Digital identity: an emergent legal concept; an analysis of the role and legal nature of digital identity in a transactional context.

Sullivan, Clare Linda

January 2009

This thesis examines the emergent legal concept of digital identity under the United Kingdom National Identity Scheme ('NIS') and its Australian counterpart, the Access Card Scheme('ACS') proposed in 2007. The Identity Cards Act 2006 UK c 15 ('Identity Cards Act’) and the Human Services (Enhanced Service Delivery) Bill (Cth) 2007 ('Access Card Bill') reveal a remarkably similar concept of identity in terms of its constitution and especially its functions. The United Kingdom scheme is currently being established, whereas the proposed Australian Scheme has been shelved following a change of government late in 2007. The NIS is therefore used as the model for this study but the analysis applies to any such scheme based on digital technology, including the ACS, should it be resurrected. The emergent concept of digital identity which is the subject of this thesis arises from legislation. It is a legal construct which consists of a collection of information that is stored and transmitted in digital form, and which has specific functions under the identity scheme. In this study, the information recorded about an individual for an identity scheme is referred to as an individual's 'database identity.' Database identity consists of information prescribed by legislation. Collectively, that information comprises an individual's registered identity. Under the United Kingdom scheme, it includes an individual's name/s, gender, date and place of birth and date of death, photograph, signature and biometrics, and other information such as citizenship and residential status including residential address/es, nationality, identity card number, passport number, work permit number, driver‘s licence number, and administrative information such as security and verification details. Within database identity is a small subset of information which is an individual‘s transactional identity, that is, an individual‘s identity for transactional purposes. In this study, that subset of database identity is called an individual‘s 'token identity'. Under the NIS, token identity consists of name, gender, date and place of birth, date of death and biometrics. Token identity is the gateway to the other information which makes up database identity and token identity has specific functions at the time of a transaction which give it legal character. In effect, it operates as the individual‘s transactional 'key.' Presentation of the required token identity at the time of the transaction enables the system to recognise, and to deal with, the registered identity. This thesis is therefore not about identity in the deep philosophical sense of 'who am I?' or 'what makes me, me?' It is about a legal concept of individual identity for specific purposes under a national identity scheme. In many ways, though, the concept of digital identity which is the subject of this thesis is just as important in a modern legal context. Under a national identity scheme, the response to the question 'who am I? ' is 'you are who the scheme (and in particular, the National Identity Register ('NIR')) says you are.' As the first conceptual legal analysis of identity in a transactional context, this thesis examines the functions and legal nature of database identity, and particularly token identity. Token identity has specific functions at the time of a transaction which are analysed from a legal perspective to determine whether token identity is a form of legal personality. This thesis also contends that individual personal and proprietary rights necessarily apply as a result of the functions and legal nature of this emergent concept of identity. In addition to the well- recognised right to privacy, this thesis argues that the concept gives rise to the right to identity which has been overlooked in this context. For the first time, identity as a legal concept is distinguished from privacy which is the focus of legal scholarship and jurisprudence in this area. The right to identity is contrasted with the right to privacy and the protection afforded by the right to identity in this context by those human rights in the United Kingdom is considered. The protection afforded to an individual in the United Kingdom is contrasted with the situation in Australia which does not currently have a comprehensive national human rights charter. In view of the limited protection which is currently provided to token identity by the civil law, the protection provided by the criminal law in both the United Kingdom and Australia becomes particularly significant in considering the obligations and rights which arise under the scheme. The adequacy of the criminal law in addressing the nature and consequences of the dishonest use by a person of another person‘s identity information is therefore also examined. Identity theft is defined and distinguished from identity fraud, having regard to the emergent concept of digital identity and the wrong and the harm caused by its misuse. In particular, the nature of token identity is examined and the consequences of its misuse by another person are considered in determining whether token identity is property which is capable of being the subject of theft and criminal damage. The thesis concludes by summarising the major insights provided by chapters 1-6 with a view to the future when national identity schemes like that of the United Kingdom, and indeed international schemes, will be commonplace and token identity routinely required for most commercial transactions. In that environment, being asked to provide one‘s token identity is likely to be as common and as routine as being asked one's name. / Thesis (Ph.D.) -- University of Adelaide, Law School, 2009

Computer networks Security measures.

