2009 Participants

Patricia Abril
Assistant Professor University of Miami School of Business

Alessandro Acquisti
Associate Professor Carnegie Mellon University

Joseph Alhadeff
VP Global Public Policy and CPO Oracle

Annie Anton
Professor North Carolina State University

Fabio Arcila, Jr.
Associate Professor Touro Law Center

Madison Ayer
Vice President, Strategy and Policy ID Watchdog

John W. Bagby
Professor of Information Sciences and Technology The Pennsylvania State University University

Kenneth Bamberger
Assistant Professor of Law University of California, Berkeley, School of Law

William Banks
Board of Advisors Distinguished Professor of Law and Public Administration Director, Institute for National Security and Counterterrorism Syracuse University College of Law

Kevin Bankston
Senior Staff Attorney Electronic Frontier Foundation

Ann Bartow
Professor University of South Carolina School of Law

Robin Bayley
President and Principal Linden Consulting, Inc.

Colin Bennett
Professor Department of Political Science University of Victoria

Jody Blanke
Professor Mercer University

Marc Blitz
Associate Professor Oklahoma City University School of Law

Caspar Bowden
Chief Privacy Adviser EMEA Microsoft EMEA

Ian Brown
Senior Research Fellow Oxford Internet Institute

Aaron Burstein
Research Fellow UC Berkeley School of Information

Ryan Calo
Residential Fellow Stanford Law School

Lisa Madelon
Campbell Acting General Counsel Office of the Privacy Commissioner of Canada

Alvaro Cardenas
Postdoctoral Scholar University of California, Berkeley

Brian Carver
Assistant Professor UC Berkeley School of Information

Anupam Chander
Professor University of Chicago/UC Davis

Janet Chapman
Principal, CIPP Privacy Practitioner and Consultant

Danielle Citron
Professor of Law University of Maryland School of Law

Raphael Cohen-Almagor
Professor Department of Politics and International Studies, The University of Hull

Chris Conley
Technology & Civil Liberties Fellow ACLU of Northern California

Mary J. Culnan
Slade Professor of Management and IT Bentley University

Clifford Davidson
Associate Proskauer Rose LLP

Michelle Dennedy
Chief Governance Officer, Cloud Computing Sun Microsystems, Inc.

Deven Desai
Associate Professor Thomas Jefferson School of Law

Lothar Determann
Professor Freie Universitaet Berlin Visiting Professor, UC Berkeley, School of Law

Will DeVries
Associate WilmerHale

Pam Dixon
Executive Director World Privacy Forum

Laura Donohue
Professor Georgetown Law School

Cynthia Dwork
Principal Researcher Microsoft Research

Mark Eckenwiler
Associate Director Office of Enforcement Operations U.S. Dept. of Justice Criminal Division

Mary Fan
Assistant Professor of Law American University Washington College of Law

Kenneth Farrall
Annenberg School for Communication

David Flaherty
Professor Professor Emeritus, University of Western Ontario

Tanya Forsheit
Partner and Co-Head, Privacy and Data Security Practice Group Proskauer Rose LLP

Susan Freiwald
Professor of Law University of San Francisco School of Law

A Michael Froomkin
Professor U. Miami School of Law

Amy Gajda
Assistant Professor of Journalism, Assistant Professor of Law University of Illinois College of Law & College of Media

Simson Garfinkel
Associate Professor Naval Postgraduate School

Michael Geist
Professor University of Ottawa, Faculty of Law

Lauren Gelman
Executive Director Center for Internet and Society, Stanford Law School

Beth Givens
Director Privacy Rights Clearinghouse

Dorothy Glancy
Professor of Law Santa Clara University School of Law

Nathaniel Gleicher
Research Fellow Yale Law School Information Society Project

Eric Goldman
Associate Professor Santa Clara University School of Law

Joshua Gomez
Master’s Candidate UC Berkeley School of Information

Nathaniel Good
Researcher PARC

Jennifer Granick
Civil Liberties Director Electronic Frontier Foundation

Jens Grossklags
UC Berkeley, School of Information

Joseph Hall
Postdoctoral Research Associate UC Berkeley/Princeton

Woodrow Hartzog
Roy H. Park Fellow and Ph.D. Student University of North Carolina at Chapel Hill School of Journalism and Mass Communication

Allyson Haynes
Associate Professor of law Charleston School of Law

Stephen Henderson
Associate Professor Widener University School of Law

Kashmir Hill
Journalist/Editor Freelance/Above The Law

Dennis Hirsch
Professor Capital University Law School

Lance Hoffman
Distinguished Research Professor The George Washington University Computer Science Dept.

