Who Goes There? Authentication Through the Lens of Privacy (2003) / Chapter Skim
Currently Skimming:
6 Authentication, Privacy, and the Roles of Government
6 Authentication, Privacy, and the Roles of Government
Pages 138-178
The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.
From page 138... ...
As a relying party, government uses authentication technologies for electronic government applications and for physical and systems security applications. Given the size of its workforce and its user base, government is a significant user of these technologies.
|
From page 139... ...
An examination of the various roles that government fills In authentication processes and privacy protection, anchored by specific examples, helps to explain this complexity. The issuance of IDs illustrates how different levels of government interact with the public through specific programs for sometimes unique reasons.
|
From page 140... ...
They can be regulators of private sector behavior, issuers of identity documents or identifiers, and also relying parties for service delivery. REGULATOR OF PRIVATE SECTOR AND PUBLIC AGENCY BEHAVIORS AND PROCESSES The government acts as a regulator of multiple sectors, including health and medical services, financial services, and education.
|
From page 141... ...
law regulating the federal government's collection and maintenance of personal information." Generally speaking, the Privacy Act aimed at balancing the federal government's need to maintain information about individuals with the rights of individuals to be protected against unwanted invasions of their privacy. The act attempts to regulate the collection, maintenance, use, and dissemination of personal information by federal government agencies.
|
From page 142... ...
The main provisions of the act include the following: · Give individuals an opportunity to receive notice of computer matching and to contest information before having a benefit denied or terminated; · Require that federal agencies engaged in matching activities establish data protection boards to oversee matching activities; · Require federal agencies to verify the findings of computer match5Text for these three items is adapted from Harold c. Relyea, The Privacy Act: Emerging Issues and Related Legislation, Congressional Research service tCRS' Report RL30824, Washington, D.C., CRS, Library of congress, September 2000.
|
From page 143... ...
issued a memorandum reminding federal agencies of the act's requirements.9 lo According to the memorandum, as "government increasingly moves to electronic collection and dissemination of data, under the Government Paperwork Elimination Act and other programs, opportunities to share data across agencies will likely increase." Therefore, "agencies must pay close attention to handling responsibly their own data and the data they share with or receive from other agencies." Computer Security Act and Recent Amendments The Computer Security Act of 1987 (PL 100-235) addressed the importance of ensuring and improving the security and privacy of sensitive information in federal computer systems.
|
From page 144... ...
12 both requires federal agencies to move from paper-based to electronic transactions with the public and provides some of the enablers necessary to make such a transition. It also amplifies federal privacy protections regarding sensitive data collected during the electronic authentication process.
|
From page 145... ...
Consistent with the fair information practices (described in Chapter 3 of this report) and the Privacy Act, GPEA requires that information gathered from the public to facilitate electronic signatures services be disclosed only for that purpose.
|
From page 146... ...
19The full text of the act is available online at |
From page 147... ...
For example, the penalties include fines of up to $25,000 for multiple violations of the same rule in one year, as well as fines of up to $250,000 and up to 10 years' imprisonment for knowingly misusing individually identifiable health information. The privacy rule formally defines "protected health information," which includes individual patient information such as name, Social Security number, address, and so on; and clinical information such as disease, treatment, drugs, test results, and so on.
|
From page 148... ...
Open questions about educational rounds and HIPAA were addressed in the latest rule making, and there are other questions that may be clarified, but only later. The privacy rule was required to be adopted by April 14, 2003, but it is likely that there will be a gradual culture change in care environments toward better privacy protection.
|
From page 149... ...
. Electronic Signatures in Global and National Commerce Act: The Consumer Consent Provision in Section lOl(c)
|
From page 150... ...
Nevertheless, Gramm-Leach-Bliley is viewed by many privacy advocates as being rife with loopholes to the point of rendering any privacy protections that it spells out moot. For instance, Dan Gillmor, a technology columnist describes what he views as two major Problems with the act: J ~ · Consumers must opt out of information sharing "that is, [consumers must]
|
From page 151... ...
Privacy Protection for Customer Financial Information, congressional Research service ACRE Report for congress RS20185. Washington, D.C., CRS, Library of congress, August 2001.
|
From page 152... ...
within the United States and facilitates information sharing between foreign intelligence and domestic law enforcement agencies. The 38See Charles Doyle, The USA PATRIOT Act: A Sketch, Congressional Research Service Report RL21203, and Charles Doyle, The USA PATRIOT Act: A Legal Analysis, Congressional Research Service Report RL31377.
|
From page 153... ...
provides further impetus for the Government Paperwork Elimination Act of 1998 to enable electronic government at the federal level. The act also authorizes increased funding for e-government projects, creates an administrator for a new egovernment office within the OMB, extends provisions of the Government Information Security Reform Act of 2000 (PL 106-398, Subtitle G
|
From page 154... ...
as the lead federal agency to create a framework for the interoperability of electronic signatures solutions, which is to include digital signatures.4~ The privacy provisions of the act recognize that more citizen-centered e-government requires an exchange of personally identifiable information between users and federal agencies. In response, the act requires that agencies conduct privacy impact statements when developing or procuring a new information system.
|
From page 155... ...
GOVERNMENT AS ISSUER OF IDENTITY DOCUMENTS The preceding sections addressed the first role of government, as regulator, and this section discusses its second role with respect to authentication as an issuer of identity documents, often in conjunction with the private sector. Anyone who has traveled on a commercial airline since September 11, 2001, has a sense of the unique role that government fills in issuing identification documents.
|
From page 156... ...