Identification cards.

Digital identity: an emergent legal concept; an analysis of the role and legal nature of digital identity in a transactional context.

Sullivan, Clare Linda

January 2009

This thesis examines the emergent legal concept of digital identity under the United Kingdom National Identity Scheme ('NIS') and its Australian counterpart, the Access Card Scheme('ACS') proposed in 2007. The Identity Cards Act 2006 UK c 15 ('Identity Cards Act’) and the Human Services (Enhanced Service Delivery) Bill (Cth) 2007 ('Access Card Bill') reveal a remarkably similar concept of identity in terms of its constitution and especially its functions. The United Kingdom scheme is currently being established, whereas the proposed Australian Scheme has been shelved following a change of government late in 2007. The NIS is therefore used as the model for this study but the analysis applies to any such scheme based on digital technology, including the ACS, should it be resurrected. The emergent concept of digital identity which is the subject of this thesis arises from legislation. It is a legal construct which consists of a collection of information that is stored and transmitted in digital form, and which has specific functions under the identity scheme. In this study, the information recorded about an individual for an identity scheme is referred to as an individual's 'database identity.' Database identity consists of information prescribed by legislation. Collectively, that information comprises an individual's registered identity. Under the United Kingdom scheme, it includes an individual's name/s, gender, date and place of birth and date of death, photograph, signature and biometrics, and other information such as citizenship and residential status including residential address/es, nationality, identity card number, passport number, work permit number, driver‘s licence number, and administrative information such as security and verification details. Within database identity is a small subset of information which is an individual‘s transactional identity, that is, an individual‘s identity for transactional purposes. In this study, that subset of database identity is called an individual‘s 'token identity'. Under the NIS, token identity consists of name, gender, date and place of birth, date of death and biometrics. Token identity is the gateway to the other information which makes up database identity and token identity has specific functions at the time of a transaction which give it legal character. In effect, it operates as the individual‘s transactional 'key.' Presentation of the required token identity at the time of the transaction enables the system to recognise, and to deal with, the registered identity. This thesis is therefore not about identity in the deep philosophical sense of 'who am I?' or 'what makes me, me?' It is about a legal concept of individual identity for specific purposes under a national identity scheme. In many ways, though, the concept of digital identity which is the subject of this thesis is just as important in a modern legal context. Under a national identity scheme, the response to the question 'who am I? ' is 'you are who the scheme (and in particular, the National Identity Register ('NIR')) says you are.' As the first conceptual legal analysis of identity in a transactional context, this thesis examines the functions and legal nature of database identity, and particularly token identity. Token identity has specific functions at the time of a transaction which are analysed from a legal perspective to determine whether token identity is a form of legal personality. This thesis also contends that individual personal and proprietary rights necessarily apply as a result of the functions and legal nature of this emergent concept of identity. In addition to the well- recognised right to privacy, this thesis argues that the concept gives rise to the right to identity which has been overlooked in this context. For the first time, identity as a legal concept is distinguished from privacy which is the focus of legal scholarship and jurisprudence in this area. The right to identity is contrasted with the right to privacy and the protection afforded by the right to identity in this context by those human rights in the United Kingdom is considered. The protection afforded to an individual in the United Kingdom is contrasted with the situation in Australia which does not currently have a comprehensive national human rights charter. In view of the limited protection which is currently provided to token identity by the civil law, the protection provided by the criminal law in both the United Kingdom and Australia becomes particularly significant in considering the obligations and rights which arise under the scheme. The adequacy of the criminal law in addressing the nature and consequences of the dishonest use by a person of another person‘s identity information is therefore also examined. Identity theft is defined and distinguished from identity fraud, having regard to the emergent concept of digital identity and the wrong and the harm caused by its misuse. In particular, the nature of token identity is examined and the consequences of its misuse by another person are considered in determining whether token identity is property which is capable of being the subject of theft and criminal damage. The thesis concludes by summarising the major insights provided by chapters 1-6 with a view to the future when national identity schemes like that of the United Kingdom, and indeed international schemes, will be commonplace and token identity routinely required for most commercial transactions. In that environment, being asked to provide one‘s token identity is likely to be as common and as routine as being asked one's name. / Thesis (Ph.D.) -- University of Adelaide, Law School, 2009

Computer networks Security measures.

