In looking at the interplay between identity and surveillance policy, I find it difficult to tell whether many players are naive, narrow-minded or "economical with the truth". It seems obvious (at least to me) that the scrutiny of EU Plans for a regulation on electronic Identities needs to be joined up that of the proposed UK surveillance legislation and viewed alongside the objectives of those organising the ITU World Conference on International Telecommunications Communications for which the papers have now been leaked . Yet the almost no-one, except for some of the members of the EURIM ID governance group appear to be trying to link them. Most players appear to obssessed over technical detail, academic definitions or short-term business opportunities.
Those who claim WCIT would be ultra vires were it to seek to wrest the oversight of Internet addressing from ICANN should remember that until last month it was the ITU that was hosting much of the work on IPV6 standards for a world of individually addressable, ubiquitous computing devices. More-over, not only is ITU still the main source of advice on IPV6 for most of its members, they would probably see the end of "IPV4 address rationing and re-use" as allowing a return to "unique telephone numbers": the organisation of which was one of the key roles of the ITU before it lost its way. Now let us look at the "addresses" enshrined in the supposedly trusted platform modules of every smartphone alongside the tools (like DarkComet ) used by investigators and criminals to monitor our on-line activities and let us revisit the inter-play between supposedly separate debates.
But how do we ensure that the current situation is replaced by something better?
And what are your channels for helping ensure that it is?
The memorandums of understanding between PICTFOR and EURIM in the UK and between the EIF and EURIM in Brussels give my successor the basis for organising much better informed policy debate at UK and EU level but unless players join and use the opportunities to subject fragmented initiatives to joined up scrutiny, the silent majority will get what it deserves, ignored .
Later today I expect to commit to taking on on a new, but related, challenge: the meaning of "trust" in the on-line world.
As a Freeman and Liveryman of the City of London I accept its traditional values. "My word is my bond". But "who am I?", "which version of which e-mail or tweet was my word?" and "what is my bond worth?". Is such concept of trust compatible with the "best efforts", alias, "liability avoidance" values that lie behind the business models of most conventional Internet service providers. And, if not, who would you rather deal with?