IGF 2018 - Day 2 - Salle VI - WS382 The Future of Digital Identity and Human Rights

The following are the outputs of the real-time captioning taken during the Thirteenth Annual Meeting of the Internet Governance Forum (IGF) in Paris, France, from 12 to 14 November 2018. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid to understanding the proceedings at the event, but should not be treated as an authoritative record. 

***

 

No Audio.)

>> Hierarchical organizations of domain name servers have proven over time to be reliable and sufficiently scalable.  The current hierarchical approach while functional has its drawbacks.  Root and top‑level domain servers have control over the domains of large portions of internet's resources.  This means that the power of having access to a large number of websites is condensed into a few high‑level domain servers this creates problem of load imbalances where traffic is not properly distributed between the main servers and thus of efficiency.  The hierarchical approach also arises concerns about security, malicious intent tis may execute targeted attacks towards high‑level domain servers blocking the access to a large number of resources possibly inflicting heavy damages to companies and private citizens.  Finally, the high‑level domain servers are not distributed evenly across the globe.  The majority of root servers sites are located in North America and Europe European moreover of the 12 organizations that control the 13 root servers, 8 of those are controlled by U.S.‑based 1 is based in Sweden.  Another in Japan while only two 2 of them have more international base.  The geographical disproportion other than causing load imbalances in the distribution of internet traffic, which is currently higher distribution stakeholders definite did he ever stakeholders did know DNS in addition novel challenges to the structure and solutions of DNS are posted by novel naming systems and multiplied scalability demand brought by emerging paradigms such as IoT.  As a consequence, it is strategic to explore new solutions where mechanisms enhancing the current DNS will or completely alternative to it should be proposed and evaluated.  The current DNS or completely alternative to it should be proposed and evaluated.  In our proposed panel we intend to discuss different DNS weaknesses such as taking into account future internet paradigms such as IoT IoT and lab rating on aspects such as emergency cybersecurity challenges, the demand for neutral internet we will also present an overview and associated discussion of some of the raising technologies that could play a role in DNS evolution ranging from peer‑to‑peer models to Blockchain based solutions.  In this panel we will discuss the limitations of hierarchical client‑server structure of the domain DNS, which is currently used for roving domain names into 77 mechanisms that enhance and/or are completely alternative to DNS.  The panel will be 90 minutes long, and it will be structured in the following way.  First part, a brief introduction that will illustrate the theme of the seduction panelists will be introduced and the problem will be summarized.

>>

>> And a second one is more security‑focused oversimplifications would be and do decentralized databases, and this is a more complex.  In India we have some senses it's decentralized and centrally linked and what other points of failure are the single and multiple and doing a kind of security audit is obviously another important one.

>> Thank you.  And I'm going to hand it over to ramen very quickly to perhaps expound on the pound that Uma just mentioned centralized versus decentralied.  What does it mean for human rights sometimes the link isn't exactly clear.  Perhaps you could guide us through that a little bit.

>> I think one of the challenges when it comes to federated ID is that it's a complex subject, right, and when you say the complexity and human rights together what you'll end up is very long papers very little understanding of what the basic question is, and I think it's very simple.  It's a question about choice.  What federated identity means you don't necessarily have one source of truth or one identity store you have no one idea to rule them all.  You have a recognition and a series of rules either the technical level, sometimes even at the legal level that says, here are the different forms of identity that say a government service, a department, a private sector ‑‑ your ISP your internet commerce site will accept.  We'll check and make sure it's valid and check with the person to use multiple forms of ID and sometimes governments have intraoperationable standards no matter what forms of ID that you might have when you present it if it's a physician version it's recognized that you have no one treasure trove one area target there's multiple forms of it.  I think that's a technical, and I'm a lawyer I like to do a little bit of coding I'm not an engineer, but as a lawyer the one thing I can say to you it's fundamentally about choice.  It is about giving the person the choice to state whether they want to provide that ‑‑ an entity in the first place, and there's may be legal limitations sometimes.  Government buildings require you to have ID and some UNESCO we had to provide a form of ID and also times I will choose multiple forms of ID, and I will make that available and also to say that you don't trust any one you engineering place is important.  Everything can fit, so you want to make sure that something that is robust, resilient all the terms we hear in cybersecurity and ‑‑ and that's why facial identity is successful but uses things not like the Blockchain, which is also a buzzword but to say you can have identity wallets.  You can actually have multiple identity providers who are trusted so long you use it it can be used, and I'm happy to engage later, but I don't want to take more time, but there's more choice in terms of system design when it comes to identity.

