CardSpace (formerly known as InfoCard) is a digital identity management system that has recently been adopted by Microsoft. In this paper we identify two security shortcomings in CardSpace that could lead to a serious privacy violation. The first is its reliance on user judgements of the trustworthiness of service providers, and the second is its reliance on a single layer of authentication. We also propose a modification designed to address both flaws. The proposed approach is compatible with the currently deployed CardSpace identity metasystem and should enhance the privacy of the system whilst involving only minor changes to the current CardSpace framework. We also provide a security and performance analysis of the proposal.