Presentation is loading. Please wait.

Presentation is loading. Please wait.

Wildman Harrold | 225 West Wacker Drive | Chicago, IL 60606 | (312) 201-2000 | wildman.com © 2010 Wildman, Harrold, Allen & Dixon LLP. Building an Online.

Published byArlene Blair Modified over 7 years ago

Similar presentations

Presentation on theme: "Wildman Harrold | 225 West Wacker Drive | Chicago, IL 60606 | (312) 201-2000 | wildman.com © 2010 Wildman, Harrold, Allen & Dixon LLP. Building an Online."— Presentation transcript:

1 Wildman Harrold | 225 West Wacker Drive | Chicago, IL 60606 | (312) 201-2000 | wildman.com © 2010 Wildman, Harrold, Allen & Dixon LLP. Building an Online Identity Legal Framework American Bar Association Federated Identity Management Legal Task Force Thomas J. Smedinghoff Wildman, Harrold, Allen & Dixon, LLP Chicago Co-Chair, ABA Federated Identity Management Legal Task Force

2 © 2010 Wildman, Harrold, Allen & Dixon LLP. 2 Background ABA Task Force established January 2009 Co-Chairs Thomas J. Smedinghoff, Wildman, Harrold, Allen & Dixon LLP Jane K. Winn, University of Washington School of Law It’s an open project. Participants include: Lawyers, non-lawyers, IdM technology experts, businesspersons, and other interested persons From businesses, associations, and government agencies From U.S., Canada, EU, and Australia so far Website (and sign up for listserv) at – www.abanet.org/dch/committee.cfm?com=CL320041 Alt. URL: http://tinyurl.com/yft89m8

3 © 2010 Wildman, Harrold, Allen & Dixon LLP. 3 Goals Identify and analyze the legal issues that arise in connection with the development, implementation and use of federated identity management systems; Identify and evaluate appropriate legal models to address issues; Develop model terms and contracts that can be used by parties

4 © 2010 Wildman, Harrold, Allen & Dixon LLP. 4 Work Groups Definitions Legal issues Privacy ID Proofing / Notaries Legal structures Model Contracts

5 © 2010 Wildman, Harrold, Allen & Dixon LLP. 5 Interim Projects Include... Liability for what? – Identify what could go wrong Identify existing laws related to identity management Identify potential liability models ID Proofing – Impact on legal issues Notaries as ID proofers Common definitions Levels of Assurance – Impact on legal issues Collecting sample contracts

6 © 2010 Wildman, Harrold, Allen & Dixon LLP. 6 Legal Landscape – The Rules Private rules created by or for the participants – e.g., performance obligations of the participants Preexisting statutory/regulatory rules that impact performance of participants in the IdM system E.g., privacy laws, security laws, FFIEC, etc Preexisting legal rules (statutes, regulations, common law) that impact liability of participants in the IdM system E.g., warranty law, negligence law, etc. Sometimes private rules and existing laws clash

7 © 2010 Wildman, Harrold, Allen & Dixon LLP. 7 Why Do We Care About Legal Issues? We need to create a legal framework to make it work Need rules to ensure participant performance of obligations necessary to make it work Need ability to enforce those rules We need to understand impact of existing laws We need to understand how existing law will determine liability when losses occur What laws we can change by contract (and how) What laws we can’t change, and must comply with Need to understand how to legally mitigate risks and allocate liability Need enforcement mechanism

8 © 2010 Wildman, Harrold, Allen & Dixon LLP. 8 Consider the Sources of the Legal Issues Statutes and regulations (in all relevant jurisdictions) Common law / judicial decisions Standards Industry associations (e.g., PCI DSS) System rules – e.g., Visa rules, ATM system rules Self-imposed requirements Unilateral undertakings, such as privacy policy or CPS Contracts among the parties Trust frameworks Bilateral agreements

9 © 2010 Wildman, Harrold, Allen & Dixon LLP. 9 Consider Categories of Law Contract law Warranty law Tort law Negligent performance Negligent misrepresentation Fraudulent misrepresentation Defamation Third party beneficiary law E-transactions law Consumer protection law Security law Privacy / data protection law Identity theft law Antitrust law Unfair competition law False endorsement False advertising IP law Copyright law Trade secrets law Trademark law Patent law Statutory/regulatory law Governing the IdM process Imposing IdM compliance obligations Liability for the conduct of others Governmental immunity law Other

10 © 2010 Wildman, Harrold, Allen & Dixon LLP. 10 Consider Factors that Affect Application of the Law Nature of the person involved e.g., Individual, consumer, business, corporate entity, government entity Expertise of the person involved e.g., unsophisticated vs. professional / in the business, etc. Nature of the information involved e.g., sensitivity of personal information (e.g., name vs. SSN) Nature of the use involved e.g., login to garden club website vs. launch nuclear missiles Nature of any resulting harm e.g., embarrassment, economic loses, property damage, personal injury Level of assurance involved

11 © 2010 Wildman, Harrold, Allen & Dixon LLP. 11 Other Factors Who created the legal rule? The participants – e.g., contracts? Government statutes or regulation? Court decision – common law? Where does the legal rule apply? What jurisdiction’s law controls transaction? How to handle cross jurisdiction transactions? How can we change the legal rule? Can statutes, regulation, or common law be varied by contract? What happens when laws conflict between jurisdictions?

12 © 2010 Wildman, Harrold, Allen & Dixon LLP. 12 Some Possible Approaches to the Legal Analysis Focus on obligations and concerns of each role E.g., what is the IdP obligated to do to make it work? E.g., what is the IdP concerned about re performance by others? Focus on actions that occur at each point in the IdM process E.g., for issuance of credential... What could go wrong and give rise to liability? What are potential liabilities of each participant (IdP, Subject, Relying Party, etc.) that could flow from such an action? Focus on categories of legal risk E.g., performance risk, privacy risk, security risk, identification risk, technology risk, authentication risk, etc.

13 © 2010 Wildman, Harrold, Allen & Dixon LLP. 13 Recognize That “Liability” Per Se Is Not the Issue “Liability” is just the penalty when you, or someone else, does something wrong We need to define when something is wrong What are you required to do? What are you prohibited from doing? What are you committing to (e.g., representations)? What standard is applied to your conduct? We need to identify the legal issues of concern We can’t address the issue unless we know the potential source of the liability – e.g., warranty, antitrust, tort, contract, duty to authenticate, etc. We need to consider mitigation strategies

14 © 2010 Wildman, Harrold, Allen & Dixon LLP. 14 Some Liability Models DMV model – no IdP liability; other roles bear risk Credit card model – no Subject liability; other roles bear risk Contractual model – negotiated risk allocation Strict liability – regardless of fault Liability caps model EV SSL model – restrictions on ability of IdP to limit liability Warranty model – focus on guarantees Tort model – focus on standards of conduct; negligence

15 © 2010 Wildman, Harrold, Allen & Dixon LLP. 15 Common Problems to Consider The non-waivable statute problem Some laws impact IdM systems Can’t be changed by contract The cross-border problem Addressing the problem of differing legal regimes Requirements in one jurisdiction may not exist in another Requirements in one jurisdiction may conflict with requirements in another

16 © 2010 Wildman, Harrold, Allen & Dixon LLP. 16 Addressing/Controlling Legal Issues Some legal issues cannot be controlled Law governs – cannot be altered; must comply So must understand impact Some legal issues can be controlled by contract Law governs, but can be altered by contract, or No law, so parties can determine by contract or other method For some legal issues its unclear whether the issue can be controlled Governing law cannot be altered in some jurisdictions, but can be altered (or doesn’t exist) in others E.g., SSN transfer must be encrypted in some jurisdictions, but not regulated in others E.G., Consent to transfer of personal data valid in some jurisdictions, not valid in others

17 © 2010 Wildman, Harrold, Allen & Dixon LLP. 17 The Goal Developing an acceptable legal framework that – Provides rules for a workable ecosystem Fairly allocate risk and responsibilities among the parties Works in conjunction with existing law Works cross-border

18 © 2010 Wildman, Harrold, Allen & Dixon LLP. 18 Further Information Thomas J. Smedinghoff Wildman, Harrold, Allen & Dixon LLP 225 West Wacker Drive Chicago, Illinois 60606 312-201-2021 smedinghoff@wildman.com

Download ppt "Wildman Harrold | 225 West Wacker Drive | Chicago, IL 60606 | (312) 201-2000 | wildman.com © 2010 Wildman, Harrold, Allen & Dixon LLP. Building an Online."

Similar presentations

Wildman Harrold | 225 West Wacker Drive | Chicago, IL 60606 | (312) 201-2000 | wildman.com Wildman, Harrold, Allen & Dixon LLP What Is an Identity Trust.

