Skip to main content

Who Goes There? Authentication Through the Lens of Privacy (2003) / Chapter Skim
Currently Skimming:

7 A Toolkit for Privacy in the Context of Authentication
Pages 179-194

The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.


From page 179...
... It focuses on the three types of authentication identified in Chapter 1: · Individual authentication is the process of establishing an understood level of confidence that an identifier refers to a specific individual. · Identity authentication is the process of establishing an understood level of confidence that an identifier refers to an identity.
Read the entire page →
From page 180...
... As described in Chapter 3, the decision to authenticate, whatever the reason, may affect decisional privacy, bodily integrity privacy, information privacy, and communications privacy. As noted earlier, affecting privacy is not always equivalent to violating privacy.
Read the entire page →
From page 181...
... In attribute authentication, if the attribute chosen is sufficiently distinctive it is functionally equivalent to an identity authentication system, in which case the attribute may be more accurately labeled an identifier, thereby eroding the protections that might otherwise be provided by an attribute authentication system.
Read the entire page →
From page 182...
... The analysis proposed here is technology-independent, for the most part, and can be applied to almost any proposed authentication system. Attribute Choice Attribute authentication and, frequently, identity authentication and individual authentication require the collection or creation of attributes that the system uses to determine whether to grant an individual access during the authentication phase.
Read the entire page →
From page 183...
... For example, the use of a highly distinctive attribute to control access to personal information about an individual maintained by a third party may meet the minimization principle and be necessary to protect against inappropriate access to the personal information in question. Regardless of whether the choice of a highly distinctive attribute is appropriate, the more sensitive or revealing the attribute is, the greater the information privacy problems raised.
Read the entire page →
From page 184...
... To better protect information privacy (and in accordance with fair
Read the entire page →
From page 185...
... For example, the collection of blood in order to ascertain blood type as an attribute, or of DNA in order to screen for a genetic attribute raises two types of privacy issues that have implications for bodily integrity. First, the collection of the attribute may be physically intrusive or invasive.
Read the entire page →
From page 186...
... An identifier that is created or constructed for the purpose of authentication in that one system will offer more protection for both privacy and security than will an identifier selected from or based upon existing identifiers. Because the identifier is being selected for its capacity to link to the individual in the context of an individual authentication system, the information privacy concerns are greater than they are in attribute and identity authentication.
Read the entire page →
From page 187...
... However, technical mechanisms can be employed to minimize these · ~ nconvenlences.Decisional Privacy An identifier that is randomly created and used exclusively for a particular authentication system will pose fewer adverse implications for decisional privacy than an identifier that reflects or contains personal information. The selection of an identifier that can be linked to the individual is likely to pose greater risks to decisional privacy than the selection of an attribute or identifier that cannot be linked.
Read the entire page →
From page 188...
... The selection of an identifier that could be associated with physical characteristics or physical activities of an individual may affect bodily integrity if the collection of the identifier was physically intrusive, invasive, or intimidating. Communications Privacy Communications privacy is affected if the identifier is the individual's network or communication system address or number (telephone number, e-mail address, IP address, and so on)
Read the entire page →
From page 189...
... In this case, new privacy issues arise; these issues are explored below. Information Privacy If the system identity is associated with a particular individual, all the fair information principles should be honored in order to best protect privacy.
Read the entire page →
From page 190...
... Bodily Integrity and Communications Privacy The discussions in the "Identifier Selection" section above about issues related to bodily integrity and communications privacy also apply here. The Authentication Phase This phase determines whether the attribute, identifier, or identity refers to the individual being authenticated at the level of confidence required by the system.
Read the entire page →
From page 191...
... Decisional privacy is directly affected by the creation of transactional records of authentication events to support auditing. Bodily Integrity The authentication phase may also affect bodily integrity if the observation of the attribute requires close or direct contact with the individual or observation that appears intrusive.
Read the entire page →
From page 192...
... · Create technical and procedural strategies that limit the ability to connect authentication information with specific authentication events. · Understand and consider the security risks of authentication activity data storage, including risks of unauthorized access, unauthorized use by those with authorized access, and legally compelled access.
Read the entire page →
From page 193...
... If individuals whose information was compromised and agencies responsible for enforcing privacy laws were informed of privacy breaches, there would be greater incentive to proactively implement technologies and policies that protect privacy. Even if the choice is made to institute authentication systems only where people today attempt to discern identity, the creation of reliable, inexpensive systems will inevitably invite function creep and unplanned-for secondary uses unless action is taken to avoid these problems.
Read the entire page →

Key Terms

  • information privacy
  • attribute authentication
  • bodily integrity
  • communications privacy
  • decisional privacy

  • identity authentication
  • authentication phase
  • protect privacy
  • personal information
  • authentication events

  • privacy implications
  • information principles
  • transactional records
  • integrity privacy
  • data records

  • affect decisional
  • understood level
  • analysis indicates
  • affect bodily
  • fair information

  • identifier selection
  • privacy breaches
  • minimizes privacy
  • information collected
  • identity information

  • implicate information
  • transactional information
  • identity selection
  • attribute choice
  • communication activities


    • This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
    More information on Chapter Skim is available.