Gov2.0 Privacy Issues for PrivacyCampDC

EDIT: This has also been Reposted on the PrivacyCampDC Blog

In looking toward participating in PrivacyCampDC this Saturday, there are a number of privacy issues I’m concerned about regarding the movement toward open government.  While I am totally in favor of transforming government through transparency, participation and collaboration, I think it puts privacy at greater risk.  Whatever our answer in addressing this, it will involve tradeoffs.

What’s Changed? The movement toward Open Government changes the nature of the relationship between the government and its citizens.  Previously, the government was responsible for providing services to citizens, who merely consumed them.  Now we are entering an era of two way transparent participation and collaboration, in which citizens will be responsible for assisting Federal Agencies with sensemaking, priority setting and policy making.  In short, citizens are being asked to roll up their sleaves to help the Federal Government in providing the right services.

How does this Affect Privacy? I would contend that like many statutes, the movement towards Open Government renders the operational details of the Privacy Act problematic at best.  Two way participation and collaboration is often based on trust. This has implications both for the privacy details of the citizen and and the government employee they are engaged in discussions with.  As long as the citizen is merely a receptor of a government service, a citizen’s identity is often not needed.  Two-way participation implies a relationship, which more often than not may necessitate giving up privacy data.    Worse, as more and more government services are web-enabled, the citizen will be forced to provide their personally identifyable information (PII) in more and more places.  The opportunity for data spillage and identity theft is only going to increase.

Low Level Participation & Collaboration: For the lowest levels of participation, such as “What question do you want the President to answer?,” there is no need to request PII, such as name, email address, etc.   But even at a “Level 1″ Identity Assurance level (as definined by OMB M-04-04 as “Little or no confidence in the asserted identity’s validity”), we can imagine scenarios where a user who wants his/her privacy maintained still would want to maintain an ongoing profile to continue participation in a conversation.  An example of this would be if a citizen submitted an idea in Phase I of the Open Government Directive, and then got asked follow-up questions - this would mean they require a persistent identity that exists over multiple sessions.

Worse, when we move up the participatory scale privacy options virtually disapear.  If for example, a professor of nanotechnology at MIT wants to weigh in on a patent request at the United States Patent and Trademark office, her comments may only be taken seriously with regards to her credentials on the subject.  If she wanted to assert her credentials in nanotechnology to be taken more seriously by the patent lawyers reviewing the request, she would have to identify herself in some validated way.

Government Employee Privacy? Currently, privacy policies include government employee information as PII.  If a government employee participates in informal discussions online with citizens, how will their privacy be protected? One possibility is they use an alias, but in doing so, they reduce the level of trust they build up in interacting with the target sector of the public.  As an example of this, if the GS-15 responsible for giving guidance to state healthcare policy makers to implement the S-CHIP legislation, the use of an alias would impact the believability of their comments.

OpenID Options to Improve Privacy and Access: The use of OpenID for Level 1 Identity Assurance offers some possibilities to assist both in preservation of privacy data, usabilty and security.  Chris Messina, Joseph Smarr and John McCrea have a great socialweb.tv episode that discusses some options for the use of OpenID in Open Government settings. Here’s a few ideas I’ve been mulling about since watching that and then talking with David Recordon, Chris Messina and others:

  • Use of External OpenID Providers to Hide Identity While Requesting Information: Government collaboration websites should allow unvalidated external OpenID users to do basic things like subscribing to activity streams.   This in essence would be similar to a citizen going to a Federal Office and anonymously getting the information they need by picking up the available documents.
  • Use of External OpenID Providers to Use Multiple identities When Participating in Open Govt Conversations: Citizens should have the option of in effect, automatically using multiple identities in participating in government conversations.  In this use case, an OpenID provider would provide a different token to the government site every time a citizen made a post command (added a new comment or discussion).  The only connection that could be made is that all the comments came from the same OpenID provider.  If the provider was Yahoo, for instance, this would in effect remove all traceability to connect the citizen’s comments.
  • Use of External OpenID Provider to Use a Single Identity When Participating in Open Govt Conversations: In this use case, a citizen may want to build a recognizable profile which ties together their various comments.  This would lead to them establishing trust in a community similar to what is done on most social software sites.  The difference here would be they would only be providing a non-identifyable OpenID token, without email address, name, etc.

