Release Candidate 1.07
September 21 2014

The Windhover Principles for Digital Identity, Trust, and Data

1. Self-Sovereignty of Digital Identity and Personal Data:

Individuals and groups should have control of their digital personal identities and personal data.

Today we communicate, share and transact digitally over the Internet. Individuals who make use of the Internet for these purposes should have control over their digital identities, ensuring individual autonomy, trust in their communications and counter parties, as well as in the integrity of the data they share and transact with.

Individuals, not social networks, governments, or corporations, should control their identity credentials and personal data. Control of one’s identity and personal data means that a person should have unfettered access to their personal data, the ability to verify attributes of their personal identity profile, and the ability to prevent unauthorized public and private access.

We support the collaborative open source development of systems that embody these principles and recognize the need to address the requirements of legacy regulatory mechanisms, including by evolving innovative digital technologies to improve privacy, governance, and enforcement.

2. Proportionate Enforcement and Risk-Based Regulation

Enhancing / improving personal privacy while promoting effective governance and accommodating legitimate auditing and enforcement needs.

We encourage innovation in identity, trust, security, and data technologies and policies, to provide effective methods to address governance and enforcement concerns. Governance includes the concepts of transparency and accountability necessary to protect digital transactions from abuse. We believe these technologies can address public policy interests by enabling appropriate access and verification of identity data. Entities and individuals, acting on the basis of verifiable approvals, including due process and appropriate warrants, should be able to access such data through specific and auditable means. New and evolving digital technologies make it possible to protect an individual’s privacy while providing authorized government access to customer identification, due diligence, and transaction monitoring information for legally authorized needs.

3. Ensuring Innovation in Trust and Privacy:

An effective, autonomous identity system reiteratively furthers trust, security, governance, accountability and privacy.

Protecting privacy and fostering trust and governance are foundational Windhover Principles that support a fully functional identity system designed to collect and analyze data in a network in which identities are continuously and independently authenticated. These core principles are intended to foster development of more trustworthy, effective, and resilient products and services to minimize the risks and costs of fraud, money laundering, terrorist financing, and other criminal activity.

4. Open Source Collaboration and Continuous Innovation:

An inclusive, open source methodology to build systems that embody these Principles.

Supporters of the Windhover Principles agree to cooperate to build systems that deliver these requirements and to participate in Living Labs to develop strong and innovative technical product solutions that interoperate to meet these challenges.