Genetic information is becoming increasingly used in modern life, extending beyond medicine to familial history, forensics and more. Following this expansion of use, the effect of genetic information on people’s identity and ultimately people’s quality of life is being explored in a host of different disciplines. While a multidisciplinary approach is commendable and necessary, there is the potential for the multidisciplinarity to produce conceptual misconnection. That is, while experts in one field may understand their use of a term like ‘gene’, ‘identity’ or ‘information’ for experts in another field, the same term may link to a distinctly different concept. These conceptual misconnections not only increase inefficiency in complex organisational practices, but can also have important ethical, legal and social consequences. This paper comes at the problem of conceptual misconnection by clarifying different uses of the terms ‘gene’, ‘identity’ and ‘information’. I start by looking at three different conceptions of the gene; the Instrumental, the Nominal and the Postgenomic Molecular. Secondly, a taxonomy of four different concepts of identity is presented; Numeric, Character, Group and Essentialised, and their use is clarified. A general concept of Information is introduced, and finally three distinct kinds of information are described. I then introduce Concept Creep as an ethical problem that arises from conceptual misconnections. The primary goal of this paper is to reduce the potential for conceptual misconnection when discussing genetic identity and genetic information. This is complimented by three secondary goals—1) to clarify what a conceptual misconnection is, 2) to explain why clarity of use is particularly important to discussions of genes, identity and information and 3) to show how concept creep between different uses of genetic identity and genetic information can have important ethical outcomes.
“Privacy as confidentiality” has been the dominant paradigm in computer science privacy research. Privacy Enhancing Technologies (PETs) that guarantee confidentiality of personal data or anonymous communication have resulted from such research. The objective of this paper is to show that such PETs are indispensable but are short of being the privacy solutions they sometimes claim to be given current day circumstances. Using perspectives from surveillance studies we will argue that the computer scientists’ conception of privacy through data or communication confidentiality is techno-centric and displaces end-user perspectives and needs in surveillance societies. We will further show that the perspectives from surveillance studies also demand a critical review for their human-centric conception of information systems. Last, we rethink the position of PETs in a surveillance society and argue for the necessity of multiple paradigms for addressing privacy concerns in information systems design.
During the last few years a large number of companies have emerged offering DNA testing via the Internet “direct-to-consumer”. In this paper, I analyse the rhetoric appeal to personal identity put forward on the websites of some of these consumer genomics companies. The investigation is limited to non-health-related DNA testing and focuses on individualistic and communitarian—in a descriptive sense—visions of identity. The individualistic visions stress that each individual is unique and suggest that this uniqueness can be supported by, for example, DNA fingerprinting. The communitarian visions emphasise that individuals are members of communities, in this case genetic communities. It is suggested that these visions can be supported by, for example, various types of tests for genetic ancestry tracing. The main part of the paper is devoted to an analysis of these communitarian visions of identity and the DNA tests they refer to.
Identity governance is an emerging concept for fine-grained conditional disclosure of identity information and enforcement of corresponding data handling policies. Although numerous technologies underlying identity management have been developed, people still have difficulty obtaining a clear picture of how their identity information is maintained, used, and propagated. An identity management framework is described for tracking the history of how a person’s identity information is handled after it is transferred across domains of control and for enforcing meta-policies related to managing identity information distributed over the Internet. With this framework, organizations that manage identity information can improve accountability for their data practices and thereby increase their trustworthiness. The framework also enables users to control and optimize the propagation of their identity information in a user-centric manner.
The convergence of biomedical and information technology holds the potential to alter the discourses of identity, or as is argued here, to turn us inside out. The advent of digital networks makes it possible to ‘see inside’ people in ways not anticipated and thus create new performance arenas for the expression of identity. Drawing on the ideas of Butler and Foucault and theories of performativity, this paper examines a new context for human-computer interaction and articulates potentially disturbing issues with monitoring health rather than wellbeing. It argues that by adopting explicitly social framings we can see beyond the idea of medical interventions for health to recognize the political implications of the new categorizations and their implementation in code. In the process, it critiques traditional ways of understanding machine-body relations within the field of technology design.
The individual management of online identity, as part of a wider politics of personal information, privacy, and dataveillance, is an area where public policy is developing and where the public sector attempts to intervene. This paper attempts to understand the strategies and methods through which the UK government and public sector is engaging in online identity management. The analysis is framed by the analytics of government (Dean 2010) and governmentality (Miller and Rose 2008). This approach draws attention to the wide assemblage of public and private actors with shared regimes of practice and fields of visibility, as well as to the extent to which individual actors are made responsible for their own identity management. The paper also uses communication and discursive research to examine the potential failings of engagement efforts. Communication theory suggested that the assumption of individual responsibility, alongside linguistic distortions created by this way of understanding the problematic of identity management, complicate and fundamentally limit engagement activity.