Wildman Harrold | 225 West Wacker Drive | Chicago, IL | (312) | wildman.com Wildman, Harrold, Allen & Dixon LLP What Is an Identity Trust.
Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.

Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.
©2008 Perkins Coie LLP Game Industry Roundtable Privacy Developments for the Game Industry Thomas C. Bell September 24, 2008.

©2008 Perkins Coie LLP Game Industry Roundtable Privacy Developments for the Game Industry Thomas C. Bell September 24, 2008.
The Gathering Cloud computing - Legal considerations David Goodbrand, Partner 28 February 2013 Aberdeen Edinburgh Glasgow.

The Gathering Cloud computing - Legal considerations David Goodbrand, Partner 28 February 2013 Aberdeen Edinburgh Glasgow.
IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.

IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.
I.D. Theft Alaska’s New Protection of Personal Information Act Ed Sniffen Senior Assistant Attorney General Alaska Department of Law.

I.D. Theft Alaska’s New Protection of Personal Information Act Ed Sniffen Senior Assistant Attorney General Alaska Department of Law.
Click your mouse anywhere on the screen to advance the text in each slide. After the starburst appears, click a blue triangle to move to the next slide.

Click your mouse anywhere on the screen to advance the text in each slide. After the starburst appears, click a blue triangle to move to the next slide.
Red Flags Rule & Municipal Utilities

Red Flags Rule & Municipal Utilities
BUSINESS LAW TERMS. LAW Rule of conduct enforced by controlling authority; provides order, stability, and justice.

BUSINESS LAW TERMS. LAW Rule of conduct enforced by controlling authority; provides order, stability, and justice.
Identification of Antitrust Issues Associated with Insurer Ratemaking and Rate-Related Issues Michael L. McCluggage (312) 201-2548

Identification of Antitrust Issues Associated with Insurer Ratemaking and Rate-Related Issues Michael L. McCluggage (312)
NEGLIGENCE Law 12 – MUNDY 2011. Negligence  Tort law is based on mostly case precedents and certain provincial and federal legislation;  Hence, our.

NEGLIGENCE Law 12 – MUNDY Negligence  Tort law is based on mostly case precedents and certain provincial and federal legislation;  Hence, our.
Understanding Legal Liability to Avoid Legal Liability Nigel Trevethan Steven Abramson Mortgage Brokers Association of British Columbia Kelowna – October.

Understanding Legal Liability to Avoid Legal Liability Nigel Trevethan Steven Abramson Mortgage Brokers Association of British Columbia Kelowna – October.
CHAPTER 7 TORTS DAVIDSON, KNOWLES & FORSYTHE Business Law: Cases and Principles in the Legal Environment (8 th Ed.)

CHAPTER 7 TORTS DAVIDSON, KNOWLES & FORSYTHE Business Law: Cases and Principles in the Legal Environment (8 th Ed.)
Wildman Harrold | 225 West Wacker Drive | Chicago, IL 60606 | (312) 201-2000 | wildman.com © 2009 Wildman, Harrold, Allen & Dixon LLP. Identification and.

Wildman Harrold | 225 West Wacker Drive | Chicago, IL | (312) | wildman.com © 2009 Wildman, Harrold, Allen & Dixon LLP. Identification and.
Comprehensive Volume, 18 th Edition Chapter 7: The Legal Environment of International Trade.

Comprehensive Volume, 18 th Edition Chapter 7: The Legal Environment of International Trade.
Consumers Online: Privacy, Security and Identity Professor Margaret Jackson and Marita Shelly Presentation to the RMIT Financial Literacy, Banking & Identity.

Consumers Online: Privacy, Security and Identity Professor Margaret Jackson and Marita Shelly Presentation to the RMIT Financial Literacy, Banking & Identity.
Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.

Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.
Rome II Regulation Conflict rules for torts. Rome II Regulation The Regulation defines: the conflict-of-law rules applicable to non- contractual obligations.

Rome II Regulation Conflict rules for torts. Rome II Regulation The Regulation defines: the conflict-of-law rules applicable to non- contractual obligations.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Wildman Harrold | 225 West Wacker Drive | Chicago, IL 60606 | (312) 201-2000 | wildman.com Wildman, Harrold, Allen & Dixon LLP Identity Management: The.

Wildman Harrold | 225 West Wacker Drive | Chicago, IL | (312) | wildman.com Wildman, Harrold, Allen & Dixon LLP Identity Management: The.

Similar presentations

Ads by Google