Matching the speed of the running code: public awareness and digital identity management
Wednesday 16th May -11:00 a.m. to 12:45 p.m.
OISTE AND THE WORLD SUMMIT ON THE INFORMATION SOCIETY (WSIS)
Founded in 1998, OISTE was created with the objectives of promoting the use and adoption of international standards to secure electronic transactions, expand the use of digital certification and ensure the interoperability of certification authorities’ e-transaction systems.
The OISTE Foundation is a non for profit organisation based in Geneva, Switzerland, regulated by article 80 et seq. of the Swiss Civil Code.
OISTE fully embraces the Geneva and Tunis Declaration of Principles (B5 / Art 35) which states…
“Strengthening the trust framework, including information security and network security, authentication, privacy and consumer protection, is a prerequisite for the development of the Information Society and for building confidence among users of ICTs”.
OISTE’s contribution at the WSIS 2003: Towards a more universal, open, reliable and secure Information Society
Although it is not altogether evident to the layperson, internet governance and digital identity management are closely linked.
The architecture of identifiers in the internet functions as a hierarchical structure. The Domain Name System (DNS) is run by the internet Corporation for Assigned Names and Numbers (ICANN), and the delegation of trusted Public Key Infrastructures (PKI) has no centralising control body. This prompted OISTE to recommend that DNS and digital identity come under the management of neutral authorities working in the public interest.
In 2003, OISTE advocated for the transfer of control and management of technologies related to domain name systems and digital identity management to neutral authorities working on the public interest as a means to solving the problem of the shortage of DNS and setting up a universal, neutral and inter-operable root certification authority.
Setting up a digital national sovereignty: OISTE’s contribution to the WSIS 2005
Examining the evolution of the concepts of national identity and citizenship, bringing it to the digital age, OISTE underlined the challenge to which all states are confronted: holding a right to their citizens’ identity in the digital world. The difficulty lies in the fact that whilst the state fulfils a role of identity management in the physical world, in cyberspace nobody holds the same level of authority. As a result, digital identity management becomes an ad-hoc matter, with many, often improvised solutions, none of them more authoritative than the others.
In the internet, the citizen mutates into the end user: e-mail addresses and user-names replace national identity. Welcome to the signed-in space where passwords give a (false) sense of protection. Whose banner have you chosen? Google, Facebook, Yahoo, MySpace? Does one offer more security than the others? In 2005 the OISTE Foundation insisted on the importance of setting up the basis for certified digital identities using Public Key Infrastructures (PKI), building and respecting international standards, under the coordination of a Policy Approval Authority (PAA), using a primary root key that guarantees universal technical and legal interoperability.
In 2005, OISTE advocated for scaling up the efforts towards the adoption of standards for digital identity management using a Primary Root Key that will permit the technical deployment and the inter-operability of digital identities.
WSIS FORUM 2012: MATCHING THE SPEED OF THE RUNNING CODE
In April 2011, the USA National Institute of Standards and Technology published the National Strategy for Trusted Identity in Cyberspace (NSTIC) with a short introduction by President Barack Obama. A few days later, an influential weekly wrote that notwithstanding the commendable wording of the document, it would very likely remain a futile effort since it failed to grasp the first principle of progress on the internet: the “running code”.
If this is the case, there are reasons for concern. A secure cyberspace is critical to the health of the global economy and the security of all nations. Lack of trust threatens the foundations of internet and may severely hamper the benefits of Information and Communication Technologies (ITC).
Under the title of “Matching the speed of the running code”, the OISTE Foundation proposes to assess the extent by which increased public awareness about new methods of digital identity management contributes to technical progress and market maturity.
Unless there is a concerted effort to educate the public and create awareness of what digital identities are and to what extent they can contribute to the network’s vulnerabilities or; on the other hand, protect men, women, children, information, businesses, critical infrastructures and the institutions and machines we trust, all progress will be fragile.
The OISTE Foundation advocates for a participatory mechanism that will permit the opinions of the nearly two billion users of internet have some bearing on the IdM solutions adopted.
Objective of the workshop: Provide insight into the elements that constitute the riddle of digital identity management and its effect upon cyber security. The aim is to learn lessons that can be applicable to creating awareness among Internet users of where they stand in these issues, enabling them to make informed choices among different technologies of digital identity management.
OISTE AND WISEKEY WITH THE ITU
After the ITU launched the initiative Electronic Commerce for Developing Countries (EC-DC) in 1998; WISeKey and the World Trade Centre were among the first industrial partners to sign a partnership agreement with ITU. Total in-kind contributions by WISeKey amounted to 7 million US dollars towards infrastructure, services and training for developing and least developed countries expanding the scope of the initiative from e-commerce to e-government, e-procurement, e-health, e-learning and e-payments using Public Key Infrastructure (PKI), operated from OISTE’s cryptographic root.
In the scope of two years, more than 220 organisations including telecom operators, ministries, chambers of commerce, internet Service Providers, trade associations, NGOs and financial institutions benefited from the first electronic certification authority (CA) for developing and least developed countries. In the year 2000, a training workshop financed by WISeKey attracted some 500 participants from 128 countries.
Among many examples of beneficiaries, it is worth mentioning a PKI-enabled secure B2B portal in Mauritius, successful collaborations with Fundandina in Venezuela, Vinakey in Vietnam, Corporación Ecuatoriana de Comercio Electrónico (CORPECE) in Ecuador, Câmara de Dirigentes Lojistas in Brazil, LimaTel in Perú and many other. Please refert to : Annual report 2002. Attachment 16, E-Strategies – activities and progress report, 2002.
A number of these initiatives are still active in the field of e-commerce and e-government. WISeKey is a Sector Member in the ITU – D group.