We had an opportunity this week to address the increasingly thorny issues associated with authenticating identity at the Federal Trade Commission (FTC) Workshop "Proof Positive: New Directions for ID Authentication." With the debate over how and whether to implement the REAL ID Act looming, the broader issues of what constitutes identity and what we should do to protect it have come to the forefront. Although we remain deeply troubled by the REAL ID Act and its implementation, we were grateful to the FTC for creating this forum to address an issue that isn't going away. CDT Deputy Director Ari Schwartz took part in a panel on establishing identity through government ID programs and took the opportunity to officially unveil our draft Privacy Principals for Identity in the Digital Age , which aim to address the issue in a way that takes into account privacy, security and the broader issues associated with identity. The two-day workshop provided a useful overview of the issues and featured thought provoking questions about what types of identity authentication we're willing to accept and what we already take for granted. Amidst a lively discussion during the final panel about all the different privacy issues that consumers are facing, the FTC's Naomi Lefkovitz suggested that some of the issues might be resolved with comprehensive, uniform consumer privacy legislation (see the webcast of panel 7 here ). We couldn't agree more. The FTC and DOJ made news  by unveiling a strategic plan to combat ID theft. Although the plan contains some important provisions, we were concerned that it addressed only the symptoms of a dilapidated national privacy framework and not the root causes.