March 25, 2003 3:04 PM PST
Scanning the future of privacy
The 177-page report released Tuesday afternoon by the National Research Council suggests specific guidelines for authentication technologies, such as passwords, identification cards and key cards, and the use of biometrics to verify physical characteristics like the shape of a retina or fingerprint.
"The ability to remain anonymous and have a choice about when and to whom one's identity is disclosed is an essential aspect of a democracy," said Stephen Kent, chair of the committee that wrote the report and chief scientist for information security at BBN Technologies in Cambridge, Mass., which is owned by Verizon Communications.
This report represents the most detailed analysis to date of the tension between authentication--which requires the disclosure of information to confirm a person's identity or access--and the perils such systems may pose to the privacy and anonymity of people who use them. Microsoft's Passport and Sun Microsystems' Liberty authentication systems received only a passing mention in the report, which concluded that their privacy implications "ultimately depend on choices made at the design, implementation and use stages."
"The development, implementation and broad deployment of authentication systems require us to think carefully about the role of identity and privacy in a free, open and democratic society," the report said. "Privacy, including control over the disclosure of one's identity and the ability to remain anonymous, is an essential ingredient of a functioning democracy. It is a precondition for the exercise of constitutionally protected freedoms, such as the freedom of association."
For instance, the report said, the General Services Administration's Access Certificates for Electronic Services program could raise privacy risks if used as a standard way to identify Americans who interact with the federal government. "It might be relatively easy to determine if, say, the individual who had a reservation to visit Yosemite National Park was the same person who had sought treatment in a Department of Veterans Affairs hospital for a sexually transmitted disease."
The report, like other reports produced by organizations that are part of the prestigious National Academies, is more descriptive than prescriptive; it does not call for new laws or recommend specific technologies. But in a political climate that is newly sensitive to concerns about terrorism, it is likely to have an impact on the ongoing debate over standardizing driver's licenses or creating a national ID card.
Marc Rotenberg, director of the Electronic Privacy Information Center in Washington, called the report a "good start on a complex topic."
"But in other respects the report seems to miss both important developments in this field and the big policy issues," Rotenberg said. Authenticated credentials untethered to actual identity can enable better security without placing new demands on privacy and should have been a larger part of the report, he said.
The report advises caution when adopting biometric security systems: "These technologies can pose serious privacy and security concerns if employed in systems that make use of servers to compare biometric samples against stored templates (as is the case in many large-scale systems). Their use in very local contexts (for example, to control access to a laptop or smart card) generally poses fewer security and privacy concerns."
The research was sponsored by the National Science Foundation, Office of Naval Research, General Services Administration, Federal Chief Information Officers' Council and the Social Security Administration. The group of people who drafted the report and represent organizations, including AT&T Research, SRI International, Microsoft and the University of California at Berkeley, is called the Committee on Authentication Technologies and Their Privacy Implications.