Summary

20090506_fidis_D3.12 final 1.0.od

Forensically ready digital identity management systems, issues of digital identity life cycle and context of usage

Collecting necessary digital and network forensics to prove the identity of an individual who is responsible for a crime, or suspected of a malicious attack, or has used a device during an incident, with minimum doubt to the court or other legitimate organisations based on the digital forensic investigation model is one of the most important legal and security issues of digital identity management systems (DIMSs). Without a good understanding and identification of the most important parameters of DIMS based on the digital forensic investigation model, it is not possible to do digital forensic investigation and provide required evidence. Therefore, the main goal of this paper is to identify and prioritise DIMS parameters by considering a user’s digital identity lifecycle, the contexts of usage challenges, and constraints that should be considered in a digital forensic readiness model

Final

“D3.14: Model implementation for a user controlle

Final

The present report reviews the fundamental right to privacy and data protection which shall be assured to individuals and the Directive 95/46/EC which provides more detailed rules on how to establish protection in the case of biometric data processing. The present framework does not seem apt to cope with all issues and problems raised by biometric applications. The limited recent case law of the European Court of Human Rights and the Court of Justice sheds some light on some relevant issues, but does not answer all questions. The report provides an analysis of the use of biometric data and the applicable current legal framework in six countries. The research demonstrates that in various countries, position is taken against the central storage of biometric data because of the various additional risks such storage entails. Furthermore, some countries stress the risks of the use of biometric characteristics which leave traces (such as e.g., fingerprint, face, voice…). In general, controllers of biometric applications receive limited clear guidance as to how implement biometric applications. Because of conflicting approaches, general recommendations are made in this report with regard to the regulation of central storage of biometric data and various other aspects, including the need for transparency of biometric systems

Revisiting the legal regulation of digital identity in the light of global implementation and local difference

This thesis aims to address a vital gap that has emerged in the digital identity regulatory discourse: how can the legal regulation of digital identity mirror the global nature of digital identity and be compatible with national local difference? Digital identity, or the digital representation of an individual, is a complex concept, which manifests in myriad forms (e.g. authenticators, claims, data or information, identifiers, presence, relationship representations and reputation) and natures. As such, it engages a gamut of legal domains ranging from criminal law, constitutional law, human rights law, law of identity schemes, contract law, intellectual property law, tort law and data protection law. Digital identity is global and local in its nature, influence and effects. Yet, the digital identity regulatory discourse has primarily developed in and focussed on the digitally advanced West, leaving out countries like India which are developing strong digital presences, with their own digital identity perceptions and needs. This situation is adverse to the sustained future of digital identity. Thus, the contribution of this thesis lies in filling this gap and preparing the ground for a dialogue between different countries with different national agendas through building international and local awareness of how similarities and differences operate in respect of digital identity, its regulation and providing a modest solution to help preserve the global and local dimensions of digital identity and its regulation. To this end, the thesis carried out comparative legal research on the legal regulation of digital identity using the UK and India as base jurisdictions. The original hypothesis was that that immense differences in the legal regulation of digital identity between the comparator countries would emerge. Yet, though differences were evident, considerable degrees of similarity also emerged, not just on the superficial level of mere identity of rules, but also in legal practice, in large part attributable to India’s penchant for legal transplants. While the transplantation of Western law did not result in a full-scale rejection of the transplanted laws in relation to digital identity in India, there are indications of anomalies caused by the imposition of Western cultural norms through law on an Indian society ill prepared for it. Thus there has resulted a tension between the local and the global, the indigenous and the externally imposed. The challenge is thus to resolve this, taking into account, on the one hand the need to maintain the global nature and relevance of digital identity and the other, the need to accommodate and be responsive to local differences. The thesis proposes a tentative solution called the tri-elemental framework (TeF) which draws from the Indian philosophical and legal concept of dharma (and its elements of Sad Achara, Vyavahara and Prayaschitta) and learns from the most universally relevant digital identity proposal, De Hert’s right to identity. The solution provides one way in which the law regulating digital identity, whatever its nature, can be made sense of and acquire cultural meaning appropriate to local contexts