Marcia Hofmann
Staff Attorney Electronic Frontier Foundation

Chris Hoofnagle
Director, Information Privacy Programs Berkeley Center for Law & Technology

Jeff Jonas
Chief Scientist, IBM Entity Analytics IBM

Jerry Kang
Professor UCLA School of Law

Ian Kerr
Professor University of Ottawa Faculty of Law

Orin Kerr
Professor George Washington University Law School

Saskia Kim
Chief Counsel Senate Judiciary Committee

Jennifer King
Researcher Samuelson Clinic/BCLT

Jacqueline Klosek
Senior Counsel Goodwin  Procter LLP

Florian Knauer
Research Assistent at Humboldt University, Berlin, Germany Visiting Scholar at Berkeley Law School

Colin Koopman
Research Fellow University of California, Santa Cruz

Professor of International Law London Metropolitan University

Daniel Kreiss
Ph.D. Candidate Stanford University

Raymond Ku
Professor of Law Case Western Reserve University School of Law

Rick Kunkel
Associate Professor University of St. Thomas

Barbara Lawler
Chief Privacy Officer Intuit

Marcel Leonardi
Professor University of Sao Paulo, Brazil, Faculty of Law Fellow at the Google Policy Fellowship Program, working at the Electronic Frontier Foundation.

Jacqueline Lipton
Professor Case Western Reserve University School of Law

Jennifer Lynch
Fellow & Supervising Attorney UC Berkeley School of Law, Samuelson Law, Technology & Public Policy Clinic

Christine Lyon
Partner Morrison & Foerster LLP

Junichiro Makita
Visiting Scholar UC Berkeley

Carter Manny
Professor of Business Law School of Business University of Southern Maine Portland, Maine

Aaron Massey
Computer Science Doctoral Student North Carolina State University

Andrea Matwyshyn
Assistant Professor, Legal Studies & Business Ethics Wharton School, University of Pennsylvania

Aleecia McDonald
Doctoral Candidate Carnegie Mellon

William McGeveran
Associate Professor University of Minnesota Law School

Joanne McNabb
Chief California Office of Privacy Protection

David Medine
Partner WilmerHale

Marci Meingast
Computer Scientist/Researcher Adobe

Terence Melonas
Undergraduate Student Pennsylvania State University College of Information Sciences & Technology Privacy Assurance Lab

Jon Mills
Dean Emeritus, Professor of Law & Director of Center for Governmental Responsibility University of Florida Levin College of Law

Mary Minow

Deirdre Mulligan
Assistant Professor School of Information UC Berkeley Berkeley Center for Law and Technology

Erin Murphy
Assistant Professor UC Berkeley School of Law

Peter Neumann
Principal Scientist SRI International, Computer Science Lab

Paul Ohm
Associate Professor University of Colorado Law School

Nicole Ozer
Technology and Civil Liberties Policy Director ACLU of Northern California

Professor Marcy Peek
Assitant Professor of Law Whittier Law School

Nikolaus Peifer
Professor of Law, Director of the Instiute for Media and Communication Law University of Cologne Visiting Scholar at Berkeley Law School

Stephen Penk
Professor University of Auckland New Zealand

Mariette Pilon
Senior Legal Counsel Canadian Association Of University Teachers

Travis Pinnick
Graduate Researcher UC Berkeley School of Information

Vincent Polley
President KnowConnect PLLC

Jules Polonetsky
Co-Chairman and Director Future of Privacy Forum

Paula Purcell
COO Corporate Privacy Group

Richard Purcell
CEO Corporate Privacy Group

Alan Raul
Partner Sidley Austin LLP

Joel Reidenberg
Associate Vice President for Academic Affairs Founding Director Center on Law & Information Policy Fordham University School of Law

Virginia Rezmierski
Adjunct Associate Professor School of Information & The Gerald R. Ford School of Public Policy The University of Michigan

Neil Richards
Professor of Law Washington University School of Law

Ira Rubinstein
Senior Fellow Information Law Institute NYU School of Law

James Rule
Distinguished Affiliated Scholar Center for the Study of Law and Society, University of California, Berkeley