Identification cards.

Using Machine Learning to improve Internet Privacy

Zimmeck, Sebastian

January 2017

Internet privacy lacks transparency, choice, quantifiability, and accountability, especially, as the deployment of machine learning technologies becomes mainstream. However, these technologies can be both privacy-invasive as well as privacy-protective. This dissertation advances the thesis that machine learning can be used for purposes of improving Internet privacy. Starting with a case study that shows how the potential of a social network to learn ethnicity and gender of its users from geotags can be estimated, various strands of machine learning technologies to further privacy are explored. While the quantification of privacy is the subject of well-known privacy metrics, such as k-anonymity or differential privacy, I discuss how some of those metrics can be leveraged in tandem with machine learning algorithms for purposes of quantifying the privacy-invasiveness of data collection practices. Further, I demonstrate how the current notice-and-choice paradigm can be realized by automatic machine learning privacy policy analysis. The implemented system notifies users efficiently and accurately on applicable data practices. Further, by analyzing software data flows users are enabled to compare actual to described data practices and regulators can enforce those at scale. The emerging cross-device tracking practices of ad networks, analytics companies, and others can be supplemented by machine learning technologies as well to notify users of privacy practices across devices and give them the choice they are entitled to by law. Ultimately, cross-device tracking is a harbinger of the emerging Internet of Things, for which I envision intelligent personal assistants that help users navigating through the increasing complexity of privacy notices and choices.

Computer security

Machine learning

Internet--Law and legislation

Computer security--Law and legislation

Internet--Security measures

Computer science

Law

O estabelecimento virtual na sociedade técnica : a necessária busca de segurança jurídica nas transações comerciais /

Balan Júnior, Osvaldo.

January 2011

Orientador: Jorge David Barrientos-Parra / Banca: Rui Décio Martins / Banca: Jorge Luis Mialhe / Resumo: O presente trabalho buscará trazer uma profunda reflexão sobre o avanço técnico na sociedade moderna do instituto denominado estabelecimento virtual, assim como seus reflexos nas mais variadas searas. Buscar-se-á compreender este fenômeno através do estudo da técnica, tudo com base nas obras do pensador Jacques Ellul, que trilhou sobre as mais diversas áreas do conhecimento no século passado, com extremo brilhantismo, podendo, além disso, ser considerado um visionário. Mostrar-se-ão os problemas que o avanço tecnológico vem trazendo, os quais complicam o ser humano em sua vida particular, criando neuroses, fruto da adaptação deste ao mundo moderno. Para tanto e de forma mais analítica estudar-se-ão as características da técnica moderna, as quais permitem entender como se dá o desenvolvimento da técnica. Buscar-se-á compreender também o que vem a ser a informação, a principal técnica da atualidade, e as diferentes concepções sobre a sociedade contemporânea. Além disso, analisar-se-á a influência da imagem na sociedade técnica e sua predominância em relação à palavra. Necessária também se mostrou a análise do que vem a ser o comércio eletrônico, o novo modelo de realizações negociais, que se apresenta em franco crescimento. Assim, o estabelecimento virtual surge dentro deste contexto, não permitindo a criação de obstáculos, se encontrando atualmente em todo o mundo, sem enxergar as diferenças culturais e as menosprezando, trazendo uma uniformidade ao mundo, tanto pela forma de comercializar, como pelos produtos que expõe. Mas não são todas as pessoas do globo que tem acesso a este, sendo este outro grande problema apresentado pelo estabelecimento virtual: a exclusão digital. Por conseguinte, demonstrar-se-á... (Resumo completo, clicar acesso eletrônico abaixo) / Abstract: The present study will try to create a profound reflexion about the technical advance in the modern society of the institute known as virtual establishment, and also its reflexes in a variety of associations. One of the objectives, is to understand this phenomenon thought the study of the technique, all based on the publications of the philosopher Jacques Ellul, who disserted about the various parts of knowledge in the last century with extreme brilliance,making him a true visionary. The problems brought by technological advances will be shown, these can complicated one's private life, generating neurosis, a product of its adaptation to the modern world. To do so in an analytical form, the characteristics of the modern technique will be studied, permitting tounderstand the development of the technique. The meaning of information, the principal technique used in the actuality, and its different conceptions in contemporaneous society will be explained, and also, the influence of image in the technical society and its predominance in relation with words will be analyzed. The analyses of what is electronic marketing, a new model of business transactions that is in fast growth should also be done. The virtual market appears inside this context, without obstacles, spreading to the entire globe, with no eyes for cultural differences, bringing uniformity to the world, not just in the way to shop but also on the products available. But not everyone has access to it, being this a big problem presented by the virtual establishment: the digital exclusion. In this work, there will be shown the necessity of development of ways to advance in the virtual technique, ways that show be the result of a critical and reflexive posture of the man, which is rarely seen now a days. This work will be based on comparison of the traditional establishment... (Complete abstract click electronic access below) / Mestre