>> Thank you.  And Brett, maybe you can further ‑‑ what are some of the other policy recommendations that could help human rights especially when it comes to governance, data protection, legislation, the legal landscape how could that be improved for a digital ID program?

>> So I wish we were having this conversation about 4 years ago.

(Laugh.)

>> Because unfortunately, many of the gradients ‑‑ that would make the setting respecting not be put into place and also as I indicated like a little anachronous because if digital identity is the building block going forward then, you know, how do we make sure that building block is robust as Raman said, and I think that issue of consent is absolutely essential to all of this.  I'm Australian, and I've just been in Australia, and they ‑‑ you know, the Australian government created my health record. 

      Are there any Australians here. 

      If there's any Australians there you would have to opt out of my health work framework by the 31st of October in order to not be in the system; right?  If you don't opt out you're opted in and the consequences of your identity in my health record ‑‑ like it actually has not just like your basic information about what you might or might not have purchased online or what service you've accessed, but the most sensitive data about you, you know, how sick are you?  How healthy are you?  Are you pregnant?  Do you have cancer?  Are you HIV‑positive et cetera, so the, and this is essential, and it was created four or five years ago and there was a massive debate about the health minister who was running the health database both arguing as to who could have access to that database, so that's really the second issue.  It's not just about consent.  It's also about access and designated access as well. 

      Can law enforcement have access to that database?  Can, you know ‑‑ can your health practitioner ‑‑ can your health practitioner share that with other health practitioners.  There's the issue of consent and access and the issue of withdrawing consent as well.  What happens if your identity changes?  Like obviously if you're a transgender person, it's a particular niche part of the community, but it's a part of the community.  What happens if your identity changes?  Is the system sufficiently robust to enable that? 

      I've been kind of been using the hash tag, digitalidentify#everythingforever, so you can change your password, but you can't change your biometrics so what happens when your biometrics are hacked and your biometrics are everything, and like on your phone and many people have a iPhone, and they got facial recognition, bam, somebody takes your device or takes the digital imprint of your face and open up your phone.  We have to think of issues of consent, access, removal of consent but also ‑‑ 

(Clears Throat.)

>> As Raman has been discussing, and this thing at the IGF is about security, cybersecurity and what kind of robust infrastructure is in place to ensure that this very, very essence of you is protected and safe and secure because there's no such thing ‑‑ well, there's no such thing as safety and security in cyberspace.  We need to think of that irreconcilable type of thing and self‑sovereign and federal systems is much better than having a single honey pot.

>> Do you want to add anything else to that before we move on to the next question?

>> Yeah.  Even for folks who aren't generally involved in the digital ID debate ‑‑ I'm sure many have been involved in the digital debates in IGF, but I want to talk about where the it's intersected with India with digital data but more the first is biometrics and consent again one way challenged by the idea of you're walking through airports and parts of your body literally have been used to identify you.  You may or may not know, and it brings up that discussion on data collection and how does an individual control the flow of data that's leaving her, and it's kind of that broader question, and I think it will help us think harder about consent. 

      And the second is, obviously, so in India there was obviously a debate like elsewhere in the tech clash is going on.  The government seemed very keen to pass data protection law, but it was to remind us everybody that they were involved in the largest data collection on personal data, so it brought us to the point you cannot have a data protection law which does not apply to the state because the state is indeed through ID projects among its various other arms going to be actively collecting data.  And also, not collecting data but be able to link the script silos of data using IDs, and I think the nature of the state of data collection is the beast, and you can't have a data protection law that does not fully apply to the state as well, so, yeah, I'll end with that. 

>> Yeah, of course, go ahead.

>> I'm going to put some things ‑‑ we actually have ‑‑ we have this access of debate, and we got together with the help of many people, so all faults are ours but all insights from other people.  We published a policy identification and we're all in the process of updating.  This is about national identity projects, and you want to copy this I have a email version and hard copies as well if you have criticisms we love that, but what I want to give you not the policy recommendations it's a more important one, and I worked in the tech sector.  I had jobs in Google and the favorite of the tech move fast and break things and on identity do not move fast and break things because it's actually critical ‑‑ it undermines trust in a way that you cannot debate.  Being without debate or the U.K. ID card system or the Australian ID car system and many others look at the political controversy triggered and look at the loss of trust created in systems, and there's critical moments to reboot things. 