Albert Scherr
Professor of Law Franklin Pierce Law Center

Dawn E. Schrader
Associate Professor Cornell University

Jason Schultz
Acting Director, Samuelson Clinic UC Berkeley School of Law

Galina Schwartz
Dr. UC-Berkeley (TRUST)

Paul Schwartz
Professor of Law UC Berkeley law school

Andrew Serwin
Partner Foley & Lardner LLP

Christopher Slobogin
Milton Underwood Professor of Law Vanderbilt University Law School

Thomas Smedinghoff
Partner Wildman, Harrold, Allen & Dixon LLP

Christopher Soghoian
Berkman Center For Internet & Society, Harvard University

Daniel Solove
Professor of Law George Washington University Law School

Ashkan Soltani
Masters Student UC Berkeley School of Information

Jeff Sovern
Professor of Law St. John’s University School of Law

Gerard Stegmaier
Senior Associate Adjunct Wilson Sonsini Goodrich & Rosati Adjunct Professor, George Mason University School of Law

P. Subra Subrahmanyam
Chairman UCB/CyberKnowledge

Peter Swire
Professor of Law Ohio State University Senior Fellow, Center for American Progress

David Thaw
School of Information UC Berkeley

Lee Tien
Senior Staff Attorney Electronic Frontier Foundation

Matthew Tokson
Law Clerk to the Honorable A. Raymond Randolph of the United States Court of Appeals 2009-2010 Kauffman Innovation Fellow at the University of Chicago Law School

Michael Traynor Former President, ALI

Stefaan Verhulst
Chief of Research The Markle Foundation

Colette Vogele
Founder Vogele & Associates

Shelton Waggener
Associate Vice Chancellor & CIO UC Berkeley

Mark Webber
Partner Osborne Claire

Anna Westfelt
Student Berkeley School of Law

Alan Westin
Professor of Public Law & Government Emeritus Columbia University

Stephen Wicker
Professor Cornell University

Lauren Willis
Assoc. Professor of Law Loyola Law School

Jane Winn
Professor University of Washington School of Law

Peter Winn
Assistant U.S. Attorney United States Department of Justice

Shane Witnov
Law Student UC Berkeley Law

Christopher Wolf
Co-Chair Future of Privacy Forum

Heng Xu
Assistant Professor Pennsylvania State University

Maureen Young
Partner Binham McCutchen LLP

Michael Zimmer
Assistant Professor School of Information Studies, University of Wisconsin-Milwaukee

Amy Gajda, Privacy Before The Right to Privacy: Truthful Libel and the Earliest Underpinnings of the Privacy Tort

Amy Gajda, Privacy Before The Right to Privacy: Truthful Libel and the Earliest Underpinnings of the Privacy Tort

Comment by: Dorothy Glancy

PLSC 2009

Workshop draft abstract:

Samuel Warren and Louis Brandeis are widely credited with spurring the creation of legal protection for personal privacy in the United States. Their 1890 Harvard Law Review article, The Right to Privacy, lambasted what the two authors considered sensational and invasive newspaper coverage and, it is often said, laid the foundation for modern privacy law, including the tort remedy for Publication of Private Facts.  This Article, however, traces the underpinnings of that tort protection back long before Warren and Brandeis’ landmark article.  Even before the two law partners famously slammed journalism and suggested that journalists be punished for publishing stories regarding private behavior, courts in the United States had both recognized the value of personal privacy and strongly condemned journalists for their invasive practices.  This Article explores those early legal foundations and suggests why Warren and Brandeis may have elected not to enlist this precedent in support of their cause:  some of the rulings most relevant to expanded legal protection against invasive news coverage are pointedly aligned with past abuses of legal power, including the infamous Star Chamber.

Heng Xu, John W. Bagby and Terence Ryan Melonas, Incentivizing Innovation in Wireless Advertising Messaging (WAM): Balancing Privacy Enhancing Security with Regulation

Heng Xu, John W. Bagby & Terence Ryan Melonas, Incentivizing Innovation in Wireless Advertising Messaging (WAM): Balancing Privacy Enhancing Security with Regulation

Comment by: Andrew Serwin

PLSC 2009

Workshop draft abstract:

The ubiquity of computing and the miniaturization of mobile devices have generated unique opportunities for wireless marketing that could be customized to an individual’s preferences, geographical location, and time of day. Unsurprisingly, the commercial potential and growth of wireless marketing have been accompanied by concerns over the potential privacy intrusion that consumers experience, such as wireless spam messages or intrusive location referencing. This research analyzes privacy issues in the developing wireless advertising messaging (WAM) technologies. In this article, WAM is provisionally defined as advertising messages sent to wireless devices such as cellular telephones, personal data assistants (PDAs) and smart phones. This research extends the author team’s prior work by based on analysis of WAM systems  in the European, Asian and American markets. This article examines the privacy debate assessing the relative effectiveness of industry self-regulation versus government legislation in ensuring consumer privacy and as a WAM innovation incentive and the extent to which industry self-regulation and regulatory approaches to privacy risks.