Direito.

Comércio eletrônico.

Internet - Legislação - Brasil.

Electronic commerce. eng

O estabelecimento virtual na sociedade técnica: a necessária busca de segurança jurídica nas transações comerciais

Balan Júnior, Osvaldo [UNESP]

23 September 2011

Made available in DSpace on 2014-06-11T19:29:45Z (GMT). No. of bitstreams: 0 Previous issue date: 2011-09-23Bitstream added on 2014-06-13T18:39:47Z : No. of bitstreams: 1 balanjunior_o_me_fran.pdf: 1517696 bytes, checksum: ab435b5e58869752ea0cd89ca36317b8 (MD5) / O presente trabalho buscará trazer uma profunda reflexão sobre o avanço técnico na sociedade moderna do instituto denominado estabelecimento virtual, assim como seus reflexos nas mais variadas searas. Buscar-se-á compreender este fenômeno através do estudo da técnica, tudo com base nas obras do pensador Jacques Ellul, que trilhou sobre as mais diversas áreas do conhecimento no século passado, com extremo brilhantismo, podendo, além disso, ser considerado um visionário. Mostrar-se-ão os problemas que o avanço tecnológico vem trazendo, os quais complicam o ser humano em sua vida particular, criando neuroses, fruto da adaptação deste ao mundo moderno. Para tanto e de forma mais analítica estudar-se-ão as características da técnica moderna, as quais permitem entender como se dá o desenvolvimento da técnica. Buscar-se-á compreender também o que vem a ser a informação, a principal técnica da atualidade, e as diferentes concepções sobre a sociedade contemporânea. Além disso, analisar-se-á a influência da imagem na sociedade técnica e sua predominância em relação à palavra. Necessária também se mostrou a análise do que vem a ser o comércio eletrônico, o novo modelo de realizações negociais, que se apresenta em franco crescimento. Assim, o estabelecimento virtual surge dentro deste contexto, não permitindo a criação de obstáculos, se encontrando atualmente em todo o mundo, sem enxergar as diferenças culturais e as menosprezando, trazendo uma uniformidade ao mundo, tanto pela forma de comercializar, como pelos produtos que expõe. Mas não são todas as pessoas do globo que tem acesso a este, sendo este outro grande problema apresentado pelo estabelecimento virtual: a exclusão digital. Por conseguinte, demonstrar-se-á... / The present study will try to create a profound reflexion about the technical advance in the modern society of the institute known as virtual establishment, and also its reflexes in a variety of associations. One of the objectives, is to understand this phenomenon thought the study of the technique, all based on the publications of the philosopher Jacques Ellul, who disserted about the various parts of knowledge in the last century with extreme brilliance,making him a true visionary. The problems brought by technological advances will be shown, these can complicated one´s private life, generating neurosis, a product of its adaptation to the modern world. To do so in an analytical form, the characteristics of the modern technique will be studied, permitting tounderstand the development of the technique. The meaning of information, the principal technique used in the actuality, and its different conceptions in contemporaneous society will be explained, and also, the influence of image in the technical society and its predominance in relation with words will be analyzed. The analyses of what is electronic marketing, a new model of business transactions that is in fast growth should also be done. The virtual market appears inside this context, without obstacles, spreading to the entire globe, with no eyes for cultural differences, bringing uniformity to the world, not just in the way to shop but also on the products available. But not everyone has access to it, being this a big problem presented by the virtual establishment: the digital exclusion. In this work, there will be shown the necessity of development of ways to advance in the virtual technique, ways that show be the result of a critical and reflexive posture of the man, which is rarely seen now a days. This work will be based on comparison of the traditional establishment... (Complete abstract click electronic access below)

