Open Forum - BCS: Identity Governance

8 December 2016 - A Open Forum on Other in Guadalajara, Mexico

Also available in:
Full Session Transcript

>> LOUISE BENNETT:  I'm very glad there's at least one or two people here, and I hope you're interested this this topic that we think is vitally important because it's about trust and identity online.  Would everyone who is here who wants to participate like to come up to the table, because then I think we can have a better discussion.  Are you all right?  Would you like to put up the slide?  Can we put the slides up?  This workshop on identity governance is about preventing exclusion by cyber identity. 

My name's Louise Bennett.  I have two colleagues here, Andy Smith and (indiscernible) are here.  It's a professional body for IT in the U.K., and it ‑‑ it also has groups of people across the world.  We've got about 70,000 members, and as I say, it's an international organization of IT professionals.  Three of us are in the security community of expertise, and within that community we assist in drawing together the views of the IT profession on issues for government both in the U.K., in the European government and placing like the U.N., and we make policy suggestions on how things should move forward, so we interact with national and international governments. 

Can we have the next one?  We've been very concerned.  Our membership of 70,000 people was surveyed to say what they thought the major worries were on the Internet, and always one of the to three is how to manage your identity on the Internet.  Particularly how you ensure you're not the subject of fraud and don't lose money and don't have your identity stolen and you can act safely on the Internet.  We do a lot of work in this area. 

For the last five years, we've been producing an annual workbook about the identity issues that are important and that are coming up globally.  You can find these on BCS.org/identity if you want to look at how the problems and concerns on identity on the Internet have developed over many years.  This year we made ‑‑ we did something different.  We decided that there really was a need for both the professional body and for people in the IT profession to help their families and for the general public because we're a charity and our charitable aim is to make IT good for society. 

So we thought the general public needed more information about identity management systems, and so what we produced is this yearbook around the place which is simply about how to recognize a good line ‑‑ good online identity scheme.  And what we try to do is put in simple terms the areas you needed to consider, because like so many things in a complex area, there isn't a right or wrong.  In some cases we would say something is much better than something else, but in other cases it's a matter of your own personal opinion. 

A lot of people have been talking about privacy online.  Now, different people have different views about how much they're concerned about their privacy online.  I'm not going to have the same views, perhaps, as you're going to have.  But we do need all of us to consider what we should do, and what we've tried to do is give examples of why it might be important and why it might matter to you, and the first and obviously most important is what you're actually trying to do online, because in different context your privacy and online identity matters to different extents. 

If you're doing a financial transaction, you're going to spend money, you don't want to lose that money.  You want to get the goods that you're trying to buy.  That's a very different thing from just trying to get access to a website that's going to give you information, say, for your project at school.  They often ‑‑ which annoys me very much, they say give your e‑mail address, you know, have a password, and you think why do they need that?  All I'm trying to do is access a publication or get some information?  So obviously, in different situations you want to manage your identity in different ways, and this is what this publication is intended to look at. 

One of the things that really worried us and why we gave this workshop a title of preventing exclusion for our cyber identity is that many countries are now going digital by default, that means that they're saying, it's much cheaper for us to provide services digitally.  A lot of our population have got mobile phones and mobile access and maybe a PC or can go to a library or whatever. 

If we can give them those services online, that will be cheaper for us and may be easier for them, but it may not be easier for everyone.  It may not be possible for everyone.  If they stop offering those services in other ways, you can have big problems. 

In some countries ‑‑ I don't know if anyone is here from India. 

One of the great things they've been doing over the last two or three years is to produce an identity scheme that for the rural population enabling them to get there directly using the online identity and cutting out of middle man, which means much more money goes to the intended recipient.  Because the population ‑‑ a large part of the population was illiterate, they've done their identity management through biometrics and through fingerprints. 

They're farmers.  I have a little cut with a knife on the finger and that would make it not very good.  If you work in the fields all the time, you may not have any fingerprints.  It may be very difficult.  You have to think about these types of things. 

It has been very successful.  It's been rolled out to hundreds of millions of people, and it has people get their allocations, they're rural payments directly and not have a large part of it taken by a middleman, so that's the kind of things that need to be considered, and we think are very important. 

