In the world of information governance and a fair go for the individual in dealings with business and government, how has it felt this month?  

Weatherwise, for the folk in northern temperate climates, May is the time that the summer clothing begins to break out, people begin to smile and in England, the challenge of scoring 1000 runs in May is in the air.  Here in the southern temperate climes that I mostly inhabit we are moving solidly into winter.

In the world of information governance and a fair go for the individual in dealings with business and government, how has it felt this month?  Does it feel like we are North of the Equator or South?

It seems to have been a mixed bag.

The month was heralded by the Managing Identity in New Zealand conference which you can now see in full on video and included the eGov forum in Sydney.

But there was also chilly weather ...

The upcoming identity conference in New Zealand is going to be a high spot for ID management in this part of the world; indeed anywhere.

In 2 weeks, I will be heading to New Zealand to participate in Managing Identity in New Zealand - Identity Conference 2008.  Among the other speakers will be Stefan Brands to talk about Credentica & its purchase by Microsoft, which we first celebrated in A great day for privacy: genuine privacy respecting, user centric Identity Management has hit the mainstream the day after it was announced.

As a consequence, I have been brushing up on latest developments in ID management in New Zealand.  The short version of that story is that, at least among the Anglo cultures, the New Zealand government almost certainly takes the prize for seeking to provide privacy respecting, user centric ID management.

See for example igovt public consultation at Vikram Kumar's fabulous Identity & Privacy blog; while you're there have a wander round his site.  Martin Stewart-Weeks from Cisco introduced me to the site. 

The transparency debate is nuanced & needs a lot more work.

Applying transparency and ratings to policing raises some fascinating questions that have been around for a long time. In one sense, the case recently put at "Transparency in policing?...or invasion of privacy...risk?" is that a very important group in our society should have applied to it the same logic as it wants applied to the rest of us:  'If you've got nothing to hide, you've got nothing to fear'.  The reaction, though, is interesting.  Like many professions (legal, accounting, medical etc), arguments come back along the lines of 'we are different & deserve special treatment" - legal professional privilege; doctor-patient relationship etc.

Google recently used the transparency argument in "Using log data to help keep you safe", at Google Public Policy Blog, posted 13 Mar 2008.

David Brin explored the extreme of this logic some years ago in his book "The Transparent Society". For a fascinating review of this book and the "communitarian" counterpoint, see "Privacy please", a book review in Salon magazine, 26 April 1999.

The bar for acceptable ID management has just been suddenly raised. 

Microsoft has just announced it has purchased Stefan Brand's Credentica, a truly privacy enhancing Identity Management system that delivers on more of Kim Cameron's 7 Laws of Identity. 

The purchase of Credentica is a very significant step.  Here is a way in which an assertion about identity or anything else can be authenticated to a relying party WITHOUT the organisation that does the authenticating knowing anything about the transaction between the individual and the relying party (such as the individual's bank, a government agency etc).  Thus "connecting the dots" between the different parts of the individual' life or between the different parties with whom the individual is interacting no longer is a necessary component of the process.

Much more will be written about this development in coming days and weeks.  Microsoft will be working on practical deployment which will be fascinating to follow.

I think the title of this blog entry is an understatement.

And now Ernst & Young have released their swallow, after the earlier ones seen in Privacy gains attention over the Christmas New Year break. Does a swallow or two make a Spring?, then Another swallow flew by, but who was looking ?

Their 10^th Annual Global Information Security Survey reports that Privacy & Data Protection have emerged as one of the top 3 drivers that impact information security in the organisation. 

Stephen Wilson made an excellent point in his comment "Privacy movement deja vu" on my blog on "Another swallow flew by, but who was looking?"

He pointed out the curse of the rule maker:  Rules are made to be broken. 

But there are more lessons for rule makers than just this perennial reminder.