2012 No Comments ›› Phil Wolff

What does it mean that NSTIC’s ecosystem is “industry lead”? 

It means the US government is looking to diverse actors, including non-profits, academic institutions, small businesses and corporations. It basically means “not” government lead but includes governance participation.

Kaliya’s Candidate Statement – Video

Aug 5, 2012 No Comments ›› Phil Wolff

If you want to watch it on YouTube you can – http://www.youtube.com/watch?v=fcDoPRua7yU