Central to operating online, as I said, is individual identity.  And I'd like to hand over to Andy to talk about some of those identity problems. 

>> ANDY SMITH:  It's interesting being in Mexico, because one of the first things you notice here is English is not the first language.  One of the big problems ‑‑ I mean, I've been playing with identity management systems now for nearly 20 years.  One of the big problems is a lot of identity management systems on the Internet are designed by white men in lab coats for white men in lab coats.  They fail to take into account the fact that the world is very diverse.  A lot of the services that you find on the Internet, in fact, most of the services you find on the Internet are still in English.  There are services now in Chinese, Spanish, French, but it's still predominantly English.  What's really interesting, a simple example, I ordered a sink on the Internet a few weeks ago.  Okay?  But I ordered it from Italy. 

Now the whole website was in Italian with options for English and German and French.  But the terms and conditions on an Italian website were only in English. 

You see this with a lot of systems on the Internet.  With identity systems where you're legally obliging yourself to do something by agreeing to those terms and conditions, if English is not your first language, you really want those terms and conditions to be in your native language.  Be that Spanish, Hindi, Chinese, whatever.  We need to do more to try and persuade people developing these systems that they need to support diversity. 

Too many of these systems are still causing exclusion because they do not support all of the different cultures, languages, belief systems that you see.  So another example we were developing an identity card system, and one of the ideas before people registered their fingerprints was to use alcohol wipes for people to clean their hands.  Okay?  For all of us, that's not a problem. 

But for certain devout Muslims, having alcohol was like no, you know, we can't do that.  And they hadn't thought about that sort of very simple thing from a cultural and religious perspective.  Whether it comes to things like biometrics, it's fine saying let's have a biometric system for our identity system. 

I don't know about you guys, but I've got a very nice mobile phone, and a lot of people I know have iPhones.  They'll use fingerprint readers.  That's great for most people, but what if you don't have hands or you have fingers missing or you work in the cement industry where it basically completely destroys your fingerprints? 

You can iris, but not everybody can see.  Iris readers don't work if you've got cataracts and things like that.  So it's about designing identity systems that are inclusive and can handle the exceptions and do exception handling properly.  If you get an identity system right, you can actually use those differentiations and those exceptions as biometrics within themselves.  So if someone doesn't have particular things, that's actually a very good biometric.  No one will chop off their finger to steal someone's identity we hope. 

So, you know, we need to look at how ‑‑ when systems developed in the States, in the U.K., they developed to support the other countries, especially the next billion coming onto the Internet.  A lot of countries are coming on.  They never had the Internet because they never had the telecom infrastructure in the country to support it. 

With cheap smartphones and 3G and 4G technology being rolled out, you're getting a lot more countries where large numbers of people are coming online because they've got smartphones available.  It's supporting those sorts of people, especially smartphones means they do all their banking and store the personal information on the devices.  So it's getting people to understand that authenticating to the devices as well is really important.

Once this thing has stored all of your passwords for all of those websites you log onto, if someone gets into it, they then can access all the other things where the passwords are stored.  So when you have something like a smart device, authenticating to the device itself is really important and making sure you have that in place to do it. 

So we've got a set of questions that are sort of in this document, but what we wanted to do is discuss with you these questions and get your feedback and get your input on what you think is important. 

>> LOUISE BENNETT:  I'd like to emphasize that the document that we produced was produced by a group of 25 people initially who are specialists in the area, and then it was posted around a whole community of 70,000 for anyone to say, is there something you want to add?  We did include things we got from previous IGFs hoping that it covered international questions as well just concerns that are common in the U.K. 

What we really wanted to know is, are we asking the right questions?  What are your experiences?  Are there things that you can tell us that we can improve this for the future? 

So if I take the first question, just to get it on the slide, he we put how do you ensure IDAM systems don't foster exclusion?  By that we mean identity management systems. 

So the kind of things we covered some of them.  Covering different languages, supporting those with educational, physical, or mental challenges of my sort.  And useable for the kinds of transactions that people now who are coming onto the Internet for the first time may want to do.  So has anyone got any examples of good things or bad things they'd like to tell us that we can discuss and inform us about how to do things better in the future?  Have I got any?  Can I persuade anyone to bring something up? 

