The National Academies Press

Currently Skimming:

Executive Summary
Pages 1-15

The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.

From page 1... ... Yet despite the wide variety of authentication technologies and the great range of activities for which some kind of authentication is required, virtually all involve the use of personal information, raising privacy concerns. The development, implementation, and broad deployment of authentication systems require that issues surrounding identity and privacy be thought through carefully. Read the entire page →
From page 2... ... The three variants above illustrate that authentication is not a simple concept: As the committee's first report on nationwide identity systems argued, grappling with these issues and their implications is just not that easy (Box ES.1~. This summary of the report includes the findings and recommendations of the authoring Committee on Authentication Technologies and Their Privacy Implications. Read the entire page →
From page 3... ... When authentication is needed, which types might serve best? For example, when accountability is required, individual authentication may be Read the entire page →
From page 4... ... may suffice. Finding: Authorization does not always require individual authentication or identification, but most existing authorization systems perform one of these functions anyway. Read the entire page →
From page 6... ... There is an inherent tension between authentication and privacy, because the act of authentication involves some disclosure and confirmation of personal information. Establishing an identifier or attribute for use within an authentication system, creating transactional records, and revealing information used in authentication to others with unrelated interests all have implications for privacy. Read the entire page →
From page 7... ... A critical factor in understanding the privacy implications of authentication technologies is the degree to which an authentication system is decentralized. A centralized password system, a public key system, or a biometric system would be much more likely to pose security and privacy hazards than would decentralized versions of any of these. Read the entire page →
From page 8... ... Guidelines include the following: Recommendation: When designing an authentication system or selecting an authentication system for use, one should Authenticate only for necessary, well-defined purposes; Minimize the scope of the data collected; Minimize the retention interval for data collected; Articulate what entities will have access to the collected data; Articulate what kinds of access to and use of the data will be allowed; Minimize the intrusiveness of the process; Overtly involve the individual to be authenticated in the process; Minimize the intimacy of the data collected; Ensure that the use of the system is audited and that the audit record is protected against modification and destruction; and Provide means for individuals to check on and correct the information held about them that is used for authentication. Read the entire page →
From page 9... ... That is, where appropriate, authorization technologies and systems that use only nonidentifying attributes should be used in lieu of individual authentication technologies. When individual authentication is required, the system should be subject to the guidelines in Recommendation 3.2 (above) Read the entire page →
From page 10... ... They may identify themselves as named users of computer systems, employees, frequent fliers, citizens, students, members of professional societies, licensed drivers, holders of credit cards, and so on. These multiple identities allow people to maintain boundaries and protect privacy. Read the entire page →
From page 11... ... Their approaches to authentication and privacy protection may differ from those of private sector entities for structural and legal reasons. Read the entire page →
From page 12... ... Further, although states issue driver's licenses and the federal government issues passports, each may depend on the other for reissuance or replacement; no single entity has a complete authoritative database. While on the one hand the lack of easy linkage can Read the entire page →
From page 13... ... Finding: Many of the foundational identification documents used to establish individual user identity are very poor from a security perspective, often as a result of having been generated by a diverse set of issuers that may lack an ongoing interest in ensuring the documents' validity and reliability. Birth certificates are especially poor as base identity documents, because they cannot be readily tied to an individual. Read the entire page →
From page 14... ... (3.1) The federal government has passed numerous laws and regulations that place constraints on the behavior of private sector parties as well as on government agencies. Read the entire page →
From page 15... ... TOOLKIT With a basic understanding of authentication, privacy interests and protections, and related technologies, it is possible to consider how one might design an authentication system that limits privacy intrusions while still meeting its functional requirements. This report provides a toolkit for examining the privacy implications of various decisions that must be made when an authentication system is being contemplated. Read the entire page →

From page 1...

... Yet despite the wide variety of authentication technologies and the great range of activities for which some kind of authentication is required, virtually all involve the use of personal information, raising privacy concerns. The development, implementation, and broad deployment of authentication systems require that issues surrounding identity and privacy be thought through carefully.

Read the entire page →

From page 2...

... The three variants above illustrate that authentication is not a simple concept: As the committee's first report on nationwide identity systems argued, grappling with these issues and their implications is just not that easy (Box ES.1~. This summary of the report includes the findings and recommendations of the authoring Committee on Authentication Technologies and Their Privacy Implications.

Read the entire page →

From page 3...

... When authentication is needed, which types might serve best? For example, when accountability is required, individual authentication may be

Read the entire page →

From page 4...

... may suffice. Finding: Authorization does not always require individual authentication or identification, but most existing authorization systems perform one of these functions anyway.

Read the entire page →

From page 6...

... There is an inherent tension between authentication and privacy, because the act of authentication involves some disclosure and confirmation of personal information. Establishing an identifier or attribute for use within an authentication system, creating transactional records, and revealing information used in authentication to others with unrelated interests all have implications for privacy.

Read the entire page →

From page 7...

... A critical factor in understanding the privacy implications of authentication technologies is the degree to which an authentication system is decentralized. A centralized password system, a public key system, or a biometric system would be much more likely to pose security and privacy hazards than would decentralized versions of any of these.

Read the entire page →

From page 8...

... Guidelines include the following: Recommendation: When designing an authentication system or selecting an authentication system for use, one should Authenticate only for necessary, well-defined purposes; Minimize the scope of the data collected; Minimize the retention interval for data collected; Articulate what entities will have access to the collected data; Articulate what kinds of access to and use of the data will be allowed; Minimize the intrusiveness of the process; Overtly involve the individual to be authenticated in the process; Minimize the intimacy of the data collected; Ensure that the use of the system is audited and that the audit record is protected against modification and destruction; and Provide means for individuals to check on and correct the information held about them that is used for authentication.

Read the entire page →

From page 9...

... That is, where appropriate, authorization technologies and systems that use only nonidentifying attributes should be used in lieu of individual authentication technologies. When individual authentication is required, the system should be subject to the guidelines in Recommendation 3.2 (above)

Read the entire page →

From page 10...

... They may identify themselves as named users of computer systems, employees, frequent fliers, citizens, students, members of professional societies, licensed drivers, holders of credit cards, and so on. These multiple identities allow people to maintain boundaries and protect privacy.

Read the entire page →

From page 11...

... Their approaches to authentication and privacy protection may differ from those of private sector entities for structural and legal reasons.

Read the entire page →

From page 12...

... Further, although states issue driver's licenses and the federal government issues passports, each may depend on the other for reissuance or replacement; no single entity has a complete authoritative database. While on the one hand the lack of easy linkage can

Read the entire page →

From page 13...

... Finding: Many of the foundational identification documents used to establish individual user identity are very poor from a security perspective, often as a result of having been generated by a diverse set of issuers that may lack an ongoing interest in ensuring the documents' validity and reliability. Birth certificates are especially poor as base identity documents, because they cannot be readily tied to an individual.

Read the entire page →

From page 14...

... (3.1) The federal government has passed numerous laws and regulations that place constraints on the behavior of private sector parties as well as on government agencies.

Read the entire page →

From page 15...

... TOOLKIT With a basic understanding of authentication, privacy interests and protections, and related technologies, it is possible to consider how one might design an authentication system that limits privacy intrusions while still meeting its functional requirements. This report provides a toolkit for examining the privacy implications of various decisions that must be made when an authentication system is being contemplated.

Read the entire page →

Next Chapter Skim →

This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
More information on Chapter Skim is available.

Executive Summary Pages 1-15

Executive Summary
Pages 1-15