Direito

Comércio eletrônico

Internet - Legislação - Brasil

Electronic commerce

Internet - Law and legislation - Brazil

Computer security - Law and legislation

The law of data (privacy) protection: a comparative and theoretical study

Roos, Anneliese

31 October 2003

In present-day society more and more personal information is being collected. The nature of the collection has also changed: more sensitive and potentially prejudicial information is collected. The advent of computers and the development of new telecommunications technology, linking computers in networks (principally the Internet) and enabling the transfer of information between computer systems, have made information increasingly important, and boosted the collection and use of personal information. The risks inherent in the processing of personal information are that the data may be inaccurate, incomplete or irrelevant, accessed or disclosed without authorisation, used for a purpose other than that for which they were collected, or destroyed. The processing of personal information poses a threat to a person's right to privacy. The right to identity is also infringed when incorrect or misleading information relating to a person is processed. In response to the problem of the invasion of the right to privacy by the processing of personal information, many countries have adopted "data protection" laws. Since the common law in South Africa does not provide adequate protection for personal data, data protection legislation is also required. This study is undertaken from a private law perspective. However, since privacy is also protected as a fundamental right, the influence of constitutional law on data protection is also considered. After analysing different foreign data protection laws and legal instruments, a set of core data protection principles is identified. In addition, certain general legal principles that should form the basis of any statutory data protection legislation in South Africa are proposed. Following an analysis of the theoretical basis for data protection in South African private law, the current position as regards data protection in South-Africa is analysed and measured against the principles identified. The conclusion arrived at is that the current South African acts can all be considered to be steps in the right direction, but not complete solutions. Further legislation incorporating internationally accepted data protection principles is therefore necessary. The elements that should be incorporated in a data protection regime are discussed. / Jurisprudence / LL. D. (Jurisprudence)

South African private law

OECD Guidelines on data protection

Right to identity

Computers and privacy

Right to privacy

Data protection

342.858068

Privacy, Right of -- South Africa

Internet -- Security measures

Legal and policy aspects to consider when providing information security in the corporate environment

Dagada, Rabelani

11 1900

E-commerce is growing rapidly due to the massive usage of the Internet to conduct commercial transactions. This growth has presented both customers and merchants with many advantages. However, one of the challenges in E-commerce is information security. In order to mitigate e-crime, the South African government promulgated laws that contain information security legal aspects that should be integrated into the establishment of information security. Although several authors have written about legal and policy aspects regarding information security in the South African context, it has not yet been explained how these aspects are used in the provision of information security in the South African corporate environment. This is the premise upon which the study was undertaken. Forty-five South African organisations participated in this research. Data gathering methods included individual interviews, website analysis, and document analysis. The findings of this study indicate that most organisations in South Africa are not integrating legal aspects into their information security policies. One of the most important outcomes of this study is the proposed Concept Model of Legal Compliance in the Corporate Environment. This Concept Model embodies the contribution of this study and demonstrates how legal requirements can be incorporated into information security endeavours. The fact that the proposed Concept Model is technology-independent and that it can be implemented in a real corporate environment, regardless of the organisation’s governance and management structure, holds great promise for the future of information security in South Africa and abroad. Furthermore, this thesis has generated a topology for linking legislation to the provision of information security which can be used by any academic or practitioner who intends to implement information security measures in line with the provisions of the law. It is on the basis of this premise that practitioners can, to some extent, construe that the integration of legislation into information security policies can be done in other South African organisations that did not participate in this study. Although this study has yielded theoretical, methodological and practical contributions, there is, in reality, more research work to be done in this area. / School of Computing / D. Phil. (Information Systems)