As discussed below, hospital staff play an integral role in recording birth information that is used for the issuance of birth certificates and then Social Security numbers. It is also possible to get printed copies of birth certificates from private sector companies working on behalf of local governments.45 At the other end of the continuum of life, private funeral directors often issue death records for sharing with a variety of government organizations.
|
From page 158... ...
, so that (hypothetical) controls on birth certificates based on hospital licensing would miss some number of children.
|
From page 159... ...
The current birth certificate is meant to serve as a substitute, but it has several flaws of its own.46 46There are many contexts in which human witnesses serve as verifiers of identity of either people or objects. For example, chains of custody in court cases require human witnesses to testify to the provenance of something admitted into evidence.
|
From page 160... ...
In addition, in order to ensure that the document refers to the correct individual when it is issued, it is important to issue the initial identity document as close to birth as possible. This begs the question of whether biometrics of some sort are needed, which raises some interesting problems with respect to the many biometrics (including footprints, which are standard in some locales)
|
From page 161... ...
Finding 6.2: Electronic authentication is qualitatively different for the public sector and the private sector because of a government's unique relationship with its citizens: a. Many of the transactions are mandatory.
|
From page 162... ...
(Figure 6.1 illustrates the interdependencies of foundational identity documents.) 50Computer Science and Telecommunications Board, National Research Council.
|
From page 163... ...
Passport Required Ma3, be used 163 FIGURE 6.1 Interdependencies of foundational identity documents issued by both governments and the private sector. Issuance of an SSN requires proof of age and of citizenship or appropriate noncitizen status and a current proof of identity.
|
From page 164... ...
The evidence required for the initial government-issued identity document, the birth certificate, is often attested to by private sector employees. It should also be noted that the United States is a nation of immigrants documents prepared overseas may introduce even more uncertainty into the system.55 All of these factors contribute to the difficulty that the relying party may have in verifying the documents.
|
From page 165... ...
However, stronger alternatives, such as DNA, are very expensive, may be unpopular with large segments of society, and raise new privacy and technical challenges. Recommendation 6.1: Birth certificates should not be relied upon as the sole base identity document.
|
From page 166... ...
· Obtaining a fraudulent identity document, · Passing off someone else's valid identity document as one's own, · Modifying the contents of a valid identity document, · Compromising private information stored in a back-end system, · Unauthorized modification of information stored in a back-end Motivations for these attacks can vary, of course, ranging from the desire to purchase alcohol when under age to the desire to move easily through security checkpoints in order to perpetrate a terrorist act. Attacks could be aimed at individuals (as in the case of identity theft)
|
From page 167... ...
. However, controls generally work well enough to prevent the widespread dissemination of fraudulent identity documents.
|
From page 168... ...
Birth certificates are especially poor as base identity documents, because they cannot be readily tied to an individual. Finding 6.4: Scale is a major factor in the implications of authentication for privacy and identity theft.
|
From page 169... ...
For many public sector organizations, though, the move to egovernment was already under way before the enactment of GPEA gave statutory impetus to federal agency efforts. Through the Office of Man58For some selected visions of e-government, see the National Association of Chief Information Officers, online at |
From page 170... ...
The first is a detailed discussion of a program Access Certificates for Electronic Services (ACES) that the federal government had endorsed as a way to authenticate users across a variety of program and organizational lines, the second describes the Internal Revenue Service's electronic tax filing programs, and the third describes the Social Security Administration's attempt at remote authentication for access to earnings and benefits statements.
|
From page 171... ...
The identification provided by this type of interaction generally will not be sufficient to identify the user uniquely to a government agency, since many users may share the same name for example, John Smith. Thus, ACES certificates generally will be ambiguous relative to the ID requirements for any government agency.
|
From page 172... ...
The Internal Revenue Service Electronic Tax Filing The IRS has been working to increase the volume of the electronic filing of individual tax returns since the program began in the late 1980s. While IRS e-file has been described as a pioneer program in electronic government, it is interesting to note that for many years the IRS required that electronically filed returns be accompanied by paper signature documents.
|
From page 173... ...
Additionally, the IRS Reform and Restructuring Act of 1998 (PL 105-206) speaks directly to the issue of electronic signatures and provides that they are criminally and civilly equivalent to paper signatures.
|
From page 174... ...
so the IRS can validate claimed identity of the taxpayer beyond name, address, and taxpayer identification number. 61Given that over 70 percent of individual tax returns result in a refund and that there is a history of individuals trying to defraud the government by seeking refunds they are not entitled to, this is a significant business risk.
|
From page 175... ...
62Zachary Tumin. "Social Security on the Web: The Case of the Online PEBES." Strategic Computing ~ Telecommunications in the Public Sector.
|
From page 176... ...
NATIONWIDE IDENTITY SYSTEMS The federal government is not the only government body that plays a role in authentication and privacy considerations. It is through local governments that most individuals acquire identification documents.
|
From page 177... ...
report by the same committee: IDsNot That Easy: Questions About Nationwide Identity Systems. CONCLUDING REMARKS Government organizations, especially federal agencies, must live with a plethora of legal and policy demands and guidelines in the area of authentication and privacy, as well as provide accountability and submit to oversight.
|
From page 178... ...
Care must be taken to adhere to the principles in the Privacy Act of 1974 and the privacy principles described in Chapter 3 of this report. Finding 6.8: Interagency and intergovernmental authentication solutions that rely on a common identifier create a fundamental tension with the privacy principles enshrined in the Privacy Act of 1974, given the risks associated with data aggregation and sharing.
|
Key Terms
This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
More
information on Chapter Skim is available.