Much legislation dealing with the uses of genetic information could be criticised for exceptionalising genetic information over other types of information personal to the individual. This paper contends that genetic exceptionalism clouds the issues, and precludes any real debate about the appropriate uses of genetic information. An alternative to “genetically exceptionalist” legislation is to “legislate for fairness”. This paper explores the “legislating for fairness” approach, and concludes that it demonstrates a fundamental misunderstanding of both how legislation is drafted, and how it is interpreted. The uncomfortable conclusion is this: policy-makers and legislators must tackle head-on the difficult policy questions concerning what should and should not be done with genetic information. Only by confronting this crucial issue will they achieve a workable legislative solution to the problems caused by genetic information.
The amount of personal data now collected through contemporary marketing practices is indicative of the shifting landscape of contemporary capitalism. Loyalty programs can be seen as one exemplar of this, using the ‘add-ons’ of ‘points’ and ‘miles’ to entice consumers into divulging a range of personal information. These consumers are subject to surveillance practices that have digitally identified them as significant in the eyes of a corporation, yet they are also part of a feedback loop subject to ongoing analysis. This paper focuses on this analysis as the ‘cultural circuit’ of loyalty programs—the ongoing process of meaning-making in this form of contemporary marketing—as exemplary of what Nigel Thrift calls “soft capitalism”(1997, 2005). Loyalty programs engage consumers in an ongoing ‘relationship’ with a corporation, yet it is one predicated on the collection and analysis of personal data in order to identify, maintain and increase profits from these consumer ‘relationships.’ This paper looks at ways of knowing, application and revision in the cultural circuit of loyalty program marketing as a form of reflexive marketing and raises concerns about consumer subjectivity in the context consumer culture that mediates much of contemporary experience. These technologies and practices continually adapt and adjust to strategically act toward consumers as a form of consumer surveillance based on an increasingly intensive and nuanced knowledge of their behaviours.
This paper presents a framework for the design of human-centric identity management systems. Whilst many identity systems over the past few years have been labelled as human-centred, we argue that the term has been appropriated by technologists to claim moral superiority of their products, and by system owners who confuse administrative convenience with benefits for users. The framework for human-centred identity presented here identifies a set of design properties that can impact the lived experience of the individuals whose identity is being managed. These properties were identified through an analysis of public response to 15 historic national identity systems. They capture the practical design aspects of an identity system, from structural aspects that affect the flow of information - Control Points, Subject Engagement, Identity Exposure, Population Coverage—to the metrical aspects that considers how information is used and perceived—Expert Interpretation, Population Comprehension, Information Accuracy, Information Stability, Subject Coupling, Information Polymorphism. Any identity system can be described in terms of these fundamental properties, which affect individuals’ lived experience, and therefore help to determine the acceptance or rejection of such systems. We first apply each individual property within the context of two national identity systems—the UK DNA Database and the Austrian Citizen Card, and then also demonstrate the applicability of the framework within the contexts of two non-government identity platforms—Facebook and Phorm. Practitioners and researchers would make use of this framework by analysing an identity system in terms of the various properties, and the interactions between these properties within the context of use, thus allowing for the development of the potential impacts that the system has on the lived experience.
The article argues for a shift of perspective in identity management (IDM) research and development. Accessibility and usability issues affect identity management to such an extent that they demand a reframing and reformulation of basic designs and requirements of modern identity management systems. The rationale for the traditional design of identity management systems and mechanisms has been security concerns as defined in the field of security engineering. By default the highest security level has been recommended and implemented, often without taking end-user needs and accessibility issues into serious consideration. The article provides a conceptual framework for inclusive IDM, a brief overview of the regulatory status of inclusive IDM and a taxonomy of inclusive identity management methods. Several widespread IDM approaches, methods and techniques are analyzed and discussed from the perspective of inclusive design. Several important challenges are identified and some ideas for solutions addressing the challenges are proposed and discussed.
In this article, I argue that lawmakers must abandon their previous reluctance to engage with questions of personal identity (PI). While frequently seen as an esoteric subject, of limited interest outside of academic philosophy departments, I attempt to show that, in fact, assumptions about PI—and its durability in the face of certain psychological or genetic changes—underpin many current legal rules. This is most perhaps obviously exemplified with regard to reproductive technologies. Yet the Parfitian challenge to identify a victim of ‘bad’ reproductive choices has been largely overlooked in framing legislative responses to such technologies. Furthermore, I argue, it is not only with regard to emerging technologies that questionable assumptions about PI play a role; legal responses to questions about the attribution of criminal responsibility, and about the treatment of demented or brain-injured people, necessitate a frank engagement with such questions. It may be, however, that a multi-faceted approach to PI, which takes account of genetic, psychological and social factors—will prove a better fit for the myriad needs of the legal system than any sort of ‘unified theory of identity’.