The article opens with a review of the regulatory uncertainties about WAM by raising questions of regulatory authority from among various regulators operating under several statutory schemes. The FTC’s authority is uncertain when directed at WAM given variations in the emerging technologies deployed and the business practices that comprise WAM architectures. For example, the FTC now appears to prefer self-regulation of online behavioral marketing. Recently proposed FTC Guidelines encourage self-regulation while encouraging innovation and maintaining flexibility in the WAM architectures and business model development. Useful analogies emerge from the FTCs ongoing behavioral and “eHavioral” advertising program; at least partially driven by the Google takeover of DoubleClick and FTC enforcement experience in Milliman and Ingenix.

Fragmentation in regulation of service provider outsourcing is dependent on uncertain WAM architecture and this complicates matters. WAM architectures embody business models generally requiring some outsourcing in the information supply chain; from the collection of personally identifiable information (PII), through data archiving and data mining, real time location referencing, and frequently delivered through an Internet Service Provider (ISP) or other telecommunication network and ultimately through wireless carriers to the user’s wireless device. Regulation of responsible parties when marketing assistance is outsourced is not uniformly regulated under various contexts analogous to WAM including telemarketing, fax marketing, spam regulation of email. This article discusses the divergent standards for consumer protection and privacy when support services are outsourced identifying difficulties in framing public policies that protect reasonable expectations for privacy yet accommodate innovation in the emergent field of behavioral marketing delivered to mobile devices.

Fair information practice principles (FIPP), the global standards for the ethical use of personal information, are generally recognized as a U.S. development that diminish consumer privacy risk perceptions. Interdisciplinary literature argues that FIPP signals how PII is secured with procedural, interactional and distributive justiceVarious researchers provide evidence that self-regulation often fails with codes of conduct and self-policing by trade associations. Examples, from seals programs using trusted third-parties (e.g., Online Privacy Alliance, TRUSTe) are analyzed as alternatives to government regulation. The privacy literature from marketing, management information systems, and public policy is integrated to address the question of relative effectiveness. This debate over self-regulation vs. regulation also highlights two ideological camps: those insisting privacy is a fundamental human and those taking the  instrumentalist view of privacy as a commodity. This analysis of interdisciplinary privacy literature helps to demonstrate that the distinction between these two camps undergirds much of the dissonance between U.S. and European privacy laws as implemented in the “opt in” versus “opt out” information management schema.

Peter Winn, Katz and the Origins of the “Reasonable Expectation of Privacy” Test

Peter Winn, Katz and the Origins of the “Reasonable Expectation of Privacy” Test

Comment by: Orin Kerr

PLSC 2009

Published version available here:

Workshop draft abstract:

The “reasonable expectation of privacy” test, formulated in the 1967 case of Katz v. United States,  represents a great touchstone in the law of privacy.  Katz is important not only because the test is used to determine when a governmental intrusion constitutes a “search” under the Fourth Amendment; but because the test has also found its way into state common law, statutes and even the laws of other nations.

This article addresses the historical background of the framing of that decision, argues that the credit for the development of the famous test belongs to counsel for Charles Katz, Harvey (now Judge) Schneider, who presented the test for the first time in his oral argument, not in the briefs.  The majority opinion’s  failure to mention the test is explained by the fact that the law clerk responsible for drafting Justice Stewart’s majority opinion missed the oral argument.  The test, of course, was articulated in Justice Harlan’s short concurring opinion – establishing him as not only a great jurist, but someone who knew how to listen.  Finally, the article argues that the famous test was intended by Justice Harlan to represent more of an evolutionary modification of the previous trespass standard, not a revolutionary new approach to the law – in fact, exactly how subsequent courts understood and applied the standard.

