Home' Technology Review : July August 2009 Contents ESSAY 71
WWW. TECHNOLOGYREVIEW. COM
enough, auditing their work, limiting the amount of authority
that any one employee has, and harshly punishing any indi-
vidual who abuses the employer's trust. Computer systems can
be made immune to bu er-overflow attacks, one of the most
common security vulnerabilities in recent years, by program-
ming them in modern languages like Java and Python instead
of 1980s standards like C and C++. We really do know how to
build secure systems. Unfortunately, these systems cost more
to develop, and using them would require us to abandon the
ones we already have---at least for our critical applications.
But one fundamental problem is harder to solve: identifying
people on the Internet. What happens if somebody impersonat-
ing you calls up a company and demands access to your data?
If Google or Yahoo were storefronts, they would ask to see a
state-issued ID card. They might compare a photo of you that
they took when you opened the account with the person now
standing in their lobby. Yes, there are phony IDs, and there are
scams. Nevertheless, identification technology works pretty
well most of the time in the physical world.
It turns out that we essentially have the technology to solve
this problem in the digital world as well. Yet the solutions
that have been developed aren't politically tenable---not only
because of perceived costs but also, ironically, because of per-
ceived privacy concerns.
I understand these fears, but I think they are misplaced.
When someone can wreak havoc by misappropriating your
personal data, privacy is threatened far more by the lack of a
reliable online identification system than it would be by the
introduction of one. And it is likely that it would cost society
far more money to live with poor security than to address it.
I believe that we will be unable to protect online privacy with-
out a strong electronic identity system that's free to use and
backed by the governments of the world---a true passport for
online access. One of the fundamental duties of government is
to protect the internal security of the nation so that commerce
can take place. For hundreds of years, that has meant creating
identification documents so that people can prove their citizen-
ship and their identity. But the U.S. government has abdicated
its responsibility in the online world, and businesses have made
up their own systems---like asking for your Social Security num-
ber and address, and perhaps your favorite color.
The di culty of identifying people in the electronic world is
a problem for every single company, every single organization,
every single website. And it is especially a problem for Face-
book and Google, because at a very basic level, they don't know
who their customers are. When you open an account at a bank,
U.S. law requires that you prove your identity with some state-
issued identification. Bank accounts are linked to an actual
identity. But electronic accounts like those on Facebook and
Google aren't. They project an identity, but they aren't linked,
really, to anything. That's a real problem if some hacker takes
over your Gmail account and you need to get it back.
One solution would be to make driver's licenses and other
state-issued IDs usable online by adding electronic chips. Just
imagine: no more passwords to access your bank account, to
buy something at Amazon, or to bid on eBay. Just insert your
card. And if you lost the card, you could report it missing and
get a new one. Instantly, all your online accounts would recog-
nize the new credential and refuse to honor the old one.
Similar proposals have been made in the past: in the
1990s the U.S. Postal Service began working toward a sys-
tem called the "U.S. Card." But the project never really got o
the ground---partly because the technology wasn't quite ready,
but also because of significant public opposition. In fact, in the
United States every attempt to improve identification creden-
tials has provoked significant public opposition. Many privacy
activists see mandatory ID cards as one of the hallmarks of a
police state. And many state governments fear the costs.
Though a stronger identification system would undoubt-
edly harm some citizens through errors, I think the opposition
is unfortunate. We're already being identified every time we
use an online banking service, or make an online purchase, or
even use Facebook. We're just being identified through ad hoc,
broken systems that are easy for bad guys to exploit. If we had
a single strong identity system, we could adopt legislation to
protect it from inappropriate use. A California law enacted in
2003, for example, prevents bars, car dealers, and others from
collecting information swiped from a driver's license for any
purpose other than age verification or license authentication.
For more than 100 years, American jurisprudence has recog-
nized privacy as a requirement for democracy, social relations,
and human dignity. For nearly 50, we've understood that pro-
tecting privacy takes more than just controlling intrusions into
your home; it also requires being able to control information
about you that's available to businesses, government, and soci-
ety at large. Even though Americans were told after 9/11 that
we needed to choose between security and privacy, it's increas-
ingly clear that without one we will never have the other.
We need to learn how to protect privacy by intention, not
by accident. Although technology can help, my belief is that
such protections need to start with clearly articulated polices.
Just as Nixon created the Environmental Protection Agency
to protect our environment, we need some kind of Privacy
Protection Agency to give our rights a fighting chance. Our
piecemeal approach is no longer acceptable.
SIMSON GARFINKEL IS AN ASSOCIATE PROFESSOR AT THE NAVAL POSTGRAD
UATE SCHOOL IN MONTEREY, CA. THE VIEWS EXPRESSED IN THIS ARTICLE
ARE THOSE OF THE AUTHOR AND DO NOT NECESSARILY REFLECT THE VIEWS
OF THE U.S. GOVERNMENT OR THE DEPARTMENT OF DEFENSE.
Links Archive May June 2009 September October 2009 Navigation Previous Page Next Page