The Open Identity Exchange, along with the American Bar Association’s Identity Management Legal Taskforce and the World Bank, hosted a workshop on January 14, 2015 in Washington D.C. with the objective of discussing the main concerns surrounding the adoption of identity management law and policy, helping to develop a common language around internet identity.
Attendees included industry leaders in identity and relevant regulatory bodies. The key theme reiterated throughout the event was the importance of focusing on outcome-based legislation. Participants voiced concern that legislation prescribing a specific technical process to implement identity standards would hinder innovation and ultimately prevent the success of a new legal regime.
The group was briefed on three main efforts to develop identity management-specific policy:
- United Nations Commission on International Trade Law (United Nations);
- Uniform Law Commission (United States);
- Identity Management Standards Advisory Council (Virginia).
Experts involved in each effort shared their opinions on how attendees could utilize their expertise to aid these efforts. These projects are moving forward at a domestic and international level to set the groundwork for a broader discussion around the impact of standards-based versus risk-based approaches to achieve the outcomes-based model regarded so positively in the discussions. Anti-Money Laundering (AML) is an important proof point in this regard for international banking.
In addition to leaders in US identity related legislation, architects of the EU eIDAS regulation were present at the event and shared their expertise on the development and function of identity-management specific law. The eIDAS team was able to show how the law they developed spurs the rapid development of solutions to problems to cooperation. They emphasized how the outcome focused nature of the eIDAS regulation allows it to continually adapt to changing technology. In examining the use case of eIDAS, attendees were able to generate new ideas of how a similar system could be adapted to the United States.
Discussions were moderated throughout the day on the following topics relating to identity management-specific law:
- Trust, Interoperability, and Enforceability;
- Privacy and Security;
- Business and Technical Standards;
- Participant Obligations;
- Legislative Goals.
These wide ranging issues gave attendees an update on the major critiques that potential legislation will face as it attempts to address the challenges of internet identity.
Ultimately, the group agreed on the need to develop a common set of issues that must be addressed in any identity management-specific law. Although there was disagreement over the standards surrounding privacy and security, attendees recognized the need to focus on developing law that allows industry to continue to innovate while protecting the interests of consumers throughout the identity management processes.
OIX encourages approaches that identity management law can be developed to serve in the cross-section of international law, identity management, and corporate policy. Follow up events planned in both London and Amsterdam on March 24 will give attendees and members of OIX the ability to continue this important conversation while learning from experts from across the identity ecosystem and develop a common language of internet identity.