In a recent presentation to the Summer 2007 Privacy Symposium, Jim Harper lays out a series of concerns about a national identification system. I’m just going to run through them quickly – watch the video that I link to at the end of the post to view his presentation yourself.

Authentication versus Identification

  • Authentication is where you are challenged to provide a set of items/data in order to gain access to something. An example would be the requirement to have both a banking card and a PIN to access your bank account – this authenticates your access to the resource, but it isn’t a wholesale validation that it is actually Christopher Parsons who is accessing my bank account. Instead, what this does it is gives enough information to the bank that it is comfortable providing access to my bank account, without actually knowing for sure that it is me accessing the account.
  • Identification draws on unique characteristics that make up who you are, and validates that person attempting to gain access to X or do Y against the recorded characteristics that identify that person. This involves validating a person against facets of their constitutive being, with a popular identifier coming from biometric information. This passes beyond authentication systems because the person is certifiably identified. Whereas I can give you my bank card and PIN, I would have a far harder (and more painful) time giving you my right eye and left thumb.

What is Identity for?

  • While it is helpful for both communication and business, it is perhaps even more valuable for when we need to associate responsibility for particular actions, something that is especially important if something goes wrong. Case-in-point; when a politician fails to perform their tasks in a fashion meeting community standards, it is because of our ability to identify that politician that we can find a way to sanction them. Without an identification-based system it would be incredibly challenging to hold individuals responsible for actions that they have taken and, simultaneously, we would be less likely to effectively reward those who performed exemplary services.
  • Identity can be valuable because it is multifaceted – we project and have projected upon us different identities depending on the particular relationships that we are in. This is valuable since I don’t necessarily want the identity that I share with my parents to be the same as the one that I share with my friends or my bank. In essence, identity is multifaceted/multivariate, whereas my personality (ought) to remain uniform.

Identity Compression

  • When we compress identity to a single point of contact, by instituting something like a unified state or national identification system, we create a single point of vulnerability and/or failure that lends itself towards identity theft. Effectively, by consolidating information to a single space, we make it a more valuable target and eventually someone will gain illegitimate access to the system.
  • Drawing all information into just a few databases increases the risks of dataveillance dramatically. It allows for a substantial degree of usage-creep, where the intended uses of the ID systems gradually extend beyond its initially defined confines. Harper notes that this kind of data-creep has, historically, led to genocidal activities.

Forcing Analogue to Digital

  • The attempt to move everything to a unified system is entirely at odds with how we live our lives. We have multiple sets of keys so that we can let someone drive our car but not gain access to our house. Effectively, our ‘traditional’ systems take into account the fact that we don’t really want to be in an environment where we have a single point of failure or hold a lone identity. Moreover, our analogue history has shown us, time and time again, that we like to let different people access different parts of our lives depending on the relationship that we have with those particular others. The attempt to force changes in digital environments that are out of sync with our historical attitudes should be, if nothing else, a warning that we’re trying to change something with considerable historical and social precedent.

The Inefficiencies of Databases

  • I won’t spend much time on this here, because I talk about it reasonably frequently, but as soon as your actions are validated against a single database you become incredibly vulnerable to inaccuracies in that database. In the case of the US SSN Administration Database, Harper notes that there is a 4-5% error rate in that database. Imagine what will happen if, after compressing identity to a mere handful of databases, there is an error!
  • While Harper doesn’t not this, we should remain mindful of the regenerative characteristic of many databases, where changes in slave databases are only temporarily effective.

Link to Video: http://www.icvclients.com/ehcca/privacy_2007/2_245/