      In the case of identity systems, you cannot ax them later, and identity is at the core later we identify ourselves in different ways in different places evidence, so that's critical, and sometimes it requires massive rethink and as some of you the French identification director is across the street, and they can create a large identity protection tracking in France which led to a massive realization on the subject what I encourage people those who are trying to create good ID is actually sometimes wait.  It might be slow, but it's worth having consensus in the space because a broken ID system actually kills it for everyone.

>> Yeah, go ahead.

>> I just want to make one point because we've been talking about the citizen and the state.  There's actually another player here is the private sector and multiply and add it to somebody who owns your biometrics, and it's a company.  It doesn't matter if it's the insurance sector the travel industry the banking industry ‑‑ like, there's task forces in all of these sectors.  There's task forces in all of these companies, and they currently building this out because they recognize that, as I say, it's the building block of the digital economy, and that's why part of the reason ‑‑

(Coughing.)

>> It's a recognition that, like, this is where the economy is going to grow.  This is how you're going to buy/sell/leave/travel et cetera

>> The incident of identities.

>> The incident of identities is that a new term.  The incident of identities.  What do we do in the context of the state which has the obligation to protect human rights and what does it mean companies who are building this stuff, industry bodies are building this stuff out and yet not only don't ‑‑ not necessarily subject to digital detection frameworks they're not thinking about this and thinking about it at all, and I'm like what about?  Hmmm, that's kind of interesting well, that's going to impact 50 million identities, so you better start thinking about it. 

>> The conversations have evolved since four years ago so as you said we should have been having this conversation of the landscape of digital identity being more and more development what is this community tech development experts what does this community need when it comes to digital identity, and I want to ask you this question actually.  What pragmatically practically what do we need to see happen and if you could limit your responses to maybe 2 minutes max, so we can take questions from the audience as well, so we can close on this note.

>> So I think the conversation needs a lot of things, but I'll give you a personal anecdote, which, I think, gets to it, which is I in India I'm from a community of analysts, so they got in touch with us and their question was this there's a lot of talk of open source ID particularly folks within the government claiming that this is an open project, so they said do you not think they should come and clarify what open means and openness means?  It's an interesting Funt because you had technologists to say we do need to prevent ‑‑ because it's important to have open ‑‑ whenever these tech stacks are made, they should be open, but they should be a technical community that is able to challenge and prevent what, I think, is now called open washing and just to take it one level up, I think it's also very important in this debate ‑‑ 'cause lawyers like me will often make the point, but we need the support of technologists that are actually evaluating these systems and evaluating the technical claims because you don't want to be in a situation as India was where you have many about to retire, Supreme Court judges looking at a highly technical project and highly technical claims and feel ill‑equipped to understand them and make a reasoned decision so they'd rather say well, the government is telling us it's secure, and I guess we should believe them.  We're already in that situation, but it should not reach to that point anywhere else, and I think the answer is that we start ‑‑ as the human rights community, as people working on digital rights talk to technologists right now.  This should have happened 5 years ago, but it's not too late to start right now.

>> I would just ‑‑ we talked about data protection a little bit I think that many of us are living in operating companies which do have some form of data protection framework but again back to Australia, there is no ‑‑ there's no constitutional right to privacy, so ‑‑ and I think similarly in India we're seeing what happened in courts where they actually identified there's a constitutional right to privacy, so it was almost like, you know, it should have happened the other way around, but, but, the issue around privacy if there isn't frameworks around privacy, what is the redress?  What are sort of the rules of the roads that these systems are being created in and how do citizens remain confident that the state is protecting that data.  That's personally identifiable information as we identified so ‑‑ so we mentioned, so having data protection frameworks in place with, you know, data protection authority that's able to follow best practice, and there's many examples of best practice or getting to be best practices ‑‑ we've seen the JDPR in the European context what data protection can looks like, obviously, it's, you know, not perfect but in the absence the creation of digital identity in the absence of a digital framework is a recipe for disaster that's step 1 and then step 2 as governance as regulators whoever is in the room that's one of the first questions we should be asking. 

>> I completely agree, Brett, thank you for that. 

      Raman?