>> AUDIENCE:  Natalia from Paraguay, and I have a question.  Is there an age limit for having identity management? 

>> LOUISE BENNETT:  There's no age limit for having an identity management system, but there are age limits for doing many things.  And those vary.  One of the problems is they vary from country to country.  So in the U.K. you can't have any credit card.  You can't get credit online if you're under 18.  You are allowed to have a debit card to take money out of your account when you're 12. 

So you can have a mobile purse or something like that when you're younger.  There are, obviously, restrictions, and one of the things that is of great concern in the U.K. in the moment, we have a bill go parliament, is the protection of children online, and you may have been to other things here about that. 

And we're just producing a standard, a thing caused a PAZ, which is on age verification.  It's being produced because the government is bringing in legislation that says people with explicit things online, pornography and things like, legal for an adult to see, they have to make sure children don't see it.  How do you make sure ‑‑ one sort of default way that people make sure at the moment is they say you have to pay to look at this content using a credit card.  Then the assumption is that you could only have a credit card in our country when you're over 18.  That's not necessarily true in every other country. 

So you have all sorts of different really complicated things.  Age verification associated with your identity is very important.  When you think about that, sometimes you just need to know is that person over or under a certain age?  You don't need to know their name, their date of birth, everything else.  This is one of the things that we're trying to do with this new standard, is to say you can use it to decide that the person is, say, of an age to buy or do a particular thing with an age limit for it. 

It's the same ‑‑ there are a lot of young people here, so perhaps you go to clubs and things, and you have to be over a certain age to go to the disco or to go to the rave or whatever it is.  Is that true?  Anybody have that?  Yeah.  So sometimes they ask you for something like ‑‑ I don't know in your country, in your school if you have any sort of card that enables you to get lunch at school or something like that, a school union card. 

People forge them quite a bit.  They have a driver's license in the U.K. that you get whether you're 17.  It will have your name and date of birth and address on it.  The bouncer at the club can see that.  He shouldn't see that.  He should just know that you're over or you understand the age to be into the club.  There are a lot of very difficult things here.  If you do age verification, that is a very useful thing. 

We actually think the system that we're bringing about in the U.K. at the moment will be very useful for people in lots of other parts of the world, and we hope it will become from starting in the U.K. will become an international standard so people in different countries can say, yes, I'm old enough to buy cigarettes.  I'm old enough to buy alcohol.  I'm old enough to do this.  But also I'm young enough to do this.  Do you want to add to that? 

>> ANDY SMITH:  Yes.  If you take, for example, Facebook, technically you're supposed to be over 16 to be able to use Facebook.  There's no way at the moment of Facebook being able to confirm how old you are.  So you get a lot of people on Facebook under 16.  And that runs ‑‑ that causes various problems.  That's not the only thing.  People need to be of a certain able to use them, but they can use things like stolen credit cards or other forms of fraudulent identity and be able to gain access. 

So the identity systems themselves don't really have age limits, and you shouldn't have age limits in the identity systems themselves.  In fact, what you want is an identity system that anyone from like a 4‑year‑old to an 80‑year‑old can use.  But ones that clearly show when you go over 16, go over 18, go over 21, go over 65, so you can easily evidence that you're over 65 and entitled to a pension.  That you're entitled to things that senior citizens are entitled to. 

And then it should be, the authentication on there should be strong enough and link the identity to the person in a strong enough manner that online services, such as Facebook, banks, the pornography industry, the alcohol industry are able to use that and confirm the evidence they checked people are of a certain age. 

>> LOUISE BENNETT:  Does that answer your question adequately?  Do you have things in your country where you need to verify ages to do various things? 

>> AUDIENCE:  18 is the age for becoming an adult.  But for drinking, this is something funny.  For drinking you can drink only when you are 20.  So it seems you're an adult, but for drinking you have to drink when you are 20. 

I know some parents that have children that verify that the parents themselves have helped their children create their profiles.  So maybe there is another lack of capacity for parents and not for children about privacy.  They have that protection. 

