Below is the uncorrected machine-read text of this chapter, intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text of each book. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.
IDsâNot That Easy Questions About Nationwide Identity Systems Stephen T. Kent and Lynette I. Millett, Editors Committee on Authentication Technologies and Their Privacy Implications Computer Science and Telecommunications Board Division on Engineering and Physical Sciences National Research Council NATIONAL ACADEMY PRESS Washington, D.C.
NATIONAL ACADEMY PRESS ⢠2101 Constitution Avenue, N.W. ⢠Washington DC 20418 NOTICE: The project from which this report was generated was approved by the Governing Board of the National Research Council, whose members are drawn from the councils of the National Academy of Sciences, the National Academy of Engineering, and the Institute of Medicine. The members of the committee re- sponsible for the report were chosen for their special competences and with re- gard for appropriate balance. Support for this project was provided by the National Science Foundation, the Office of Naval Research, the General Services Administration, the Federal Chief Information Officersâ Council, and the Social Security Administration. Support for this special report was provided by the Vadasz Family Foundation, a contribu- tor to the Computer Science and Telecommunications Boardâs program on infor- mation technology and society. Any opinions, findings, conclusions, or recom- mendations expressed in this material are those of the authors and do not necessarily reflect the views of the sponsors. International Standard Book Number 0-309-08430-X Additional copies of this report are available from: National Academy Press 2101 Constitution Avenue, N.W. Box 285 Washington, DC 20055 800/624-6242 202/334-3313 (in the Washington metropolitan area) The report is also available online at <http://www.nap.edu> and <http:// www.cstb.org/> Copyright 2002 by the National Academy of Sciences. All rights reserved. Printed in the United States of America
National Academy of Sciences National Academy of Engineering Institute of Medicine National Research Council The National Academy of Sciences is a private, nonprofit, self-perpetuating soci- ety of distinguished scholars engaged in scientific and engineering research, dedi- cated to the furtherance of science and technology and to their use for the general welfare. Upon the authority of the charter granted to it by the Congress in 1863, the Academy has a mandate that requires it to advise the federal government on scientific and technical matters. Dr. Bruce M. Alberts is president of the National Academy of Sciences. The National Academy of Engineering was established in 1964, under the charter of the National Academy of Sciences, as a parallel organization of outstanding engineers. It is autonomous in its administration and in the selection of its mem- bers, sharing with the National Academy of Sciences the responsibility for advis- ing the federal government. The National Academy of Engineering also sponsors engineering programs aimed at meeting national needs, encourages education and research, and recognizes the superior achievements of engineers. Dr. Wm. A. Wulf is president of the National Academy of Engineering. The Institute of Medicine was established in 1970 by the National Academy of Sciences to secure the services of eminent members of appropriate professions in the examination of policy matters pertaining to the health of the public. The Institute acts under the responsibility given to the National Academy of Sciences by its congressional charter to be an adviser to the federal government and, upon its own initiative, to identify issues of medical care, research, and education. Dr. Kenneth I. Shine is president of the Institute of Medicine. The National Research Council was organized by the National Academy of Sci- ences in 1916 to associate the broad community of science and technology with the Academyâs purposes of furthering knowledge and advising the federal gov- ernment. Functioning in accordance with general policies determined by the Acad- emy, the Council has become the principal operating agency of both the National Academy of Sciences and the National Academy of Engineering in providing services to the government, the public, and the scientific and engineering commu- nities. The Council is administered jointly by both Academies and the Institute of Medicine. Dr. Bruce M. Alberts and Dr. Wm. A. Wulf are chairman and vice chairman, respectively, of the National Research Council.
