Identifier and Privacy

At Identity.Next yesterday, we had some discussion as to the desirable characteristics of the identifiers, especially in the context of National or Citizen IDs.

In most cases, the use of such identifier seems to be restricted in a way that it can be used in some particular purposes.
However, enforcement seems to be an issue.

The breach of the privacy can happen in various ways but we have discussed two particular form of it:

1) breach by multi-party collusion/linking
– two pieces of information at different locations linked together to extract an information that the person did not wish.
2) breach by inter-temporal linking
– two pieces of information now and past to extract an information that the person did not wish.

Purpose restriction is a measure against 1) but does not protect against 2).
As humans makes a lot of mistakes (esp. when young), some protection against 2) should be put in place as well.
The typical way of dealing with 2) is use temporal (not-permanent) identifiers such as Germans do in their new eID scheme that started this November 1, 2010.

In any case, 360 degree identifier (the identifier that is permanent and that can be used for any purpose) seems to be a bad idea from the point of view of the privacy protection. From time to time such an identifier seems to be proposed to improve “efficiency” but it probably is best to avoid. It would be worthwhile to consider such a scheme that has “visible but sectoral and temporary identifiers” coupled with “invisible and strictly controlled persistent identifier”. It will require “identifier rotation” per the systems because they only see the temporary identifiers, but it would be a good design to do so in any case to improve the robustness of the system, just like we MUST take care of the key rotation in the systems.

One Reply to “Identifier and Privacy”

  1. Good post. Anyone thing about using persistent broadly used visible identifiers is trading ease of implementation today, for long term security/privacy issues later. It would be short sighted and, in the long run, more costly as they will have to fix it once the security problem become widely known. The technology has advanced significantly in providing identity protection with both security and privacy.

    Terrance Boult. El Pomar Prof of Innovatoin and Security
    VP for Education, IEEE Biometrics Council

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.