NSTIC: A Public Privacy Issue

Am not sure how many people on this list are aware of NSTIC.

NSTIC: Refers to the US Gov. DHS/White House - National Strategy for  
Trusted Identities in Cyberspace

I have  had the a opportunity to respond to a (non-publicly) released  
implementation plan (received by me last Friday) and (publicly  
released) draft of these documents for discussion at Kantara.

As this is my own content I dont think there is an issue for me to  
submit it here.  In essence, I used the NSTIC context to present what  
I was hoping to discuss at the Workshop in London.

The points I focused on in the report are the components of the  
proposed Identity Ecosystem that will benefit from a more evolved  
standard in Notice (especially in relation to consent).    I  (and  
most likely everyone else on this list) can see from the draft that  
there are some gaps and fantastic (positive) points that need more  
explanation.  With this in mind I tried to develop a response that  
could make a useful contribution and point of discussion for privacy  
and public policy.

The two gaps I have highlighted are:

1. A more robust understanding of trust is needed to make something  
trustworthy (than is illustrated in report)
2. Transparency: A more advanced utilisation of Notice

(Point number 2 relates as an approach to address point number 1)

As I only had the weekend to put in a response,  I have just quickly  
edited the response (attached) I submitted on Sunday for  
consideration.  My intention is to illustrate an approach to  
addressing transparency gaps.   If anyone is interested in reading,  
commenting, disagreeing, adding on to, rephrasing, relating their  
pointes etc.  I welcome the input and perspective.

Best Regards,

Mark