COMMITTEE ON AUTHENTICATION TECHNOLOGIES AND THEIR PRIVACY IMPLICATIONS STEPHEN T. KENT, BBN Technologies, Chair MICHAEL ANGELO, Compaq Computer Corporation STEVEN BELLOVIN, AT&T Labs Research BOB BLAKLEY, IBM Tivoli Software DREW DEAN, SRI International BARBARA FOX, Microsoft Corporation STEPHEN H. HOLDEN, University of Maryland at Baltimore County DEIRDRE MULLIGAN, University of California at Berkeley JUDITH S. OLSON, University of Michigan JOE PATO, HP Labs Cambridge RADIA PERLMAN, Sun Microsystems PRISCILLA M. REGAN, George Mason University JEFFREY I. SCHILLER, Massachusetts Institute of Technology SOUMITRA SENGUPTA, Columbia University JAMES L. WAYMAN, San Jose State University DANIEL J. WEITZNER, Massachusetts Institute of Technology Staff LYNETTE I. MILLETT, Study Director and Program Officer JENNIFER BISHOP, Senior Project Assistant iv
COMPUTER SCIENCE AND TELECOMMUNICATIONS BOARD DAVID D. CLARK, Massachusetts Institute of Technology, Chair DAVID E. BORTH, Motorola Labs JAMES CHIDDIX, AOL Time Warner JOHN M. CIOFFI, Stanford University ELAINE COHEN, University of Utah W. BRUCE CROFT, University of Massachusetts at Amherst THOMAS E. DARCIE, AT&T Labs Research JOSEPH V. FARRELL, University of California at Berkeley JEFFREY M. JAFFE, Bell Laboratories, Lucent Technologies ANNA KARLIN, University of Washington BUTLER W. LAMPSON, Microsoft Corporation EDWARD D. LAZOWSKA, University of Washington DAVID E. LIDDLE, U.S. Venture Partners TOM M. MITCHELL, Carnegie Mellon University DONALD A. NORMAN, Nielsen Norman Group DAVID A. PATTERSON, University of California at Berkeley HENRY (HANK) PERRITT, JR., Chicago-Kent College of Law BURTON J. SMITH, Cray Inc. TERRY R. SMITH, University of California at Santa Barbara LEE S. SPROULL, New York University JEANNETTE M. WING, Carnegie Mellon University MARJORY S. BLUMENTHAL, Director HERBERT S. LIN, Senior Scientist ALAN S. INOUYE, Senior Program Officer JON EISENBERG, Senior Program Officer LYNETTE I. MILLETT, Program Officer CYNTHIA A. PATTERSON, Program Officer STEVEN WOO, Program Officer JANET BRISCOE, Administrative Officer DAVID PADGHAM, Research Associate MARGARET HUYNH, Senior Project Assistant DAVID DRAKE, Senior Project Assistant JANICE SABUDA, Senior Project Assistant JENNIFER M. BISHOP, Senior Project Assistant BRANDYE WILLIAMS, Staff Assistant v
Preface T he terrorist attacks of September 11, 2001, and subsequent discus- sions have brought fresh urgency to the challenges of providing information security. In the wake of these and other recent events, numerous proposals have been circulating both in policy circles and the national media. One proposal that has received a fair amount of attention is a national identification cardâor, more precisely, a nationwide identity system. The Bush administration has indicated that a national identification card is not within the scope of options it is contemplating. Congress, however, has been considering various alternativesâfor example, a measure in the Enhanced Border Security and Visa Entry Reform Act of 2001 would require biometric identifiers to be employed on visas and other travel and entry documents for aliens (H.R. 3525, Section 303). Additional sugges- tions include a proposal by the American Association of Motor Vehicle Administrators (AAMVA) to link state motor vehicle departments and a proposed âtrusted travelerâ system for airports. The persistence of public discussion on the topic and the expectation that other proposals will be offered argue for an informed analysis and critique of the concept of a nationwide identity system. In early 2001, the Computer Science and Telecommunications Board, (CSTB) a unit of the National Research Council with a long history of vii
viii PREFACE examining information technology, security, and related issues,1 launched a study to examine authentication technologies and their privacy implica- tions. Sponsored by the National Science Foundation, the Office of Naval Research, the General Services Administration, the Federal Chief Infor- mation Officersâ Council, and the Social Security Administration, the study aims to assess emerging approaches to user authentication in com- puting and communications systems, and it specifically focuses on the implications of these authentication technologies for privacy. The study is being conducted by the multidisciplinary Committee on Authentication Technologies and Their Privacy Implications, whose mem- bers include experts in the design, implementation, deployment, and use of information systems generally and information systems security in particular, along with experts in privacy law and policy (see Appendix A for committee and staff biographies). Given that identification and au- thentication systems constitute a large portion of the committeeâs agenda, it is well positioned to comment on the technology and policy issues surrounding a nationwide identity system and its supporting infrastruc- tures (hereinafter referred to as a nationwide identity system). In fact, CSTB asked the committee to do so, in the interest of providing a timely contribution to the public debate. Additional resources from the Vadasz Family Foundation enabled development of this report. The committeeâs broader and more comprehensive final report is ex- pected in late 2002, but its members felt compelled to issue a brief report at this time because of the real possibility that further debate on a nation- wide identity system, and even action on the topic, could take place prior to the final reportâs issuance. Thus the present effort outlines the issues the committee believes must be addressed and raises a number of ques- tions that the committee believes should be answered as part of any con- sideration of a nationwide identity system. This brief report is a product of the committeeâs deliberations, draw- ing on its membersâ areas of expertise. But, given time and resource limitations, it is not an exhaustive assessment. It is intended to catalyze a 1See, for example, CSTB reports such as Growing Vulnerability of the Public Switched Net- works (1989), Computers at Risk (1991), Evolving the High Performance Computing and Commu- nications Initiative to Support the Nationâs Information Infrastructure (1995), Cryptographyâs Role in Securing the Information Society (1996), For the Record: Protecting Electronic Health Informa- tion (1997), Trust in Cyberspace (1999), The Internetâs Coming of Age (2000), Embedded, Every- where: A Research Agenda for Networked Systems of Embedded Computers (2001), and Cyber- security Today and Tomorrow: Pay Now or Pay Later (2002). See <http://www.cstb.org/web/ topic_security> for a complete list of CSTB reports related to security, assurance, and privacy.