>> I won't keep you too long, so I think the one question ask is what identity fall?  Why are you collecting data for what purpose?  And sometimes that's really a challenging conversation to have and as you know I would advise engineers and product managers who are powerless to say why are you collecting the data well, unforeseen values of collecting data, and that's a challenge, and that's a question you have in the emerging world and sometimes outside of cultures, outside of nation where is data protection routines have been implemented for 20, 30, 40, years.  There's a question, why do you need my ID my favorite question when I'm going to buy a packet of toothpaste, do you really need my name and address, no; right?  And I ask them why, and that's a question the ID community forget this is really something that is global and, which means that you assume, for example, you have the same existing cause, the same laws you have in Europe and parts of north Africa no that's often not the case, and you often have technologists who don't recognize the issues.  It requires an honest direct question for people what is identity for.  I would leave one question ‑‑ a leadup of it's be careful about why you're doing so and really think about the people we left out.  Usha couldn't join for us because of technology issues.  The 2% who might be able to access the system, somebody who has died because they can't access something criminally, and they couldn't access a family member because of an segregation issue someone being profiled and tracked of police and law enforcement violence but not in the developed world but in the underdeveloped world, and it's perfect and clear what you access in your dashboard is everything.  Sometimes I want people it's not about rights.  It's about challenging what you're building a dashboard for or articulating things for, and we need an honest conversation not acrimonious but be honest why are we building certain things and for what purpose?

>> I agree with that.  Thank you to Brett, Raman and Amba.  I would like to open up the floor for questions, so if any of you ‑‑ great, there's a lot of hands, so I guess I'll start over here, and then I'll go to the right slowly.  Thank you. 

>> AUDIENCE:  Hello, I'm Laura shawl money from the international trademark association.  I have a question I'm not a technologist I've been a tech lawyer but I'm not a coder or programmer but when it comes to questions about digital identity, are you simply talking about literally assigning a number to anybody or are you talking about datasets, unique datasets, what they might look like?  I'm actually not clear when you talk about digital identity how far we're going from a United States perspective I have a social security number, and I have a driver's license when we found out that social security numbers are easily hacked then U.S. states started issuing separate numbers on driver's license, and I'm kind of wondering is it as basic as some sort of universal digital code?  Or is it something else? 

>> MODERATOR:  Thank you so much.  We'll take maybe 3 more questions and then come back to the participants for a round of questions.  I would like to go over here and then over there and then over there. 

>> AUDIENCE:  Hello, I'm Francois, and I'm in Paris.  Can you name the threats.  Recently there was an interview with a French intellectual, and he was using the ‑‑ a new expression I've never heard before.  Technoliberalism.  Is this what you mentioned or not.  Thank you for your time.

>> MODERATOR:  Thank you so much.  Over here. 

>> AUDIENCE:  Hi, my name is John from the IO foundation.  One first comment extending what Brett was mentioning.  It's not only the fact there's this obligation to ‑‑ to to provide an ID and Raman mentioned that having to go and ID yourself.  The consequences of no one doing so are very dire, and they're just automated in a very easy way.  A very Cause Zero and coming around and not presenting that is physical improbabilities.  If I don't enter my ID I don't enter the room or if I can't get services I can figure out a way around to get those same things, but the moment you can control those digital IDs is basically enforcing those restrictions is basically Cause Zero for the organization or government which I see the complication here.  How does the panel feel about the Chinese social credit system which has been imposed and somehow embraced by Mr. Macron yesterday and beyond the fact ‑‑ that a bunch of people get together cannot build a road, so they really have a structure of government and all the services that they provide how do you see the evaluation of the Dows into space and the same, thank you. 

>> MODERATOR:  So one final question.  I believe it was right to my left.  There you go. 

>> AUDIENCE:  Hi.  My name is Katherine Evans, and I'm a research in philosophy sat Saveron University.  I want to talk with you about the relationship between digital identity and the internet of things and all this sharing of data that could maybe help machines work better in terms of efficiency.  The better we know the person the better decision we can make the better information, and the things that are better visioned and things threatening and how it builds the totalitarian risk we were talking about.  Thank you very much.

>> MODERATOR:  Thank you so much, so we'll start with Brett.  Go ahead and answer that question, and then we could take a round of answers and feel.  Hopefully go to remote questions and if folks want to do a second round of questions, thank you. 