Jane Winn, Privacy By Design

Jane Winn, Privacy By Design

Comment by: Jane Winn

PLSC 2009

Workshop draft abstract:

“Privacy enhancing technologies” have been discussed for years by privacy advocates as a possible strategy for enhancing compliance with information privacy laws, but to date, none have ever had any significant impact on the way information technology is actually used.  This paper will suggest that the focus on “privacy enhancing technologies” is misguided because it reifies the social relationships that result in the production and distribution of information processing technologies.  In 2008, the Article 29 Working Party introduced the concept of “privacy by design” in its analysis of search engine information privacy practices, but did not elaborate on the meaning of this concept.  This paper will suggest that if “privacy by design” is interpreted as referring to the use of “adaptive management systems” in the design and distribution of information technology, then it would represent significant progress toward a more effective regulatory regime for information privacy.  Adaptive management systems are a widely used form of social regulation designed to permit dynamic identification and management of a wide range of health and safety risks.  Such “light touch” forms of regulation of upstream production and distribution of information processing technologies are more likely to enhance compliance with information privacy laws than a narrow focus on the features of products available to end users in downstream markets.

Alan Westin, Historical Perspectives on Privacy: From the Hebrews and Greeks to the American Republic

Alan Westin, Historical Perspectives on Privacy: From the Hebrews and Greeks to the American Republic

Comment by: Alan Westin

PLSC 2009

Workshop draft abstract:

1. Can we define and conceptualize privacy across three thousand years of Western political history and, if so, what are the critical measures?

2. What are the constant elements in the privacy arena that are still critical to privacy dynamics today and what are the new elements of privacy values and struggles generated by advanced technology and the computer age?

Peter Swire, Peeping

Peter Swire, Peeping

Comment by: James Rule

PLSC 2009

Published version available here:

Workshop draft abstract:

There have been recent revelations of “peeping” into the personal files of celebrities. Contractors for the U.S. State Department looked at passport files, without authorization, for candidates Barack Obama and John McCain.  Employees at UCLA Medical Center and other hospitals have recently been caught looking at the medical files of movie stars, and one employee received money from the National Enquirer to access and then leak information.  In the wake of these revelations, California passed a statute specifically punishing this sort of unauthorized access to medical files.

This article examines the costs and benefits of laws designed to detect and punish unauthorized “peeping” into files of personally identifiable information. Part I looks at the history of “peeping Tom” and eavesdropping statutes, examining the common law baseline.  Part II examines the current situation.  As data privacy and security regimes become stricter, and often enforced by technological measures and increased audits, there will be an increasing range of systems that detect such unauthorized use.  Peeping is of particular concern where the information in the files is especially sensitive, such as for tax, national security, intelligence, and medical files.

The remedy for peeping is a particularly interesting topic.  Detection of peeping logically requires reporting of a privacy violation to someone.  The recipient of notice, for instance, could include: (1) a manager in the hospital or other organization, who could take administrative steps to punish the perpetrator; (2) a public authority, who would receive notice of the unauthorized use (“peeping”); and/or (3) the individual whose files have been the subject of peeping.  For the third category, peeping could be seen as a natural extension of current data breach laws, where individuals receive notice when their data is made available to third parties in an unauthorized way.  An anti-peeping regime would face issues very similar to the debates on data breach laws, such as what “trigger” should exist for the notice requirement, and what defenses or safe harbors should exist so that notice is not necessary.

Daniel Solove & Neil Richards, Rethinking Free Speech and Civil Liability

Daniel Solove & Neil Richards, Rethinking Free Speech and Civil Liability

Comment by: Raymond Ku

PLSC 2009

Published version available here:

Workshop draft abstract:

One of the most important and unresolved quandaries of First Amendment jurisprudence involves when civil liability for speech will trigger First Amendment protections.  When speech results in civil liability, two starkly opposing rules are potentially applicable.  Since New York Times v. Sullivan, the First Amendment requires heightened protection against tort liability for speech, such as defamation and invasion of privacy.  But in other contexts involving civil liability for speech, the First Amendment provides virtually no protection.  According to Cohen v. Cowles, there is no First Amendment scrutiny for speech restricted by promissory estoppel and contract.  The First Amendment rarely requires scrutiny when property rules limit speech.

Both of these rules are widely-accepted.  However, there is a major problem – in a large range of situations, the rules collide.   Tort, contract, and property law overlap significantly, so formalistic distinctions between areas of law will not adequately resolve when the First Amendment should apply to civil liability.  Surprisingly, few scholars and jurists have recognized or grappled with this problem.

