Thursday, July 06, 2006

Identity Crisis: How Identification is Overused and Misunderstood

Time Lee at The Technology Liberation Front writes about a book by Jim Harper that sounds like a must-read:

Harper’s book does three things. In parts 1 and 2 he presents a theory of identification that classifies identification into four categories (something you are, something you are assigned, something you know, and something you have) and then identifies the relationships among identification, risk, and accountability. He particularly makes the point that the need for identification is intimately connected with the type of transaction being considered: the ID you need to check out a library book is much different than the ID you need to get a mortgage or access to a nuclear reactor. He also stresses the diversity of identification: we use many different forms of identification in our daily lives (library cards, credit cards, passwords, drivers licenses) and that’s a feature, not a bug.

In part 3 he digs into the details of identification cards: how they’re created, how they’re used, and how they can be misused. Finally parts 4 and 5 lays out his vision for an enlightened identification policy of the future: one that protects civil liberties by expanding the diversity of identifiers we use in our day-to-day life.

The book had two points that I found particularly insightful. Harper stresses the role incentives play on the security of identification. The likelihood a particular form of ID will be hacked is directly related to the rewards for doing so. That means that the more uses we pile onto a single national ID card (which is what your driver’s license is rapidly becoming) the more resources criminals will spend to corrupt the ID-granting process. In contrast, if we have many different IDs for different purposes, the rewards for corrupting any given card will be much lower.

No comments: