Preface

The broadening use of the Internet implies that, more and more, people are communicating and sharing information with strangers. The result is growth in different kinds of demand to authenticate system users, and the different motivations for requiring authentication imply different trade-offs in evaluating technical and nontechnical options. Motivations range from those related to system security (for example, the ability to access critical systems or medical records) to those related to business development (for example, the ability to use “free” Web-based resources or to have access to elements of electronic commerce). The key questions surrounding these issues relate to what data about a person are shared, how they are shared (including whether overtly and cooperatively as well as by what technique), why they are shared (fitting the purpose to the nature and amount of data), and how the data are protected.

Concerns that arise about adverse impacts on personal privacy from particular approaches to authentication may reflect judgments about the rationale (e.g., how much information about a person is really needed to authorize access to a particular system) as well as concern about the soundness of the technical and procedural steps taken to protect the personal information gathered in the process of authentication. Those concerns are heightened by the growing ease of aggregation of information collected from multiple sources (so-called data matching), the observed tendency to collect information without an individual’s knowledge, and the ease of publicizing or distributing personal information, like any other information, via the Internet.

THE COMMITTEE AND ITS CHARGE

In September 1999, the U.S. government’s chief counselor for privacy, Peter Swire, met with the Computer Science and Telecommunications Board (CSTB) in Washington, D.C., and described his need for studies of biometrics and authentication. Enthusiastic support by CSTB members, given the importance of the topic and the ability to build on past CSTB work, led to further discussion about initiating a project. Richard Guida, former chair of the Federal Public Key Infrastructure (FPKI) Steering Committee and now with Johnson and Johnson, provided insight into federal agency thinking about authentication and encouraged FPKI members to be interested in and involved with the project. The scope of the project was broadened to encompass a range of authentication technologies and their privacy implications. Funding for the project was obtained from the National Science Foundation, the Office of Naval Research, the General Services Administration, the Federal Chief Information Officers Council, and the Social Security Administration.

The task of the committee assembled by CSTB—the Committee on Authentication Technologies and Their Privacy Implications—was to examine the interaction of authentication and privacy. The committee sought to identify the range of circumstances and the variety of environments in which greater or lesser degrees of identification are needed in order to carry out governmental or commercial functions. It also addressed ways in which law and policy can come to grips with the flaws that are likely in the technology or its implementation. It considered how the federal government can deploy improved authentication technologies consistent with the desire to protect privacy. It also examined the broad implications of alternative approaches to selecting and implementing authentication technologies by the federal government and others interested in their use.

Consisting of 16 members from industry and academia (see Appendix A), the committee was designed to have a range of technical expertise relating to different kinds of authentication technologies and information-system security technologies generally, to applications, and to the privacy impacts of information technology and related policy. The members possess a range of computer science expertise (e.g., information system security, cryptography, networking and distributed systems, human-computer interaction) and associated nontechnical expertise (e.g., privacy policy and law) as well as user perspectives (including organizations seeking to employ authentication and end users with various concerns in such sectors as banking/finance and health). One original committee member, David Solo of Citigroup, was unable to continue his participation in the project because of unforeseen time constraints.

PROCESS

Empanelled during the winter of 2000, the committee met seven times between March 2001 and August 2002 to plan its course of action, receive testimony from relevant experts, deliberate on its findings, and draft its final report. It continued its work between meetings and into the fall and end of 2002 by electronic communications. During the course of its study, the committee took briefings from information and authentication technology researchers and developers in industry and universities and from leaders in government agencies involved in the development and deployment of authentication technologies. It also heard from privacy and consumer protection experts and representatives from various sectors of industry that use authentication technologies for business processes and e-commerce. The committee also went to VeriSign in California for a site visit. (See Appendix B for a complete list of briefers to the committee.)

More than half of the committee’s meetings were held and most of this report was written after the events of September 11, 2001. At its October 2001 meeting, the committee decided, with CSTB’s encouragement, to develop a short report addressing the concept of nationwide identity systems—a topic that has received much media and policy attention since the terrorist attacks. Given that many of the committee’s discussions and briefings were closely related to issues of identity and identification, the committee was well positioned to comment in a timely fashion on the topic. Supplemental funding for that activity was provided by the Vadasz Family Foundation. That report was released in April 2002 and is available from the National Academies Press.¹

ACKNOWLEDGMENTS

As with any project of this magnitude, thanks are due to the many individuals who contributed to the work of the committee. The committee thanks those who came to various meetings to provide briefings and Warwick Ford for arranging the site visit at VeriSign in January. Thanks are also due to those who sponsored the study: the National Science Foundation (George Strawn and Aubrey Bush), the Office of Naval Research (Andre van Tilborg), the General Services Administration (Mary Mitchell), the Federal Chief Information Officers Council (Keith Thurston and Roger Baker), and the Social Security Administration (Sara Hamer and Tony Trenkle). We are grateful to Peter Swire for commissioning the project, to Richard Guida and Denise Silverberg for helping to muster support through the FPKI Steering Committee, and to Kathi Webb of Rand for providing early access to its biometrics study project.

Finally, the committee thanks David D. Clark, chair of the CSTB, and Marjory S. Blumenthal, CSTB’s director when this study was being carried out, for valuable insights. The committee also thanks the following members of the CSTB staff for their contributions. Janet Briscoe provided crucial administrative support, especially with the October 2001 workshop. Suzanne Ossa was the initial senior project assistant for this project. Jennifer Bishop took over as senior project assistant and provided significant help with report preparation and editing; she also designed the covers of both this report and the earlier committee report and developed many of the diagrams. David Padgham provided background research and descriptions of various pieces of legislation. Wendy Edwards, an intern with CSTB in the summer of 2002, also provided some background research. Steven J. Marcus made an editorial pass through an earlier draft of the report, and Dorothy Sawicki and Liz Fikre made significant editorial contributions in preparation for publishing. Special thanks are due to Lynette I. Millett, the study director for this project. She worked very closely with the chair and other committee members, transforming their inputs into a coherent report that attempts to explain a complex topic in an understandable fashion.

Note

¹Computer Science and Telecommunications Board, National Research Council. IDs—Not That Easy: Questions About Nationwide Identity Systems. Washington, D.C., National Academy Press, 2002.