>> LOUISE BENNETT:  What is quite interesting is quite a lot of people in the U.K., we're one of the few countries that doesn't have an identity scheme at all.  We don't have identity cards.  So we've had great problems obeying a rule from the EU that we have to have a government identity scheme, and in fact, some time ago when the previous government came in they threw out inventing an ID scheme for the U.K., because in the U.K. for various reasons there's an absolute visceral dislike of ID schemes. 

The last time we had one was in the second world war.  You got your ration book for milk, sugar and meat and things.  I have my ID card so I can get sugar and things.  But we always hated ID schemes, and so we've got a very complicated system where a lot of different suppliers have got to obey rules and provide identity systems and it's ‑‑ and it's voluntary that you sign up to these. 

We need these systems for quite a lot of things, and some of the data they use to say are you the age that you say you are is on social media.  So if you've gone on Facebook lying about your age, that's going to be used to cross‑reference with something else about how old you are, who you are, et cetera, you're going to get into actually a terrible muddle. 

About what age you are and can you do this, that or the other and what is your identity.  There are lots of interesting things and I do some work with child protection online and talking to young children, they say there's a friend of many my class, these are 9, 10‑year‑olds on Facebook. 

Of course, I'm not, and you know that they are.  Whether you say to them has it ever occurred to you that there might be older people on Facebook, because that is the way that, you know, really nasty people groom someone.  They look at me in horror and say would anyone want to protect your younger?  When you're 9 or 10, you want to pretend you're older.  You can't Visualize someone at 40 pretending they're a child. 

Why would anyone want to do that?  So there are a lot of reasons why you need to know these things and do it well.  Is there anyone else or any of the Chinese from Hong Kong got some questions? 

>> AUDIENCE:  So I'm Connie from Hong Kong.  I'm 15 years old.  Hong Kong teenagers have faced a problem in Hong Kong that we have to create an age in our accounts that is much older than we actually are.  For example, when we open a Facebook account, we have to say that we're 25 years old so that we don't have any restrictions to any of the content on Facebook. 

Also, in Google when we set up different accounts, we also have to create a larger age for ourselves because if we're like under 18, there's some kind of pages that we cannot get access to.  Then these websites might be useful for our schoolwork or for our projects and research.  This actually creates a huge problem.  This age restriction has created a huge problem for us. 

So that our teenagers who choose to create a larger age so that we can have access to this information.  Also, in social media, all kind of social media, there are many kinds of age restriction.  You have over 16 or older than 18 years old in order to have an account.  However, like before you're 18 years old, this is actually a crucial stage for us to meet more new friends, new people, and keep in touch with people that we meet all over the world. 

If we don't have these social media, we can't really have a good path or good tunnel to keep in touch with these kinds of people.  We tend to choose to create a larger age for ourselves.  These age restrictions actually pose a huge challenge for us teenagers. 

>> LOUISE BENNETT:  It's a different challenge to the challenge that I was trying to prevent.  Have you or any of your friends ever, because you perhaps pretended that you're older than you are, have you inadvertently seen things that shock you and that you would really rather not have seen online? 

>> AUDIENCE:  Not really, because in our school, teachers are actually willing to teach us like what should we see and what we shouldn't see.  These kinds of teachings have helped us a lot in knowing what kind of knowledge that we should get in touch with and what kind of websites that we shouldn't have ‑‑ get in touch with, yeah. 

>> LOUISE BENNETT:  I think you're very lucky you've obviously got very good teachers who understand what you're really doing, and are making sure you're safe given that you're bending the rules just a little bit.  One of the problems is that not all schools and teachers and parents actually understand that and can also realize that they can make sure that their child goes to the good sites and gets the good things but is kept away from the harmful things.  It's a very difficult problem, but if you've got good teachers and you've got parents who understand the right thing to do, then I'm glad that it's working for you, and I hope it's working for all of your friends.  Do you want to answer that? 

>> ANDY SMITH:  I have the same thing, because my daughter is 12.  She's on Facebook.  She uses the Internet a lot for schoolwork and all sorts of things, but you have to be over 16 to be on Facebook.  So her and all of her friends are between 16 and 18 as far as Facebook is concerned.  There are problems with that in that there are people that have created identity schemes that use information from social media.  Now, that will also have my age incorrect. 

