The Identity Ecosystem Steering Group, a public-private partnership funded by the National Institute of Standards and Technology to help develop policies and standards for trusted online identities, put a new code of conduct into effect this week after more than a year of unprofessional behavior among a small group of volunteers began to drive dozens of members away from the effort.
IDESG was established in 2012 by a two-year grant from NIST. Its mission is to develop policies, standards and accreditation processes for an Identity Ecosystem Framework, as called for by the National Strategy for Trusted Identities in Cyberspace, signed in 2011 by President Barack Obama.
But in a flurry of recent emails reviewed by FedScoop, Jeremy Grant, the director of the National Strategy for Trusted Identities in Cyberspace program office at NIST, outlines increasing concerns about “repeated personal attacks” and “abusive character attacks” by some IDESG members against other volunteers.
“The conduct of people in IDESG has been a big issue for well over a year now,” Grant wrote in a Dec. 15 email addressed to Kaliya Hamlin, a San Francisco-based technologist and member of IDESG since 2012. “And it’s been a cancer on the organization. I’ve had dozens of emails and phone calls from people letting me know that they were pulling back from participating in IDESG because they could no longer justify spending their hours in an organization that tolerated such unprofessional behavior,” wrote Grant.
Hamlin and other IDESG members had expressed concern about their perceived inability to object to management decisions. On Dec. 3, Hamlin wrote to IDESG committee chairs complaining of “huge pressure to just go along” with management decisions.
Likewise, Mary Hodder, chair of the User Experience Committee, wrote to Grant on Dec. 15 expressing significant concerns about the openness of the IDESG Board of Directors and the process used to develop and approve the provisions of the code of conduct. The code specifically forbids IDESG members from commenting on the “personalities and/or motives of other participants” or making comments that “bring the organization itself into disrepute.”
One particular incident seems to have served as a tipping point for IDESG leaders, driving home the need for a code of conduct. In a Sept. 17 tweet, Hamlin, who tweets under the handle @IdentityWoman, referenced the “Banality of Evil” and stated that she worries about the unintended consequences of the identity technologies under development and their potential use against civilians, as well as the quick passage of large documents that nobody has time to read before they are put up for a vote and approved.
While that may have been enough to publicly question the motivations of the many industry and government professionals involved in IDESG, Hamlin’s tweet linked to a Wikipedia page for the HBO movie Conspiracy, which dramatizes the 1942 Wannsee Conference during which high-ranking member’s of Hitler’s inner circle sketch out plans for the Final Solution.
Hamlin’s tweet stirred an immediate response from fellow IDESG members who accused her of calling them Nazis and demanded a public apology. She’s since denied any intent to liken IDESG members to Nazis, but the incident led to a five-week investigation by the ombudsman.
In a Dec. 15 email to Grant, Hodder called the Hamlin tweet “problematic” but added there may be a “danger of ‘totalitarian’ bureaucracy” within the IDESG document approval process. “It’s almost as if the [management council] is afraid of debate over these documents, and out of fear about discussion with differing views rushes critical documents through with as little discussion as possible,” Hodder wrote.
A senior NIST official, who spoke to FedScoop on background because they were not authorized to comment publicly, said all organizations like IDESG, which lets anybody participate, present management challenges. In the case of IDESG, “there is a small handful of bad apples throwing bombs,” the official said. “In many cases these are people who don’t want to see any progress. But the IDESG’s diversity is actually it’s greatest strength.”
Still, the official acknowledged the loss of “really good people” who could no longer justify their participation to their parent organizations due to the constant infighting and character assaults. The code of conduct, passed by IDESG Nov. 11 and placed into effect Dec. 15 is simply part of the organization’s “growing pains,” the official said. “NIST is pushing the group to govern itself. Right now it’s still a credible organization. Right now, it’s moving forward in an encouraging fashion.”
IDESG held a virtual plenary session Tuesday. Out of more than 100 attendees, “only three or four raised concerns about the code of conduct,” the official said.