The conflict between the two rules is vividly illustrated by the law of confidentiality.  People routinely assume express or implied duties not to disclose another’s personal information.  Does the First Amendment apply to these duties of confidentiality?  Should it?  More generally, in cases where speech results in civil liability, which rule should apply, and when?  The law currently fails to provide a coherent test and rationale for when the Sullivan or Cohen rule should govern. In this article, Professors Daniel J. Solove and Neil M. Richards contend that the existing doctrine and theories are inadequate to resolve this conflict.  They propose a new theory, one that focuses on the nature of the government power involved.

Christopher Soghoian, Caught in the Cloud: Privacy, Encryption, and Government Back Doors in the Web 2.0 Era

Christopher Soghoian, Caught in the Cloud: Privacy, Encryption, and Government Back Doors in the Web 2.0 Era

Comment by: Michelle Finneran Dennedy

PLSC 2009

Published version available here:

Workshop draft abstract:

For the last twenty years, users have largely maintained digital possession of their own writings. Consumers would use programs like Microsoft Word and Corel’s WordPerfect to draft letters, and programs like Microsoft Excel or Intuit’s Quicken to manage their own finances. Were the government to take an interest in a document produced by one of these PC owners, law enforcement would have to first obtain a search warrant, and then later visit the person’s home in order to seize their computer. Cloud computing has changed everything. Companies like Google, Microsoft and Adobe provide free access to fully functioning word processing, spreadsheet, presentation and image manipulation software, all through a web browser. End-users can collaborate with others, access their own files from any computer around the world, and not have to worry about the problems of data loss or backups — as the files are automatically backed up, and stored “in the cloud.” While this shift to cloud computing (and in particular, “software as a service”) has brought significant benefits to consumers, it has also come with a hidden cost — their privacy, and the evisceration of traditional Fourth Amendment protections. Because users no longer hold the only copy of their files, law enforcement agents are no longer required to seek a warrant in order to obtain those personal documents. Now, thanks to the third party doctrine, law enforcement can use turn to a subpoena to force Microsoft, Google and the other service providers to turn over user’s private files.

This raises a number of significant privacy issues, such as the far lower evidentiary threshold required for a subpoena, the fact that the service providers often have little to no incentive to fight the request as well as the lack of notification provided to the end user.

Furthermore, this shift provides both law enforcement and intelligence agencies with significant economies of scale in surveillance — that is, instead of obtaining and serving individual warrants on hundreds (or thousands) of users, they can now go to a handful of service providers to obtain that same private information.

This article will examine these an other privacy issues related to cloud computing. First, it will trace the legal history of the third party doctrine, and explore its impact upon cloud based services. It will also explore key cases in which law enforcement agencies were able to force technology companies to modify their products in order to better surveill end-users.

Moving on, it will explore the development and widespread adoption of key cloud computing services. It will highlight some likely future trends which may impact users’ expectation of privacy, including the placement of cloud-based product icons on the desktops of new computers and the development of single-site browsers which may make it difficult for naive users to be aware that they are using an Internet-based product. The article will then trace out a series of “what ifs” to explore potential future pro-privacy developments in cloud computing, such as the local encryption of user’s documents before storing them online, and highlight how even these efforts could be frustrated by law enforcement. Finally, it will conclude with a set of policy and technology recommendations that could help to tip the privacy scales back towards the end-user.

Thomas Smedinghoff, Federated Identity Management – Balancing Privacy Rights, Liability Risks, and the Duty to Authenticate

Thomas Smedinghoff, Federated Identity Management – Balancing Privacy Rights, Liability Risks, and the Duty to Authenticate

Comment by: Gerry Stegmaier

PLSC 2009

Published version available here:

Workshop draft abstract:

Because identity management typically (but not always) requires the disclosure, verification, storage, and communication of personal information, the paper will focus on the impact of the legal issues surrounding identity management systems on the privacy of the individuals involved.  In particular, it will:

* Explain the basic principles that underlie the concept of commercial identity management (including in particular, the developing notion of federated identity management);

* Identify the numerous legal issues raised by the use of identity management (particularly federated systems);

* Focus on the privacy implications of the collection, verification, storage, communication, and disclosure of personal information in the context of identity management systems;

* Examine the role of identity management in addressing the legal and risk-based obligations to authenticate remote parties to on-line transactions; and

* Evaluate the legal requirements applicable to all identity management systems, and how the operation of those systems raise and might address issues of concern relating to the privacy and security of personal information.