I work in security.  I'm paranoid.  I only put my personal information on websites that I really trust like government websites.  I don't put, let's say, accurate information like dates of birth and that on sites where I don't think they need it.  My date of birth on Facebook is wrong. 

It's consistent across all of the websites, so they've all got it wrong by the same amount.  And this is one of the problems you see on the Internet.  Organizations, companies, websites asking for more information than they need, and therefore people putting in inaccurate information to protect their privacy and protect themselves online.  That means that what they're trying to achieve doesn't actually work properly. 

But with something like Facebook, the reason that they have an age of 16 is because that's when you can legally sign up to terms and conditions.  Now, I don't know how many people here have got Facebook accounts.  I presume quite a few of you.  How many of you have actually read the terms and conditions? 

>> LOUISE BENNETT:  Anyone at all? 

>> ANDY SMITH:  That's what I expect. 

>> AUDIENCE:  I have but I (indiscernible). 

>> ANDY SMITH:  Both of us are not on Facebook.  I'm no longer on Facebook because I read the terms and conditions.  It's the thing.  There are certain sites I'm not on because I read the terms and conditions, and things like Instagram, they broaden and change the privacy agreement on there that they basically owned the rights to use all of your pictures. 

So any picture you put on Instagram, they have a right to use it.  They did change it so that they owned it, but they backed down on that one after 3 million people left in two days. 

This is where we come to the other program.  All of you guys have Spanish as your first language, don't you?  Right?  Are the Facebook terms and conditions in Spanish?  They are.  That's brilliant.  For a lot of websites ‑‑ I didn't know there were.  I've only seen them in English.  That may be because I used the Facebook in the U.K. 

(Indiscernible conversation)

>> AUDIENCE:  In Mexico the laws to protect the Internet users, the consumer and the ‑‑ in the privacy data protection law, if you are a provider of services or ‑‑ through the Internet, you have to publish the terms and conditions and privacy policies in Mexico in Spanish.  You cannot publish them in English. 

>> ANDY SMITH:  That's good.  I mean, the Canadians and the French have, obviously, done it for French.  There's another country that started to bring in laws like that where if you sell or provide a service into a particular country, it has to ‑‑ the terms and conditions have been to be in the local language.  For example, if you are accessing a service that's hosted in the States, like an information service that you wouldn't normally access or isn't provided directly to Mexico, you would still have terms and conditions in English there. 

It's a lot of the minority language.  How many people are going to put terms and conditions in Welsh?  How many know that Wales exists?  It is really important that laws like this come into force to actually make all these big service providers put their terms and conditions in language you can understand.  You do technically need to be over 16 to agree to them. 

>> LOUISE BENNETT:  I think as well as the languages, you've got the problems of the lengths of the terms and conditions if you look at them.  If you look at them, they're long and complicated.  You say, I can't be bothered.  I want to ‑‑ that's right.  I want to buy such and such.  So yeah, why should I read all of this stuff?  Agree.  Yeah. 

One thing that, again, our institution has been pushing for is just a little traffic light system.  Something very simple saying, the sort of green light would be something like we don't share your data with anyone.  Now that is nice and simple.  The amber light would be we use your data to improve your experience on our website.  The red would be, we share it with ‑‑ we sell it to other people.  Yeah.  Something like that would actually ‑‑ I don't know. 

Let's have a show of hands.  Do you think something would be helpful and useful to make terms and conditions rather than just taking the box.  I'm not sure I want you to sell it to I have no idea who.  Would people think something like that was useful if we pushed for that?  Can I have a show of hands?  You see I'm very persuasive.  No, no.  No.  Tell me. 

>> AUDIENCE:  I don't agree. 

>> LOUISE BENNETT:  Okay. 

>> AUDIENCE:  I heard some comments young people mainly say that they mainly don't care about their privacy or data protection, for example, for access to Facebook.  They just click yes and say I understand because they want to be on social media and share with their partners and see pictures and whatever they do on social media.  They don't care.  They say, I don't care.  It's just my data.  I'm not a criminal and I don't have anything to hide, so why should I care?  I want to be on Facebook.  So in that maybe there's a need to know the value of privacy.  I don't know what they think. 

