Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Save to My Library
Look up keyword
Like this
1Activity
0 of .
Results for:
No results containing your search query
P. 1
US Federal Trade Commission: 042407 sess2

US Federal Trade Commission: 042407 sess2

Ratings: (0)|Views: 582|Likes:
Published by ftc

More info:

Published by: ftc on Jan 21, 2008
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

06/14/2009

pdf

text

original

 
>>NAOMI LEFKOVITZAll right. Thank you. We are going to begin our final panel, next steps, where do we go from here?And the idea that we were thinking about inputting together this panel was that after havingall these issues raised that-- in the last dayand a half that we would then sort of think aboutwhat are some practical solutions? What are somepractical steps that we can move forward? So theidea here is not to have-- we're going to havethe panelists give some of their presentationsbut then we are really looking for a dynamicdiscussion, not the formal sort of question-and-answer format we have had so far butvealy have a dynamic discussion and get people tobring forward their thoughts and their ideas. Iwant to make sure that Robin, you bring your question up again because this is the perfectpanel for that. We didn't want to cut you off atall. And so I just want to remind-- take onestep back. Because yesterday we started off pretty high level. We were talking about theoriesabout identification systems. And what we'retalking about is a means to reduce identity theftin this workshop. And in this case there's manyways to reduce identity theft but in this caseobviously through better identification andauthentication. And-- but we don't want a systemthat creates an equal or a greater problem inother areas. Privacy, for example. That is whywe started off the way we did yesterday to becognizant of-- I think about Simon saying one of the problems is if you sort of put forward theobjective as only on solving identity theft, thatdoesn't necessarily carry an identificationsystem. Perhaps I'll put forward this thought,that that's because perhaps it's because when youbuild something focused solely on identity theftyou might come out with a system that doesn't takeinto consideration these other areas like privacyand things like Paul was saying about-- you know,and others were saying about proportionality andhow much information you have to give in order toconduct any particular transaction. So I justwant to put those thoughts out there, that eventhough we have talked about these other areas of 
 
privacy, ultimately in this setting we're tryingto think about ways to reduce identity theft butnot open the door to other problems. So withthat, I'm going to turn it over to Jim. I shouldsay we have got Jim Lewis for the center for strategic international studies. We have GeorgeCrabb from the United States postal InspectionService. We haven't heard much from lawenforcement in this so we thought this would be agreat time to bring in that perspective. And thenwe have Jeffrey Friedberg from Microsoft, chief privacy architect.>>JAMES LEWISThank you, Naomi and thank the FTC for invite Megto speak. I'm glad to see the strategy. It'svery help l. The last question was right on. Ithink we need to talk about the role of government. As we were discussing during thebreak you need both, government and privatesector. If you don't get the mix right you'restuck. And one of those things they asked me inpreparing for this was that I try and inflame youso I'm going to try and do that a little bit andwe'll see if it works. So where do we go fromhere? I think there's two central problems when Ithink about this, how do you-- I'm very muchfocused on the Internet and on digitalidentification. How do you determine thetrustworthiness of this assertion that you makeover the Internet or over a network? And what isbasically as you heard in the last panel and whatyou have heard yesterday. And untrustworthyenvironment. And another problem we need to payattention to is how do we adopt what are basicallypaper processes that we have developed over thelast Century to what are now digital and networkedapplicationsch we have made some progress, thisstrategy for example is a move in that direction.You heard this before, I'm just going to do itquickly to g through the slide. The main point Iwould like to call your attention to is that therole of government. If you don't have a good,strong government process for confirming theidentity that your family gives you, nothing elseworks. And then you also have to ask how do Itransfer these government processes whether it's a
 
Social Security number or birth certificate,whatever, how do I transfer them to some other kind of credential that I can then use in acommercial setting? Where are we inauthentication for me I'm entering my 11th year working on authentication problems. I thoughtthis was the picture to express my feeling.[laughter]>>JAMES LEWISWe have a lot of things going on in theauthentication space. Right? And there's somethings we can draw from that. The first is andthis came up a little bit in the last panel, onesize does not fit all. People will not want areally strong robust credential for everythingthey do. In some cases you want a pseudo ANIMITY.We might have right now too much of that but weneed to blend T. second thick you have heardconsistently is trust is expensive and peopledon't want to pay foirt. In many cases it'seasier to eat the cost of fraud than it is tobuild in the trust. And this is again a scene wehave heard before. We have what we call liabilitydodge ball. You know, if I issue a credential andit's misused who is liable? So one of the thingsI have seen happen in authentication for the lastfew years is everyone tries to dodge liability.I'm not liable for somebody else's error. That'sreasonable but it's a draw back. It's one of thethings you need the think about. One of thethings maybe only government can fix. Whether that's the courts or whether that's the Congress.The allocation of responsibilities within our IDmanagement system here in the U.S. is unclear andyou have a lot of contests. And finally you wouldhave what I call the coalition of thety mid. Anda way to think about this is automobiles. Whenautomobiles were first introduced, I have usedthis one before so some of you may have heard it,they were scary. You had these dirt roads peoplewere used to horses and the horse was intelligentF it say you it probably wouldn't bump in to you.So somebody walks in front of a car waveing a redflag and so people would know a car was coming andwouldn't scare children. That's part of how weunderstand these problems. We ask outsides what

You're Reading a Free Preview

Download
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->