>> Yeah, so ‑‑ so on your point related to, like, what are we actually collecting here?  I think we need to think about in its worst‑case scenario as biometrics.  As we think about it in the context of facial recognition, your iris, your breath, your gait and the technology that can also be used to ‑‑ like, the distance that new technologies can kind of jump ‑‑ so from the sensor to the individual can be a face in a crowd of 1,000 people at 60 feet; right?  I mean, don't quote me on those figures.  The point being the technology is advancing to such an extent that you can be identified and tracked back to the database, so that, you know, basically what happens is that your biometrics is geolocated.  Your facial recognition or whatever it is near perfect.  The connection of you, your identity to whatever thing is now in whatever chip is now in your body is also connected to the screen, to the table, to whatever it might be so you've got this internet thing where every single piece of device including the human body is also connected to the internet of things so kind of creating this sense of inescapability, and we talked about issues of anonymity.  Anonymity to our mind is essential to democracy.  We talked about issues of consent, lack of consent and, therefore, on the grid without the ability to log off.  I think a lot of us as organizations we talked about sort of the right to access or the right to connect.  We need to think about the right to disconnect as well and what does that mean in the digital environment.

     So these are ‑‑ I don't know the exactly of technoliberalism, and I didn't hear ‑‑ so the threat that individual agency will become a thing of the past.  Is that the individual will be so connected, so inescapably connected so inescapably located that in the absence of all the things that we've been talking about like data protection, digital governance, et cetera, that we become part of the totalitarian system and those who have ‑‑ I'm sorry to be dystopian, and I haven't read Sci‑Fies on this but I'm sure there's Sci‑Fi on this the state will have total control it will be a relationship between the state and the private sector.  Now some good news.

(Laugh.)

>> 'Cause I think it goes to the question you posed about what is digital ID.  What is it?  It's at least a unique number or at least an identifier for more systems we're concerned by, it's not a linked number it's linked to biometrics, demographics, your name, address, your father, mother's name and ‑‑ but more probable with the digital systems and the challenges that U.S. social security numbers in the minds of the western world the reality is it's actually a very regulated system in its own ways and much more governments are adding more information, information about travel, what you're doing, all sorts of information.  My best example of that is when the Indian finance minister was asked on the floor of the new parliament what link he might future DNA.  He said, yes, but it may be linked I don't discount that possibility.  The government sees technological developments, and he will see it's not abstract there's a discussion sometimes saying link it to IDs, so the challenge we have to link what do you link ‑‑ and I just think a couple of quick points one reality technoliberalism in the context of ID has been said you have a ID number you have a dashboard everything will work.  You don't need the government always there, and you don't need government services, you know, to make the market work better.  The trouble with ID is connects to the lawmakers dashboard government ‑‑ I'm not an expert in that, but I think it's a challenge to encounter. 

      The problem you identified is very important.  It is ‑‑ you cannot avoid the automated consequences of your decision.  In fact, what is normally your right becomes what we call an exception, and it's not language I come up with, for example, in the government of India handbook in our system its an exception an operator must do.  You talk of the Indian government there's exceptions, and they're accountable for it, right, so that's not something that's easy, so actually your rights become these rare exceptions, and I think the challenge you said is the Chinese credit system link with that is not with the government.  The thing that's most troubling to me is the fact a private ecosystem players want to provide services, and they're saying we don't have enough data about you, we can't give you really the services you want even if you want to come up with it and the challenge it's connected exactly what you're saying if we know more about you, we could be better.  The problem it's an addiction, and it's talked at Silicon Valley and all Silicon Valleys globally have connected to the idea if we know more, but it will work better and what so I did do we want it to be.  I don't want a hypertailor society where the government chooses me to give me different services because of the data they have me.  There's times we say no, no more.  That challenges the IDs the link have more data obsession. 

>> I agree with what ramen just said, and the next time you hear of an ID proposal, you often find that it might seem harmless because it might, for example ‑‑ in India take very little data or it might have kind of distributed focuses, but the question at that stage has it become or pushed as kind of a infrastructure that could then be applied to future users?  So it could be DNA, tomorrow it could be criminal process.  It could be, you know ‑‑ I mean, the list is endless, so I think this is one area where I would encourage us to think of dystopian situations because it is created in a way to be used as an structure for multiple purposes there could be good purposes and bad purposes and we're left to our own political process and indeed the politics of our own countries to fight for that, but I think if we can by design ‑‑ I guess by default prevent certain users, that would be a good place to end up. 