>> LOUISE BENNETT:  How many of you ‑‑ yes. 

>> AUDIENCE:  Related with that comment, in our countries in Latin America, in most of them, the law requires the proof of the express consent to give the data, especially if it's sensitive data, for example.  I don't know.  It's different in different countries, but the sensitive data, you need proof of express consent and in some cases a signed consent.  It's different than the ‑‑ what you're promoting for the data and privacy issues. 

>> LOUISE BENNETT:  Certainly, just before we came in here, I was at a meeting where the Mexican data protection regulator was talking about your laws, and I was actually very impressed that your data protection laws seem very good, very robust one, and that's important.  That isn't true in every country and isn't true with everyone who might be supplying something to you in a particular country.  I think that's very ‑‑ it's a very important thing.  Do you want to ‑‑

>> AUDIENCE:  Yes.  I need to do this in the mic.  I think one of the problems with data protection laws is it looks great on paper, but even within different government institutions, let along ‑‑ alone companies or public service was and GOs they're not respected.  In Mexico to have a tax deduction you have to give fiscal information.  Your fiscal information and address would be your home address.  I go to a gas station, and I need to get a fiscal receipt for the receipt.  What I get as a receipt isn't enough. 

I have to give my fiscal identity number, and I have to give my physical address, my physical fiscal address, which is where I live, to the gas station attendant, to the grocery store attendant, and they input it all in. 

And actually, technically, now that is no longer legally required because it is a violation of privacy, but the fact of the matter is, most of the computer systems, which is why I love what you guys are proposed.  It's fantastic.  Most of the computer systems developed by everyone as well as default.  If that field isn't put in there, then you can't get a fiscal receipt.  I mean, it's ridiculous. 

If we begin to look at doxxing, it's a huge vulnerability to be people to found physically where they are.  We see unfortunately, and it's not just the case of Mexico, of course, you have really good laws on paper, but even across the agencies it's not in effect.  What you do in terms of people that develop in and are working in many different sectors.  So really celebrate the session, and I love the code you're suggesting, the stoplight system.  I think it would make it easier to make decisions. 

Now, we have a situation where also those databases, that gas station is responsible for protecting your private data, but what capacity does it having, right?  It's a good law, but what sort of suspect is given to have in good security systems from all the gas stations that are collecting that kind of private data.  Just as an example of how complex your guys' job is, which you seem to be doing very well. 

>> LOUISE BENNETT:  That's very kind of you.  We have a remote question. 

>> ANDY SMITH:  This is not a remote one.  I wanted to intervene, but actually the last speaker said what I wanted to say anyway.  What I was going to say is looking at the Mexican situation where I agree with you, I heard what you did.  The laws seem to be very, very good.  Maybe better than ours in the U.K. but certainly very good.  I appreciate what you said about explicit consent, but if explicit consent is seemed to be the tick in the box saying I consent to this, at the end of a 7 or 10‑page condition nobody has read, that doesn't have a lot of value. 

>> AUDIENCE:  Just a quick follow‑up, where you have to put in your personal address to get a receipt depending on what in that information is used for and whether you need the real address to be on the receipt when you go to submit claims and that, this is an example where I tend to put in slightly inaccurate information.  So on websites tend to use 16 Church Road, Bedford, which is the church.  It's a perfectly valid address, but it means I can't be traced to where I actually live. 

A lot of things don't need that level of information.  If there's a good reason for it, I put in accurate information.  On all the websites I put in accurate information, but there are too many organizations online who basically see your identity data as a commodity, as something they can use to make money.  As something they can use for marketing or something they can sell on to other people. 

Almost it's getting better and certainly in Europe it's much better than the rest of the world because we have very strong data protection regulations there is a lot of countries where improvement is required.  Until you get that, you need to be careful what information you put in to all of these forms online and what information you share.  It may not affect you so much today when you're like 14, 15, and messing around on Facebook. 

When you go for a job in four or eight years' time, all of that information is still is there.  You can't delete sufficient from the Internet.  If you know my e‑mail address from when I joined the Internet, you can find postings I did in 1988.  It's still there.  You have to be careful. 