PREFACE ix broader and more sophisticated discussion. Clearly, the legal, policy, and technological issues associated with nationwide identity systems warrant a much more detailed and comprehensive examination. The committee invites feedback on this brief report as it continues the process of prepar- ing its broader and more in-depth final report on the topic of authentica- tion technologies and their implications for privacy. The committee thanks David D. Clark, chair of the CSTB, and Marjory S. Blumenthal, CSTBâs director, for their commentary and feedback on draft versions of the report. The committee also wishes to thank the various members of the CSTB staff who helped to make it happen. Jenni- fer Bishop took over as senior project assistant for the authentication study midway through the project, managing logistics, organizing materials, and coping with an unplanned brief report and review with aplomb. She also assisted in developing the diagrams in the report and designed its cover. Janet Briscoe, CSTBâs administrative officer, provided crucial ad- ministrative and logistical support as well as the suggestion that ulti- mately led to the reportâs title. Andy White, director of the NRCâs Com- mittee on National Statistics, provided feedback during the formulation and review phases. The committee also thanks Steven J. Marcus, a free- lance editor, for assistance at multiple stages of the reportâs development. Liz Fikre at the National Research Council also made significant editorial contributions to the final manuscript. Lynette Millett is the study director for this project; she synthesized this report, coordinating contributions from committee members and drafting the response to reviewers. Stephen T. Kent, Chair Committee on Authentication Technologies and Their Privacy Implications
Acknowledgment of Reviewers This report has been reviewed in draft form by individuals chosen for their diverse perspectives and technical expertise, in accordance with pro- cedures approved by the National Research Councilâs Report Review Committee. The purpose of this independent review is to provide candid and critical comments that will assist the institution in making its pub- lished report as sound as possible and to ensure that the report meets institutional standards for objectivity, evidence, and responsiveness to the study charge. The review comments and draft manuscript remain confidential to protect the integrity of the deliberative process. We wish to thank the following individuals for their review of this report: Alfred Blumstein, Carnegie Mellon University, Michael Caloyannides, Mitretek Systems, Inc., Julie E. Cohen, Georgetown University Law Center, Jerome H. Saltzer, Massachusetts Institute of Technology, Peter Swire, George Washington University, and Lee M. Zeichner, LegalNet Works, Inc. Although the reviewers listed above have provided many construc- tive comments and suggestions, they were not asked to endorse the con- clusions or recommendations, nor did they see the final draft of the report before its release. The review of this report was overseen by Willis Ware of RAND. Appointed by the National Research Council, he was respon- sible for making certain that an independent examination of this report was carried out in accordance with institutional procedures and that all review comments were carefully considered. Responsibility for the final content of this report rests entirely with the authoring committee and the institution. x
Contents EXECUTIVE SUMMARY 1 1 INTRODUCTION AND OVERVIEW 5 2 POLICY CONSIDERATIONS 16 What Does Identity Provide?, 16 To Whom and for What?, 19 Permitted Users of the System, 24 Permitted Uses of the System, 26 Voluntary or Mandatory?, 28 What Legal Structures?, 29 Benefits and Drawbacks, 30 3 TECHNOLOGICAL CHALLENGES 34 Binding Persons to Identities, 37 Backend Systems, 41 Data Correlation and Privacy, 44 4 CONCLUDING REMARKS 46 APPENDIXES A Committee Member and Staff Biographies 51 B What Is CSTB? 60 xi