Lack of a Single Government Identity Has a Cost: As we start providing government services online, the privacy problems begin to involve an ever greater chance of a citizen’s information being carelessly exposed.  When we move toward a time in the very near future where you can request a change of address to your social security check at the ssa.gov (and medicaid services along everywhere else a change of address needs to be applied), file your taxes on the IRS Website, check the status of your educational grant online, change your voter registration online and so forth, it would be an absolute nightmare for all concerned if the government maintained each citizen’s information separately in each agency (or worse and far more likely, in each agency website that provided services).  If the citizen had a single, validated and highly protected profile, a change of address would be simplistic.  But in the online world, the change of address in every website the citizen engages in could be a nightmare.  Worse, because their PII is scattered across a myriad of webservers, it becomes far easier to have their identity stolen.  If one system is penetrated, an identity theif has a better chance of social engineering the rest.

Likewise, if the citizen has a single stored identity for the services that matter, the government can begin to do some fairly cool bundling of services.  For instance, wouldn’t it be far more friendly for the government to send you to a “Retirement Planning” website once you hit a certain age, that automatically enrolls you in receiving social security checks, medicaid and medicare, and gives you basic advice & services on money matters when living on a fixed income? If we go down the current path, the citizen will need to register and share their authenticated PII with each and every service they apply separately for - this is both riskier from an exposure standpoint and far more burdensome.

  • Government OpenID Provider: If there was something like a “Citizens.gov” site that citizens could authenticate to, a myriad of benefits would emerge.  While the citizen would be forced to serve up their real identity, they could use that OpenID token to authenticate to all other government websites.  This may actually mean their PII is MORE secure, as its only housed in one place instead of all the various Federal websites.  As an added benefit, the government could offer a yahoo-like portal interface that shows the citizen the status of all their services, where they participated on, etc.

About The Author

NoelDickover

Comments

65 Responses to “Gov2.0 Privacy Issues for PrivacyCampDC”

  1. Thus, these lions can be extremely suitable for the people
    people, who aren’t getting the possession of the valuable collateral.

  2. The consumer should fill in a very form providing some of the basic information relating for
    their personal and professional life.

  3. Now there is no need to place some collateral against just how much to gain swift cash acceptance.

  4. White tiles are an excellent choice ffor roofing repairs and replacements.
    Never install non-operable windolws during a home
    improvement effort. We’ve changed ouur regular thermostats to programmable one and
    ggot a taax deduction or enesrgy credit for making tthe switch.

  5. Indira says:

    La cabeza del reno está hecha con la parte ancha de las boquillas, la grande y la pequeña, y los cuernos con el cortador de copo de nieve.
    Tampoco podría faltar el hombre de jengibre, si bien esté
    hecho de galleta de mantequilla.

  6. 1 on a 1 Ghz Snapdragon processor, 8 GB of internal storage, 8 megapixel camera with dual LED flash and 400x 800 AMOLED
    capacitive touchscreen. But the bid to host
    the World Cup in England ’s attitude is full of support.
    I would say a rental at best, but nothing past that.

  7. Hi there mates, how is all, and what you would like to say concerning this article,
    in my view its in fact awesome in favor of me.

  8. When you connect to that site back, that’s what a
    reciprocal hyperlink is.

  9. Spot on with this write-up, I really believe
    this site needs a great deal more attention. I’ll probably be back again to read through
    more, thanks for the information!

  10. Heya just wanted to giove you a brief
    heads up and let you know a few of the pictures aren’t loading correctly.

    I’m nott sude whyy but I think its a linking issue.
    I’ve tried it in two different
    web browsers and both shbow the same outcome.

  11. Gene K. Reap says:

    Great goods from you, man. I’ve understand your stuff previous to and you are just extremely excellent.
    I really like what you have acquired here, really like what you are stating and the way in which you say it.
    You make it entertaining and you still take care of to keep
    it smart. I cant wait to read far more from you.
    This is actually a terrific web site.

  12. Spot on with this write-up, I honestly feel this site needs a great deal more attention. I’ll probably be back again to see
    more, thanks for the information!

  13. Hello, I think your site might be having browser compatibility issues.
    When I look at your website in Ie, it looks fine but when opening in Internet Explorer, it has some overlapping.
    I just wanted to give you a quick heads up! Other then that, great blog!

  14. imgur says:

    When you make a website, all your web pages are served from the server residing somewhere
    on the internet. Try your better to find the web
    hosting service without down time. The laws have been changing and many portals that offer services are finding it harder and harder
    to get their word out there.

  15. Vehicle hire software for car hire businesses, including car and vehicle rental companies.

Leave a Reply