>> MODERATOR:  Thank you so much.  I did want to add that national digital identity programs are popping up everywhere.  I mean, the two speakers that we have to my left and to my right are both from India and Brett is guiding a global policy program, but ‑‑ I mean, I'm from Tunisia, and I worked on digital ID as well there was an attempt of having a national digital ID program and all the gaps my fellow speakers have spoken about, and it was attempted passage in parliament, and we see it little not just national digital identity cards but also with public service cards or other types of forms of identity, and so there is a lot of diversity and variance when it comes to geography as well as types, so this is very much the tip of the iceberg.  This conversation, I think, we're touching on a lot of really important topics, but I think every single thing we talked about could be talked about for about a day's workshop, so that being said, I'll open it up for a second round of questions, but I did want to ask first, are there any remote questions?  I don't know who's managing that, no?  Wonderful, so I don't mean wonderful we don't have remote participants, but I will open it up thank you. 

>> AUDIENCE:  Claus from the focus group.  I wonder you ‑‑ I heard one keyword that goes with identity only mentioned once, which is basically citizenship.  We are citizens of a country, and we have a digital citizenship and a lot of these questions you are asking ‑‑ at least a lot of these things are caused that we have not sufficiently defined the rights of the digital citizenship and the relationship between these duties and I think, for example, a lot of questions for data.  If we ‑‑ we can use the same technology, but if we keep the data of our different citizenship created we solve a lot of these problems so don't you think that we should ‑‑ when we talk about security, identity and things like that, go ‑‑ a few steps back and help to establish our digital citizenship and define the rights and duties because everything which comes afterwards will be made much, much easier.

>> MODERATOR:  Thank you.  Go ahead.

>> Thank you.  The ‑‑ the digital identification systems are marketed or prompted on a number of arguments, you know, improves efficiency and enhance security, removes public expenditure, waste and corruption, and so on, and there's also a nexus between the public bureaucracy and members of the tech community working together promoting these mega ‑‑ mega systems.  Counter‑arguments haven't been too powerful or strong enough in my view.  The human rights arguments are there but when it comes to all these other arguments, how do we ‑‑ how do we increase the argument on the side of human rights concerns?  It's an open question to all panel members because when I was discussing the other program, for example, with an activist friend from India, he was actually supportive of it, and he said you can't make omlets without breaking a few eggs.  How did he encounter that sort of mindset?

>> MODERATOR:  Thank you.  Please go ahead. 

>> AUDIENCE:  I'm the executive director of the localized lab.  My question is what sort of threats does digital ID pose to refugees and especially undocumented migrants?  These are invaluable communities whose opinion no one seeks about how they feel about the data taken, where there's oftentimes very little informed consent about what your rights are?  Where this information is restored and who it's shared with.

>> MODERATOR:  Thank you, Dragna, and we have two final questions, and I will close it up so please go ahead. 

>> AUDIENCE:  I'm Greg, and I want to say thank you for all the questions the panel and the members of the public.  The one I wanted to ask is it too late ‑‑ I think anybody I meet to protect my identity from the other ‑‑ other people?  Recently you might have heard about the United States finding opening cold cases and finding killers years after the facts thanks to the DNA that had been uploaded by members of their extended family on genetic databases, but, so that might seem like a good thing, and still a bit too futuristic to wrap our hands around.  Any website with enough data can learn so much about us with just a few clicks psychometrics, Cambridge Analytica, so many things to wonder.  Isn't it too late for us to have, like, correct ‑‑ 

>> MODERATOR:  Well, I hope not.  Please go ahead. 

(Speaker Not Mic'd.)

>> AUDIENCE:  I'm from marketing manager access partnership, different access, so we ‑‑

(Inaudible.)

(Laugh.)

>> AUDIENCE:  So how do you see ‑‑ do you see some kind of form of let's say digital ID‑like version of digital ID which, for example, doesn't have all your biometric information but gives you the opportunity to keep all your prescriptions in one place and be able to give consent and reclaim consent back when you want ‑‑ whenever you want into like a single type of place?  Yes, recently I heard someone speaking that's kind of the future of data claim, data consent.

>> MODERATOR:  Thank you, so I'll give the floor to the speakers before and when you're done with answering the question, if you'd like to just say a few closing words as well, so we can wrap up.  The floor's open. 

>> I just have one thought on undocumented migrants question.  I'm not an expert on this, but I thought I would share two things.  For example, the government ID in India was afforded to residents and not citizens, and that was the distinction that was made.  One of the criticisms that was not from the digital rights community it was giving people to an ID to people blurring the line who was a citizen and who wasn't, so that's one. 

