The Internet is no longer just a communications network, says Ontario Information and Privacy Commissioner Ann Cavoukian. "It is becoming a platform for computing - a vast, interconnected, virtual supercomputer, which presents complex security and privacy challenges."
Today, identity data is increasingly being created, stored and used exclusively in the networked "Cloud." In telecommunications, a "Cloud" is the unpredictable part of any network through which data passes between two end points. "The Cloud is getting bigger," said the Commissioner. "Do you know where your personal data is and how it is being used or misused?"
The Commissioner is releasing a white paper, Privacy in the Clouds: Privacy and Digital Identity - Implications for the Internet, at the First International Workshop on Identity in the Information Society, in Arona, Italy, today.
For the purposes of the white paper, the term Clouds is used to refer generally to any computer network or system through which personal information is transmitted, processed and stored, and over which individuals have little direct knowledge, involvement or control.
The paper explores possible technological solutions to ensure that individuals will be able to exercise information self-determination, or privacy, in an era of networked grid computing, exponential data creation, ubiquitous surveillance and rampant online fraud.
The paper describes typical "Web 2.0" use scenarios, suggests a number of technology building blocks for protecting and promoting privacy online, and concludes with a call to develop a privacy-respective information technology ecosystem for identity management.
It will not be possible, says Commissioner Cavoukian, to realize the full potential of the next generation of the Internet and "Cloud computing" without developing better ways of establishing digital identity and protecting privacy.
In the white paper, she outlines four fundamental technological approaches, covering:
- new privacy-enhancing information technologies;
- personal devices (from cell phones to PDAs to smart cards);
- intelligent software agents, and
- intermediary identity providers.
"The goal of a flexible user-centric identity infrastructure must be to allow the user to quickly determine what information will be revealed to which parties and for what purposes, how trustworthy those parties are and how they will handle the information, and what the consequences of sharing their information will be," said the Commissioner. "The individual must be in control at all times."
The paper is available on the Commissioner's website, http://www.ipc.on.ca/.