Legal Layer of the Stack

Attendees: Session Objectives:
 * Scott David (Convener)
 * J. Trent Adams (Scribe)
 * Judith Bush
 * Rick Smith
 * Julie Martin
 * Mawaki Chango
 * Mason Lee
 * Steve Greenberg
 * Overview of concepts relating to legal/technology interfaces of identity
 * Identify potential useful work to "Map the Gap" between technology and law/regulation
 * Feed session results into a "Map the Gap" event planned for technologists and lawyers in Washington DC scheduled for February, 2010

General Discussion:
 * Linked information systems are "porous"
 * it is possible for data to be shared beyond the intended acquisition
 * Rapid technical innovation accelerating rate of information exchange
 * Law and culture lag behind technology advancement
 * Lawyers aren't in the business of predicting the future
 * Question of how to manage for "social" stability
 * Technology supports what are essentially "social" interactions / transactions
 * Business systems (driven by technology) require people to function
 * Interactions between people are codified by agreements (convention and contractual)
 * Interfaces between people are codified by legal agreements
 * "Lawyers are in the people-programming business" - Scott David
 * Part of effectively "mapping the gap" involves both technologists and lawyers
 * People need to understand both the technologies and laws
 * corollary: people need to understand technologists and lawyers
 * corollary: technologists and lawyers need to understand people (their needs & wants)
 * corollary: technologists and lawyers need to understand each other

Identified Needs:
 * Common nomenclature and/or translation scheme
 * Agreements for technology interoperability
 * Agreements for data-sharing interoperability
 * Guidelines for:
 * Effective interaction (technical and operational)
 * Violation monitoring / handling
 * Mitigation responses
 * Dispute resolution
 * Identifying cross-jurisdictional issues
 * Research & Evaluate Existing International Work:
 * Policies and regulations (legal)
 * Recommended guidelines (consortia)
 * Best practices (technology)

Next Steps:
 * Identify pain points
 * Potential solutions for the pain:
 * Taxonomy / common terminology across legal/technology gap
 * Scenario planning to understand long-range needs
 * Simple "test case" solution as starting point
 * E.g. Legal boiler plate defining the Attribution - Authentication - Authorization process in line with OMB 04-04 and NIST SB 800-63