All of those lovely pictures of you with a traffic cone on your head drunk in a bar, they'll still be there when you go to try and get a job.  So you have to be careful what you share and how you share it. 

How you protect your information, what identity credentials you use to protect your information.  Do we want to go to another one? 

>> LOUISE BENNETT:  Yes.  Do you think that you as a user should govern your own identity on the Internet and own that private information, or are you happy for the government to own it or whatever?  Anyone got any views on that?  In China does the government provide an ID system?  Do they own your personal data, or do you own your personal data?  Can you look after it yourself? 

>> AUDIENCE:  In Hong Kong applying for different accounts, the information, yes, it has to be for the government.  Some of them are for the government.  And whatever information ‑‑ actually, they require us to input some sort of information.  For example, your name and you also have to enter a certain ‑‑ a specific contact method to choose whether you want them to contact you via telephone number or via your e‑mail address. 

This information do belong to that specific company, or if the account is related to the government, and yes, it is, the information is given to the government.  Are you happy about that?  In the U.K. quite a lot of people are offering services where you can put all your personal data into a sort of locker or vault, and then you can decide how much of that personal data you're going to share with different people.  You can set all sorts of parameters. 

That's really quite a complicated system, but people who care about their privacy would rather do that than have other people own the data.  Are you familiar with any of these types of systems?  Do you have any views about them? 

>> AUDIENCE:  Actually, for us we believe that actually this information might be actually benefitting our own selves because if you keep your information all to yourself, not letting the government know, and when some cases happen and your government may not be able to protect us.  Like, it creates a negative effect if we actually keep all the information to ourselves. 

However, if we give parts of our information to the government or those private companies, when we actually encounter some problems it may actually help us to protect our own privacy like more than we protect it ourselves. 

>> LOUISE BENNETT:  So your view is that it can ‑‑ it can help you to assert your rights, say, consumer protection rights and things like that if you do that? 

>> AUDIENCE:  Yes. 

>> LOUISE BENNETT:  Do other people agree with that? 

>> AUDIENCE:  I think maybe if you could select some information.  I think you can select some information that the government wants to ‑‑ well, it may help you, but some information I think you should ‑‑ they shouldn't have it, because it's ‑‑ it depends about the situation, and it's about that you have privacy and you have an identity there.  So I think some information like their name maybe, maybe just certain things about your dates. 

Maybe you can share it with the government, but there are some information, some dates that I think you shouldn't share with that government.  I think you ‑‑ you have the right to select which information you want to share and which is information you want to share with yourself.  That's all. 

>> LOUISE BENNETT:  We have one minute left.  You want to say something? 

>> ANDY SMITH:  Three minutes left.  I was trying to negotiate with a person online who wanted to make an intervention and could have done it by video, but we can't do it because we don't have long enough.  He wanted to draw attention to ‑‑ can you put this up at all?  Something he's written about called universal unique identity.  Universally unique identity.  He's given us a website so we can probably publish that in the thing.  They gave you a web address for that. 

>> LOUISE BENNETT:  When you edit the type code, if you write it down, we'll put that website up onto it.  Okay? 

>> ANDY SMITH:  I was going to make a quick point.  Basically do you guys agree that you should own your personal information and it should be your decision who you share it with rather than someone like a government having that information and them deciding who they can share it with? 

>> Do you want to hear from him briefly? 

>> LOUISE BENNETT:  We have one minute left.  Let's get him on.  Okay.  Do you have that? 

>> ANDY SMITH:  We actually have five seconds left.  While they try to sort that out, thank you very much for showing up.  This is really an important subject.  Unfortunately, it wasn't very well publicized in the brochure.  It's actually been a very informative discussion and it's good to hear from the Mexican side of things, and thanks for participating. 

>> LOUISE BENNETT:  We hope that you find this guide useful, and it will make you think what do I want to do and why do I want to do it?  We hope that you'll be able to share it with your friends.  Are we getting the person online? 

>> ANDY SMITH:  No, no. 

>> LOUISE BENNETT:  We've lost it.  Thank you all very much for coming along, and we hope you find the information we provided valuable.  Thank you. 

(Session ended at 11:45 CT)