On technology neutral policies for e–identity: a critical reflection based on UK identity policy

This paper reviews the arguments for technology neutral e–identity policies. It uses the recent experience of identity policy in the UK, as well as a consideration of technological developments, to distinguish between two perspectives on technology neutral policies: legal and technological. Whilst the legal perspective on technology neutrality is intended to provide legal certainty, it fails to address discontinuous technological developments such as zero–knowledge systems and risk based assessments of identity and attribute claims. These are transforming the basis of identity policies and highlight the challenges of proposing technology neutral identity policies in law. The paper then applies the technological critique of technology neutrality to review a recent study on identity, authentication and signature policy in the EU.

[1]  Edgar A. Whitley,et al.  Fixing identity? Biometrics and the tensions of material practices , 2013 .

[2]  Dear Mr Sotiropoulos ARTICLE 29 Data Protection Working Party , 2013 .

[3]  Shoshana Amielle Magnet,et al.  When Biometrics Fail: Gender, Race, and the Technology of Identity , 2011 .

[4]  M. Wendy Hennequin,et al.  The Future of the Internet and How to Stop It , 2011 .

[5]  Lyria Bennett Moses,et al.  Agents of change: How the law 'Copes' with technological change , 2011 .

[6]  Ramón Compañó,et al.  From security versus privacy to identity: an emerging concept for policy design? , 2010 .

[7]  Vitaly Shmatikov,et al.  Myths and fallacies of "Personally Identifiable Information" , 2010, Commun. ACM.

[8]  Edgar A. Whitley,et al.  Global Identity Policies and Technology: Do we Understand the Question? , 2010 .

[9]  E. Whitley,et al.  Opposition policies on identity cards , 2010 .

[10]  Paul Ohm,et al.  When network neutrality met privacy , 2010, CACM.

[11]  Edgar A. Whitley,et al.  Global Challenges for Identity Policies , 2009, Technology, Work and Globalization.

[12]  W. Orlikowski The sociomateriality of organisational life: considering technology in management research , 2010 .

[13]  Patrick J. Flynn,et al.  Factors that degrade the match distribution in iris biometrics , 2009, Identity in the Information Society.

[14]  Simon A. Cole,et al.  Forensics Without Uniqueness, Conclusions Without Individualization: The New Epistemology of Forensic Identification , 2009 .

[15]  Susan Landau,et al.  Communications Surveillance: Privacy and Security at Risk , 2009, ACM Queue.

[16]  Paul Ohm Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization , 2009 .

[17]  David Lyon,et al.  Identifying Citizens: ID Cards as Surveillance , 2009 .

[18]  K. Aas,et al.  Surveillance: Citizens and the State , 2009 .

[19]  E. Whitley Perceptions of government technology, surveillance and privacy: the UK Identity Cards Scheme , 2009 .

[20]  Gerrit Hornung,et al.  Data protection in Germany I: The population census decision and the right to informational self-determination , 2009, Comput. Law Secur. Rev..

[21]  Susan V. Scott,et al.  10 Sociomateriality: Challenging the Separation of Technology, Work and Organization , 2008 .

[22]  COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS , 2008 .

[23]  C. Reed Taking Sides on Technology Neutrality , 2007 .

[24]  Nalini K. Ratha,et al.  Generating Cancelable Fingerprint Templates , 2007, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[25]  Lucy Suchman,et al.  Human-Machine Reconfigurations: Plans and Situated Actions , 2006 .

[26]  John Wadham,et al.  Blackstone's Guide to the Identity Cards Act 2006 , 2006 .

[27]  Bert-Jaap Koops,et al.  Should ICT Regulation Be Technology-Neutral? , 2006 .

[28]  Maurice Schellekens,et al.  Starting Points for ICT Regulation; Deconstructing Prevalent Policy One-Liners , 2006 .

[29]  Edgar A. Whitley,et al.  Policy discourse and data retention: The technology politics of surveillance in the United Kingdom , 2005 .

[30]  Edgar A. Whitley,et al.  On the interpretative flexibility of hosted ERP systems , 2005, J. Strateg. Inf. Syst..

[31]  Je Agar,et al.  Identity cards in Britain: past experience and policy implications , 2005 .

[32]  Alberto Escudero-Pascual,et al.  Questioning lawful access to traffic data , 2004, CACM.

[33]  Karen Barad Posthumanist Performativity: Toward an Understanding of How Matter Comes to Matter , 2003, Signs: Journal of Women in Culture and Society.

[34]  J. Overhage,et al.  Sorting Things Out: Classification and Its Consequences , 2001, Annals of Internal Medicine.

[35]  Stefan A. Brands,et al.  Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy , 2000 .

[36]  Steve Woolgar,et al.  The Machine at Work: Technology, Work and Organization , 1997 .

[37]  B. Latour 10 ''Where Are the Missing Masses? The Sociology of a Few Mundane Artifacts'' , 1992 .

[38]  Sunny Marche,et al.  On what a building might not be - a case study , 1991 .

[39]  B. Latour We Have Never Been Modern , 1991 .

[40]  G. Doukidis,et al.  An expert system to assist in filing Income Tax returns: the case of Indian Income Tax , 1989 .

[41]  Robert A. Brungs,et al.  Autonomous Technology: Technics-out-of-Control as a Theme in Political Thought , 1979 .

[42]  T. Terrell Department of Health, Education, and Welfare. , 1953, Texas state journal of medicine.