343.9944068

Intellectual property -- South Africa

Legal and policy aspects to consider when providing information security in the corporate environment

Dagada, Rabelani

11 1900

E-commerce is growing rapidly due to the massive usage of the Internet to conduct commercial transactions. This growth has presented both customers and merchants with many advantages. However, one of the challenges in E-commerce is information security. In order to mitigate e-crime, the South African government promulgated laws that contain information security legal aspects that should be integrated into the establishment of information security. Although several authors have written about legal and policy aspects regarding information security in the South African context, it has not yet been explained how these aspects are used in the provision of information security in the South African corporate environment. This is the premise upon which the study was undertaken. Forty-five South African organisations participated in this research. Data gathering methods included individual interviews, website analysis, and document analysis. The findings of this study indicate that most organisations in South Africa are not integrating legal aspects into their information security policies. One of the most important outcomes of this study is the proposed Concept Model of Legal Compliance in the Corporate Environment. This Concept Model embodies the contribution of this study and demonstrates how legal requirements can be incorporated into information security endeavours. The fact that the proposed Concept Model is technology-independent and that it can be implemented in a real corporate environment, regardless of the organisation’s governance and management structure, holds great promise for the future of information security in South Africa and abroad. Furthermore, this thesis has generated a topology for linking legislation to the provision of information security which can be used by any academic or practitioner who intends to implement information security measures in line with the provisions of the law. It is on the basis of this premise that practitioners can, to some extent, construe that the integration of legislation into information security policies can be done in other South African organisations that did not participate in this study. Although this study has yielded theoretical, methodological and practical contributions, there is, in reality, more research work to be done in this area. / School of Computing / D. Phil. (Information Systems)

343.9944068

Intellectual property -- South Africa

The law of data (privacy) protection: a comparative and theoretical study

Roos, Anneliese

31 October 2003

In present-day society more and more personal information is being collected. The nature of the collection has also changed: more sensitive and potentially prejudicial information is collected. The advent of computers and the development of new telecommunications technology, linking computers in networks (principally the Internet) and enabling the transfer of information between computer systems, have made information increasingly important, and boosted the collection and use of personal information. The risks inherent in the processing of personal information are that the data may be inaccurate, incomplete or irrelevant, accessed or disclosed without authorisation, used for a purpose other than that for which they were collected, or destroyed. The processing of personal information poses a threat to a person's right to privacy. The right to identity is also infringed when incorrect or misleading information relating to a person is processed. In response to the problem of the invasion of the right to privacy by the processing of personal information, many countries have adopted "data protection" laws. Since the common law in South Africa does not provide adequate protection for personal data, data protection legislation is also required. This study is undertaken from a private law perspective. However, since privacy is also protected as a fundamental right, the influence of constitutional law on data protection is also considered. After analysing different foreign data protection laws and legal instruments, a set of core data protection principles is identified. In addition, certain general legal principles that should form the basis of any statutory data protection legislation in South Africa are proposed. Following an analysis of the theoretical basis for data protection in South African private law, the current position as regards data protection in South-Africa is analysed and measured against the principles identified. The conclusion arrived at is that the current South African acts can all be considered to be steps in the right direction, but not complete solutions. Further legislation incorporating internationally accepted data protection principles is therefore necessary. The elements that should be incorporated in a data protection regime are discussed. / Jurisprudence / LL. D. (Jurisprudence)

South African private law

OECD Guidelines on data protection

Right to identity

Computers and privacy

Right to privacy

Data protection

342.858068

Privacy, Right of -- South Africa

Internet -- Security measures