In a recent presentation to the Summer 2007 Privacy Symposium, Jim Harper lays out a series of concerns about a national identification system. I’m just going to run through them quickly – watch the video that I link to at the end of the post to view his presentation yourself.
Authentication versus Identification
Authentication is where you are challenged to provide a set of items/data in order to gain access to something. An example would be the requirement to have both a banking card and a PIN to access your bank account – this authenticates your access to the resource, but it isn’t a wholesale validation that it is actually Christopher Parsons who is accessing my bank account. Instead, what this does it is gives enough information to the bank that it is comfortable providing access to my bank account, without actually knowing for sure that it is me accessing the account.
Identification draws on unique characteristics that make up who you are, and validates that person attempting to gain access to X or do Y against the recorded characteristics that identify that person. This involves validating a person against facets of their constitutive being, with a popular identifier coming from biometric information. This passes beyond authentication systems because the person is certifiably identified. Whereas I can give you my bank card and PIN, I would have a far harder (and more painful) time giving you my right eye and left thumb.
If you visit this blog, or any facet of my website, I can identify the IP addresses that have been here. From there I can backtrack and identify the geographic location(s) that my visitors are from and, if I really desire, can spend the time to trace individual computers. This means that I can identify a visitor to the terminal that they access the computer from; I can bridge the ‘divide’ between digital environments and the analogue environment that we eat and breathe in.
Dynamic Identity and Static Info-Requirements
There is a common myth that you can be anyone that you want on the ‘net, that identity is effectively infinite, that identity is mutable insofar as people can assume a multitude of identities that deviate from their analogue identity. Some argue that this degree of mutability persists online, and often identify Massively Multiplayer Online (MMOs) environments such as Second Life (SL), Guildwars (GW), and World of Warcraft (WoW) as prime examples of this mutability, but such assertions are misleading at best. Players in these digital environments assume command of avatars that are created during the character generation phase of the MMO experience. During this phase you can choose your avatar’s gender, race, and basic ‘geographical’ starting locations.
Wiki means ‘quick’ in Hawaiian and is commonly used to refer to relational databases that allow for collaborative content creation and revision. These databases have some similarities to blog structures, insofar as they allow a group of people to comment on content, but are distinct from blogs insofar as they upset blogging’s authorial structure by letting readers make modifications to articles’ content. Whereas in blogs, readers can comment on content, in a wiki the readers can modify and come to ‘own’ the content. Wikis have been called the simplest kind of database, and this is (in part) due to ease of inserting and modifying content. All wiki’s use the following process for content generation: Edit >> Write >> Save. That’s it!
In situations where students are increasingly learning online, wikis can provide a space for them to work with one another to address/confront common problems and challenges. This can mean that a group of students use a wiki to write an essay so that they can all contribute to the project (and track each others’ modifications) without needing to find a time and space to sit down and talk with one another at length, to creating a set of class notes that reflect what occurs in lectures, to establishing a coherent content management system that lets students track how the courses they take throughout their academic degree interrelate with one another. In transitioning from analogue technologies and environments to digital wikis, students can (at least partially) overcome the challenges of space, scheduling, particular content retention, and tedious subject cross-references.
People use Google and Yahoo! throughout their daily lives – they need to know how to get from point a to b, need to find ecommerce sites, need to search friends’ blogs, need to learn how to cook fish, and have (generally) grown used to having the equivalent of electronic encyclopedias at their fingertips at all times. I’m not going to bother addressing concerns that this might be detrimentally affecting how people learn to retain information (i.e. as information is increasingly retained as search strings rather than as info-articles) but want to instead briefly consider how search intersects with privacy.
We hear about the need to protect our private information all of the time. ‘Shred your bank statements’, ‘be wary of online commerce sites’, ‘never share personal information on the ‘net’, and other proclamations of wisdom are uttered in print and video on a regular basis which are, in most cases, completely ignored. Proponents of the commercialization of privacy use this as definitive proof that citizens really don’t care about their privacy like they did in days gone past – people are willing to give up their names, addresses, phone numbers, and other personal information to receive services that they want. In light of this regulators should just butt out – the market has spoken!
The Canadian SIGINT Summaries includes downloadable copies, along with summary, publication, and original source information, of leaked CSE documents.
Parsons, Christopher; and Molnar, Adam. (2021). “Horizontal Accountability and Signals Intelligence: Lesson Drawing from Annual Electronic Surveillance Reports,” David Murakami Wood and David Lyon (Eds.), Big Data Surveillance and Security Intelligence: The Canadian Case.
Parsons, Christopher. (2015). “Stuck on the Agenda: Drawing lessons from the stagnation of ‘lawful access’ legislation in Canada,” Michael Geist (ed.), Law, Privacy and Surveillance in Canada in the Post-Snowden Era (Ottawa University Press).
Parsons, Christopher. (2015). “The Governance of Telecommunications Surveillance: How Opaque and Unaccountable Practices and Policies Threaten Canadians,” Telecom Transparency Project.
Parsons, Christopher. (2015). “Beyond the ATIP: New methods for interrogating state surveillance,” in Jamie Brownlee and Kevin Walby (Eds.), Access to Information and Social Justice (Arbeiter Ring Publishing).
Bennett, Colin; Parsons, Christopher; Molnar, Adam. (2014). “Forgetting and the right to be forgotten” in Serge Gutwirth et al. (Eds.), Reloading Data Protection: Multidisciplinary Insights and Contemporary Challenges.
Bennett, Colin, and Parsons, Christopher. (2013). “Privacy and Surveillance: The Multi-Disciplinary Literature on the Capture, Use, and Disclosure of Personal information in Cyberspace” in W. Dutton (Ed.), Oxford Handbook of Internet Studies.
McPhail, Brenda; Parsons, Christopher; Ferenbok, Joseph; Smith, Karen; and Clement, Andrew. (2013). “Identifying Canadians at the Border: ePassports and the 9/11 legacy,” in Canadian Journal of Law and Society 27(3).
Parsons, Christopher; Savirimuthu, Joseph; Wipond, Rob; McArthur, Kevin. (2012). “ANPR: Code and Rhetorics of Compliance,” in European Journal of Law and Technology 3(3).