Privacy & Guardianship Trends
Combined Session
Friday, June 07, 2024 11:30—12:30
Location: B 09
Friday, June 07, 2024 11:30—12:30
Location: B 09
30% of people online around the world are under 18 and societies are judged by how they look after their kids. Germany is quite unique in the fact that its regulatory body, the KJM, has reviewed and approved over 100 methods for age assurance. Many other countries around the world are grappling with this issue. This session will look at the development of this industry - from KYC, AML for the gaming industry, through the range of document based and non document based approaches to assess age - and the balance in terms of offering inclusive approaches for people who do not own or choose to use an identity document based approach. It will address interoperability, the incoming international standards, benchmarking and anti-spoofing.
E-signing is becoming an integral part of many processes for improved customer service and shorter processing time. However, many businesses fail to properly evaluate their risk exposure due to the use of e-signing instead of wet signatures. Many e-signing services look and work smoothly, though fail to ensure sufficient legal evidence to the business. This talk will highlight fundamental cryptographic principles used to identity-protect legal evidence in the advanced and qualified electronic signatures. It will also oppose what looks to be lighter, smoother and more affordable option - electronic sealing often promoted as “e-signing”, to the "true" electronic signing where legal evidence is identity-protected by design.
Existing trust models are one sided: as customers and citizens we are expected to authenticate ourselves to organisations, but these organisations make little or no effort to prove who they are to us.
Proving what rights and capabilities we have, proving who we are to a necessary level of authentication, is half of what we need for a trustworthy relationship - the other half is knowing that we're dealing with the right organisation.
Receiving communication that cannot be authenticated means that we have no way to prove something is real or fake. We cannot tell if this is our bank, real-estate agent, or tax office.
This makes us vulnerable to scams - we cannot tell if something is a scam or not since we have no way of authenticating communication from legitimate organisations. Expecting us to act on un-authenticated communication is encouraging risky behaviour, and the uncertainty about whether a communication is legitimate or not corrodes our trust in institutions.
This session makes the argument that we need all organisations to authenticate themselves on every communication to every customer to the extent possible.
