Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Attendees:

Richard Wilsher
Hedy Kirkby (Gov't of Canada)
Mark Lizar
Tom Smeddinghof
Susan Landau
Peter Capek
Rich Furr
Aaron Titus
Gershon Janssen

Guests:
Jane Galloway (Gov't of Canada)
Rainer Hoerbe

Staff:
Joni Brennan
Anna Ticktin

Minutes:

1. Roll Call

2.  P3 Announcements

  • The PF has been suspended whilst its work gets further scoped around Privacy Assurance Criteria.
  • Elections have been suspended as Mark will be continuing on as secretary. Jeff may be back engaged more actively this fall.

3. NSTIC Governance / NOI — Joni

  • Last Thursday and Friday Kantara Initiative participated in the NSTIC Governance workshop panel which discussed real world examples of governance models which could be modeled for the governance of the NSTIC initiatives.  The Day 1 video is posted here: http://www.nist.gov/itl/nstic-workshop-june2011.cfm.   The summaries of the breakout sessions will soon be posted as well.  

Day 1 Talks and Panels included:

  • Opening speeches by Jeremy Grant and Howard Schmidt which focused on the sorely out dated use of strictly userID and password as a means of authentication.  The them focused around the need to create a trusted identity ecosystem developed out of a public/private partnership which would uphold principles of privacy as one of the core values.
  • A real world case panel which included Joni Brennan of Kantara Initiative, reps from NACHA, SmartGrid, NIST and was moderated by Don Thibeau of OIX.
  • An essential elements of governance panel which included Tom Smeddinghof of ABA and Dazza Greenwood of eCitizen, a rep from the American Civil Liberties Union (ACLU) and was moderated by Jeremy Grant.

Day 1 and 2 Breakout sessions were focused on 3 areas:

  1. Steering Committee Initiation
  2. Stakeholders
  3. Governance Models
  • Each breakout session was moderated, used the questions listed in the NOI document, and notes were taken which were presented at the conclusion of the event on Friday.  The breakout sessions took the tone of brainstorms and simply acted as a forum for informal and early feedback with some ideas of next steps suggested.  Two issues seemed apparent:
  • The scope the steering committee did not seem entirely clear and needs refinement such that a clear path can be taken either toward a new organization or the initiation of the steering committee under an existing organization.
  • There were questions around the liability of such a steering committee.  For example - would this committee be legally responsible should organizations determine that the NSTIC program has violated some type of rights and responsibilities (such as failure to up hold end user privacy for example).
  • The next step is for Kantara to craft a response to the NOI.  On yesterday's IAWG call we discussed a path toward IAWG specific feedback.  The Leadership Council is now in discussion regarding the creation of a NSTIC Discussion Group which would serve as the central body for NSTIC related activities and discussions.  Please stay tuned for progress regarding the formation of NSTIC DG but don't let this group formation distract your personal review of the NOI questions.  
  • Additionally, there will be a NSTIC privacy workshop held in Cambridge Mass (see further details below).  The Kantara Privacy WG will discuss the next workshop in their meeting today to identify who from the Kantara Privacy community may attend and what further strategy includes.

Notes of importance:

  • An ACLU representative stated a seemingly thinly veiled threat something to the effect of privacy folks "having a 'pass' for 12 years", but no longer!
  • A second workshop has been announced – focused on privacy issues in NSTIC – on Monday June 27 and Tuesday June 28.  The event will take place at the MIT Media Lab in Cambridge, Massachusetts.  Details (including a link to online registration) are at:  http://www.nist.gov/itl/nstic-privacy-workshop.cfm.
  • The registration fee for this workshop will be only $20 – a notable discount from the fee for our first governance workshop.  A draft agenda will be posted shortly.
  • Rich Furr and Susan Landau will be in attendance.

4. Liaison Activities

  • Tom Smedinghoff Liaison Report on  ABA Activities and recent NSTIC Workshop

5. Topics on the List (Open Invitation for Topics in Privacy and Public Policy. )

  • Emerging areas of identity based trust frameworks and assurance metrics.
  • Two Types of Trust.  Institutional Trust (a.k.a Identity Assurance), and (Social Trust- Governance). 
  • Does this require multiple types of trust assurance metrics?   How does Trust Assurance effect Privacy?

Proposed NOI responses from P3:

Tom :
How will privacy interests be represented  by the steering group?
And how will privacy decisions be made by the steering committee?

Susan:

  • Who will represent Gov't interests to protect privacy?

Mark & Aaron:

  • What will the International aspects be?
  • US gov't must first develop it's national strategy, then look to international directions.
  • We could leverage International work efforts and technical solutions to inform our thinking so as not to waste time reinventing the wheel.

Question:

  • Hedy: Are there any synergies in effect between privacy and the private sector other than what this initiative is pushing?

Question:

  • Aaron : What do we see the authority of this governing body to be? Do they have the authority to define, bless or veto something? How will we unilaterally accept all the work coming from this body with respect to acceptance and approval of it's process.
  • Richard : Whilst the government pushes industry to drive it's work, to what extent will the gov't be a stakeholder? Will it have a golden vote?
  • ACTION : Joni will be drafting a charter to quickly spin up a discussion group as a forum to complete, compile and compose the Kantara response to the NOI. Members from all work groups will be invite to join the collaborative effort.

5. AOB

  • Motion of minutes approval for  11 Jan & 05  May 2011
  • Motion to approve minutes as captured on 11 Jan and 05 May moved by Mark. Seconded by Gershon. No further discussion or objection. Minutes are approved.
  • P3 will convene a call for next week to further discuss NSTIC and address an RFP / reduced scope for the the PAF / PAC (Privacy Assessment Criteria).

ADJOURNED

  • No labels