Secure User Identification Without Privacy Erosion
The University of Ottawa Law and Technology Journal has published my paper “Secure User Identification Without Privacy Erosion”; see volume 3, issue 1, pages 205–223. Here is the abstract:
Individuals are increasingly confronted with requests to identify themselves when accessing services provided by government organizations, companies, and other service providers. At the same time, traditional transaction mechanisms are increasingly being replaced by electronic mechanisms that underneath their hood automatically capture and record globally unique identifiers. Taken together, these interrelated trends are currently eroding the privacy and security of individuals in a manner unimaginable just a few decades ago. Privacy activists are facing an increasingly hopeless battle against new privacy-invasive identification initiatives: the cost of computerized identification systems is rapidly going down, their accuracy and efficiency is improving all the time, much of the required data communication infrastructure is now in place, forgery of non-electronic user credentials is getting easier all the time, and data sharing imperatives have gone up dramatically.
This paper argues that the privacy vs. identification debate should be moved into less polarized territory. Contrary to popular misbelief, identification and privacy are not opposite interests that need to be balanced: the same technological advances that threaten to annihilate privacy can be exploited to save privacy in an electronic age. The aim of this paper is to clarify that premise on the basis of a careful analysis of the concept of user identification itself. Following an examination of user identifiers and its purposes, I classify identification technologies in a manner that enables their privacy and security implications to be clearly articulated and contrasted. I also include an overview of a modern privacy-preserving approach to user identification.
A nice readable paper with a solution to a real problem, thanks.
It seems to offer a greater level of privacy than, for example, the New Zealand Government Logon Service which is targeted at the same risks of exposure.
Apart from Government, there are other arenas where there are compromises to user privacy. In the Health Sector, collating health records into a common picture may be seen as an administrative convenience, a medical necessity and for the ‘common good’. However, labelling everyone with a common identity (in NZ the NHI ) has the same potential for privacy loss and the consequential bad things happening as it does within the wider government arena.
There are of course laws covering who has access to what information in the government and health sectors but that does not prevent accidental exposure or covert action.
There are legitimate reasons for the statistical correlation of data about people (especially in the health sector) allowing this without a common identifier is probably worth a bit of study. Otherwise, the potential need for statistics will be an overpowering argument for a single digital identity. http://davethinkingaloud.blogspot.com/2007/05/secure-user-identification-stefan.html