This paper explores the intersections between national identity and the production of medical/population genomics in Mexico. The ongoing efforts to construct a Haplotype Map of Mexican genetic diversity offers a unique opportunity to illustrate and analyze the exchange between the historic-political narratives of nationalism, and the material culture of genomic science. Haplotypes are central actants in the search for medically significant SNP’s (single nucleotide polymorphisms), as well as powerful entities involved in the delimitation of ancestry, temporality and variability (www.hapmap.org). By following the circulation of Haplotypes, light is shed on the alignments and discordances between socio-historical and bio-molecular mappings. The analysis is centred on the comparison between the genomic construction of time and ethnicity in the laboratory (through participant observation), and on the public mobilisation of a “Mexican Genome” and its wider political implications. Even though both: the scientific practice and the public discourse on medical/population genomics are traversed by notions of “admixture”, there are important distinctions to be made. In the public realm, the nationalist post-revolutionary ideas of Jose Vasconcelos, as expressed in his Cosmic Race (1925), still hold sway in the social imaginary. In contrast, admixture is treated as a complex, relative and probabilistic notion in laboratory practices. I argue that the relation between medical/population genomics and national identity is better understood as a process of re-articulation (Fullwiley Social Studies of Science 38:695, 2008), rather than coproduction (Reardon 2005) of social and natural orders. The evolving process of re-articulation conceals the novelty of medical/population genomics, aligning scientific facts in order to fit the temporal and ethnic grids of “Mestizaje”. But it is precisely the social and political work, that matches the emerging field of population genomics to the pre-existing projects of national identity, what is most revealing in order to understand the multiple and even subtle ways in which population genomics challenges the historical and identitarian frames of a “Mestizo” nation.
Built-in privacy has for too long been neglected by regulators. They have concentrated on reacting to violations of rules. Even imposing severe fines will however not address the basic issue that preventative privacy protection is much more meaningful. The paper discusses this in the context of the International Working Group on Data Protection in Telecommunications (“Berlin Group”) which has published numerous recommendations on privacy-compliant design of technical innovations. Social network services, road pricing schemes, and the distribution of digital media content have figured prominently in the group’s latest working papers. More recently, a judgment of the European Court of Human Rights has thrown light on weaknesses in the protection of patients’ data in hospitals that requires urgent action by designers of IT systems. Built-in privacy is no magic button, no panacea, but it has turned out to be a necessary condition for meaningful privacy protection.
An accountability-based privacy governance model is one where organizations are charged with societal objectives, such as using personal information in a manner that maintains individual autonomy and which protects individuals from social, financial and physical harms, while leaving the actual mechanisms for achieving those objectives to the organization. This paper discusses the essential elements of accountability identified by the Galway Accountability Project, with scholarship from the Centre for Information Policy Leadership at Hunton & Williams LLP. Conceptual Privacy by Design principles are offered as criteria for building privacy and accountability into organizational information management practices. The authors then provide an example of an organizational control process that uses the principles to implement the essential elements. Initially developed in the ‘90s to advance privacy-enhancing information and communication technologies, Dr. Ann Cavoukian has since expanded the application of Privacy by Design principles to include business processes.
In view of rapid and dramatic technological change, it is important to take the special requirements of privacy protection into account early on, because new technological systems often contain hidden dangers which are very difficult to overcome after the basic design has been worked out. So it makes all the more sense to identify and examine possible data protection problems when designing new technology and to incorporate privacy protection into the overall design, instead of having to come up with laborious and time-consuming “patches” later on. This approach is known as “Privacy by Design” (PbD).
With the proliferation of networked electronic communication came daunting capabilities to collect, process, combine and store data, resulting in hitherto unseen transformational pressure on the concepts of trust, security and privacy as we know them. The Future Internet will bring about a world where real life will integrate physical and digital life. Technology development for data linking and mining, together with unseen data collection, will lead to unwarranted access to personal data, and hence, privacy intrusion. Trust and identity lie at the basis of many human interactions and transactions, and societies have developed legitimate concern for privacy being essential for freedom and creativity. The burgeoning development of the Information Society, particularly during the past fifteen years, transcended the societal readiness to respond to the transformational change evoked by ICT. We have reached the eleventh hour for the preservation of trust and privacy as elements that can be transposed into our digital future. Europe has been at the forefront in recognizing the importance of privacy protection in relation to digital data, witness the advanced European legislation in this domain. The European Commission recognizes that appropriate measures need to combine technology development with legal means, user awareness and tools supporting data controllers to comply with law in an accountable and transparent way, and that empower users with a controlling stake in managing their personal data. Activities are underway at many levels. European RTD programmes play their role in supporting research in trustworthy ICT, privacy enhancing technologies, privacy-by-design in service layers as well as in networks, enabling technologies such as cryptography, and in generalized frameworks for trust and privacy-protective identity management.
An introductory message from Peter Hustinx, European Data Protection Supervisor, delivered at Privacy by Design: The Definitive Workshop. This presentation looks back at the origins of Privacy by Design, notably the publication of the first report on “Privacy Enhancing Technologies” by a joint team of the Information and Privacy Commissioner of Ontario, Canada and the Dutch Data Protection Authority in 1995. It looks ahead and adresses the question of how the promises of these concepts could be delivered in practice.