Understanding anonymity and the need for biometrics

Mark A. Shiffri... — Wed, 19 Mar 2008 08:59:23 -0700

Every time we leave our homes, we enter a world dominated by strangers and anonymity. Although facial or voice recognition may help us authenticate a few of those we encounter, what about the many people we don't know? In particular, how do we authenticate ourselves to each other when we need to know who we are dealing with?

Confusing privacy with anonymity has delayed implementation of robust, virtually tamper-proof biometric authentication to replace paper-based forms of ID that neither assure privacy nor reliably prove identity. The debate over Real ID and sensitivity to creation of any form of national ID reveal a fear that anything that identifies us to others will intrude on privacy. This has led to a preoccupation with forms of ID rather than the fundamental question of how we can reliably identify ourselves to each other. This is a crucial issue: We live in a society where we are often unknown to the people we encounter, including people who need to know exactly who they are dealing with.

While anonymity implies privacy, it does not confer it. We delude ourselves into thinking we have privacy if the person next to us doesn't know our name. If we use cash and avoid technological conveniences such as credit cards and windshield-mounted RFID devices to pay highway tolls, we may think we are going about life anonymously. We are allowing ourselves to believe that our public acts, how we communicate to others by word or deed in public space, are now somehow private.

In the tight-knit communities in which people used to live, people presumed that neighbors always knew whenever someone ventured outside of his or her front door, because everyone knew each other and could see public conduct. In the global virtual neighborhood, we now live among strangers. We may have anonymity as we encounter people who are not familiar with us, but it is only an illusion that public acts are now private.

Outside our homes, we have always lived in a public space where our open acts are no longer private. Anonymity has not changed that, but has provided an illusion of privacy and security. A credit card, rather than a shopkeeper, might record our purchases. Or, the RFID chip in our EZ pass might recognize that we cross a bridge at a given moment, instead of a toll taker. But these are records of public acts in which we openly engage in a public space with no reasonable expectation of confidentiality.

In public space, we engage in open acts where we have no expectation of privacy, as well as private acts that cannot take place within our homes and therefore require authenticating identity to carve a sphere of privacy. Such private acts might involve receiving medical treatment or conducting financial transactions. Individuals have a strong interest in maintaining control of treatment records that we rightly consider confidential, and knowing that finances cannot be misappropriated or snooped without consent.

The false privacy of anonymity allows others to steal what remains private to us in public space. Personal identity is unique and should remain in our control. Our lives outside our homes include not only open acts, but also those private transactions that have to take place in space we cannot control.

The lack of reliable authentication becomes a threat to control of our own identity and confidential information, because it enables others to take advantage of living among strangers to assume a false identity undetected. Strangers can falsely assume our identities when they steal identifying information like social security or credit card numbers. They can also threaten our personal, economic and national security when they garb themselves in legitimacy by forging ID or misusing someone else's ID with or without that person's collusion.

Biometric authentication has a role in maintaining and defending our control of our own identity and personal data. This emerging technology makes it virtually impossible to assume someone else's unique identity. It is a way of providing the same kind of security in the virtual neighborhood that we once had in rooted neighborhoods, where the uniqueness of individual identity was assured by neighbors authenticating each other through facial recognition.

We have to expect that people will see us when we are in public and that our open public acts will be just that. But we have to worry that, in an anonymous world without authenticated identity, privacy will be violated when others can assume our identifying characteristics and take control of transactions and interactions outside the home that are indeed personal and unique to us. This is a threat to the sphere of privacy we take with us outside our homes, including not only our interest in maintaining control of our names and reputations, but also of transactions and records that are highly confidential to us. Authenticated identity can address this threat, as well as the threat posed to society by strangers exploiting the vulnerability of anonymity to assume false identity.

Mark A. Shiffrin, a lawyer, is a former Connecticut state consumer protection commissioner.

Avi Silberschatz is Sidney J. Weinberg Professor and Chair of Computer Science at Yale.

Related news, commentary, and predictions:

Mark A. Shiffrin and Avi Silberschatz: Making Wikipedia available anytime, anywhere
Fred Wilson: Facebook and The Privacy Backlash
News: Facebook beefs up privacy options, readies online chat
News: Privacy advocate, ACLU hit new Virginia privacy law

Note: Anonymous comments on The Industry Standard are disabled. To leave a comment and participate in the Standard's prediction market, please register first.

Understanding anonymity and the need for biometrics

Mark A. Shiffri... — Wed, 19 Mar 2008 08:59:23 -0700

Mark A. Shiffrin, a lawyer, is a former Connecticut state consumer protection commissioner.

Avi Silberschatz is Sidney J. Weinberg Professor and Chair of Computer Science at Yale.

Related news, commentary, and predictions:

Mark A. Shiffrin and Avi Silberschatz: Making Wikipedia available anytime, anywhere
Fred Wilson: Facebook and The Privacy Backlash
News: Facebook beefs up privacy options, readies online chat
News: Privacy advocate, ACLU hit new Virginia privacy law

Note: Anonymous comments on The Industry Standard are disabled. To leave a comment and participate in the Standard's prediction market, please register first.

Understanding anonymity and the need for biometrics

Mark A. Shiffri... — Wed, 19 Mar 2008 08:59:23 -0700

Mark A. Shiffrin, a lawyer, is a former Connecticut state consumer protection commissioner.

Avi Silberschatz is Sidney J. Weinberg Professor and Chair of Computer Science at Yale.

Related news, commentary, and predictions:

Mark A. Shiffrin and Avi Silberschatz: Making Wikipedia available anytime, anywhere
Fred Wilson: Facebook and The Privacy Backlash
News: Facebook beefs up privacy options, readies online chat
News: Privacy advocate, ACLU hit new Virginia privacy law

Note: Anonymous comments on The Industry Standard are disabled. To leave a comment and participate in the Standard's prediction market, please register first.