      The second is and, therefore, the link to assume the terrorism link between the national ID and citizenship is not the case but lately I've been hear a lot of private sector consortium and other private sector, and it seems like a buzzword, and it's a fascinating ID that the government giving people it's there should be a way to have an identity and a citizenship that's untethered to government and to understand ‑‑ to some people it sounds like a utopia they believed, but I think to me it brought up a prior question is you can give someone an ID, but the rights that they're entitled to as a result of having that ID will still depend on their government and their rights and the politics of their countries, so I would just urge people not to buy the argument that in India you give people IDs, therefore, you give them food.  There is still that leap to be made and people will still be dealing with realities on the ground and fighting for those things depending who they are in society, so...

>> I thought I would address a few things on marketing the mounting the opposition.  A human challenge of human rights implications is significant, and I don't want to undersell that but as this talk of efficiency more ID systems to put it bluntly are incredibly bad, inefficient and expensive.  It's like a big structure project, right, any massive structure project or standardization project has ‑‑ chooses certain winners and lose and can be inefficient if not done properly and our challenge is sometimes a democratic one.  How do you tell people, look, it's limited government and sometimes you want multiple forms of power and ID it's how you argue for federal systems; right?  Most of the time most people in the capitals to future bluntly hate federal systems how would you share power with a state capitalism you want accrual systems because that efficiency and the market technology this compensation across the IDs is a good thing, but it's a challenge there and the IRC the international government of Red Cross is a good, and I heard from them refugees are a great example even documents of migrants ID in poverty is not what they want they may want it after they're stateless, but they do not want it after, but immediate groups in this case restrict their data who accesses it in the UN system.  We've been engaging with them on what is the UN's recommendations on the issue of legal identity, so that's a situation that I think the floor is open, and we need to, and I think ‑‑ and I want to address your point, I think there's multiple forms of it centralized biometric stuff is all metadata who log in the system and when, and it's hard, and I think there's wallet modes of ID, which are existing and the idea sometimes that you want not to have a centralized ID system, but you want a centralized authenticator, and accept multiple forms of ID we're just saying whether what IDs are okay or not and what's too late.  I don't think it's too late, but I think the question really on identity as well as data protection how much pressure we bring to our elected representatives and the intergovernmental institutions putting limits and restrictions and policy persons I would say this but really we need to campaign and mobilize and channel the moment people are saying put restrictions on what's happening on identity, for example, when you're talking about DNA, put restrictions of questions about how you use it.  The innocence project which in the United States triggered a government of looking at DNA to free people.  They say DNA is not the best form of evidence to convict people.  It can be good to acquit them but not for conviction and we're going and telling law enforcement officials it's actually in the statute, so they're not we will lobby to get it in law, and I think we need to do more communication outside of this room to our elected lawmakers.

>> I'm really glad you picked up the question of refugees and displaced persons because I'm not sure how many of you followed the dreamers in the U.S., basically, the 800,000 kids who came to America with their parents and Obama basically issued an executive order and said come all ye, you know, dreamers, and I will give you a social security number, and I'll also give you the capacity to work; right?  800,000 people joined the database and Trump came along and said thank you very much.  I now have the identity and the biometrics of all 800,000 of you, and it's just a way in which to understand the fragility of refugees or asylum seekers or displaced people and forecasters when these things have been created what do we know of the consequences later on down the track?  So I won't try to address all the questions, but the idea of how do we at this generation if it's hash tag forever, how do we actually create the structure, the policies, the practices, so that future generations aren't part of that dystopian future but are actually able to have control over their own data and their identity to be able to benefit from the systems, from basic social security systems to content access to, you know, healthcare to travel across borders and within borders, and I think that's the challenge that we have.

>> MODERATOR:  Great, so that brings us to the close of our session.  Brett, to echo what you thought, I think we should just continue to think what our future generations will have to deal with especially when it comes to merging digital identity like other it's and big data, and we think of terms being thrown around but eventually they're all going to interact with one another so thank you all so much for coming and thanks to our participants, especially, and wishing you a good rest of your day. 

>> MODERATOR:  Hello, this is working.  Can you hear me clearly, okay.  Great.  There's a lady in the back of the room ‑‑ you just might want to speak with her.  That'd be great.