Biometric Musings - Tom Woodhead
On Identity, Privacy, Anonymity, and Security.
Identity and Privacy
In the information-intensive world of the 21st Century, identity is the key to privacy. The better established and more secure your identity is, the less the world knows, or needs to know, about your private matters. A well established identity reveals only as much information about you as is necessary for you to conduct your affairs outside your circle of family and friends.
Appended to your identity, in the form of credit, criminal, and other public and semi-public records, is your reputation. Your reputation - your perceived personal integrity - is what allows other people to trust your identity. Identity and reputation work together to enable you to interact with, and transact business with, people outside your inner circle.
That your identity is secure is extremely important. A secure identity is one which cannot be invoked without your knowledge and consent. If your identity is secure, nobody but you can assert it. If someone else can use your identity, your reputation is at their mercy.
Identity theft is the fastest-growing crime in North America. Unscrupulous people may use your identity to obtain credit cards, cell phone accounts, and other financial services, and then run up sizable debts in your name. If your identity is stolen, you will not likely be responsible for the debt incurred, but neither will you be compensated for expenses and inconvenience associated with your loss of time and the potentially irreparable damage to your reputation.
Securing identity through biometric authentication is the new trend in security solution engineering. It replaces the use of passwords and PINs, which are inherently insecure. Biometric authentication provides the ultimate in accountability and privacy protection. It ensures that you, and only you, can use your identity.
Privacy vs. anonymity
In the military, a private actually has the least privacy and the most anonymity. A private's identity is well established (name, rank, number), and it is secure within the subset of society that is the military. However, within that military community, the private's life is more or less wide open to his or her superiors (subject to "don't ask, don't tell" type policies). If the private conforms, he or she can generally count on the benign neglect of his or her superiors. Such conformity preserves the private's anonymity, but it does not guarantee his or her privacy.
As private citizens, we should not confuse such anonymity with privacy. If our identities are not secure, they are wide open to abuse by others. When others abuse or steal our identities, they invade or abolish our privacy. The first and best defense against those who would invade or abolish our privacy is an iron-clad identity. We cannot count on the benign neglect of others simply because we conform. Neither our anonymity nor our privacy will be preserved, and our reputations will be at grave risk.
Privacy vs. security
In Western communities, privacy is one of our most treasured rights. We reserve the right to choose what to reveal about ourselves, when, and to whom. We believe that privacy is one of the conditions needed by individuals for their well-being and personal fulfillment, and that society should protect the privacy of its citizenry as fiercely as it protects its physical safety. And yet, as a community, we must balance the need of the individual for privacy against the need of the community for physical security, because a civil society ceases to be civil if there is no order. The community must ensure its survival and well-being in order to provide an environment in which individuals can thrive.
Identity is one of the key concepts in the ongoing privacy / security debate. Privacy and security are the opposite ends of a single spectrum. Absolute personal privacy implies a complete lack of security within the community. Absolute security within the community implies a complete lack of personal privacy. The concept of identity allows us to balance the individual's need for privacy with the community's need for security. We need to understand this concept fully in order to make informed decisions with regard to security and privacy policies, and with regard to the technologies implemented to support those policies.
Identity is important to the privacy / security debate, because it represents the minimum quantity of knowledge that can authenticate who you are and thus allow you to function with all the rights and privileges of a citizen of the community. Depending on your privacy comfort level, you may provide additional information about yourself in exchange for additional benefits.
The changing concept of community
I use the word "community" rather than words such as society, state, nation, or country, because the word community denotes any fellowship of interest, whether it is your neighborhood with its Block Parent program, or the worldwide community of scientists studying the effects of global warming. Our ideas of community have changed radically over the past couple of centuries, a period of time during which the Western world has moved from being largely rural, agrarian, and self-sufficient to being largely urban, industrial, and co-dependent. Whereas community was once a completely local notion, it now encompasses both the small and the large - from your local neighborhood to the global community.
For a community to protect you and your interests (including your privacy), it must first recognize you as one of its own. Such recognition was rarely an issue in the community of a century ago, where people traveled in small circles and everyone knew you and your parents and your grandparents, but today's communities are larger, and membership in these communities is more variable because people are so much more mobile. In the average small community of a hundred years ago, transactions between individuals were more personal, because you tended to know the person with whom you were transacting. The terms and conditions of such transactions were protected by the integrity of the people involved in them. Personal integrity was one of the qualities that allowed the community to function, prosper, and survive.
Fast-forward a hundred years to the average community of today. People travel in larger circles physically, and touch the far ends of the earth daily via the Internet. In Future Shock (1970), Alvin Toffler wrote (well before the advent of the personal computer) that modern man had become 'modular' - that the number of our interactions, and the number of people with whom each of us interact, had grown so great that we could only present small portions of ourselves (i.e., modules) in most such interactions. As a result, we know less and less about the people with whom we interact and transact business.
When your parents, grandparents, or great-grandparents bought groceries half a century ago or more, they probably had well developed relationships with their green grocer, baker, and butcher. They knew each other by name, and likely knew much more as well: the names and ages of children, employment circumstances, buying habits - everything, in fact, that it took to make informed decisions about transacting business.
When you buy groceries today, you buy them all from a single vendor, but you may move from vendor to vendor from one week to the next, and the vendors staff may turn over at an astounding rate, so that you may not even recognize the faces of the people serving you, let alone know personal information about them. In other words, personal integrity can no longer be informally established as a guarantee of the validity and worth of interactions and transactions.
Your identity is the key to your privacy
Your identity has become the key to trusted transactions and the guarantor of your personal integrity. It is imperative that your identity be unique so that there is no question of the individual represented by the identity. It is imperative that your identity be secure, because your reputation is inextricably bound to it and dependent on it.
Your privacy is your own, but your identity belongs to the community in which you wish to participate. Your identity protects your privacy. Knowledge of identities protects the communities. Without protection for your identity, there is no protection for your privacy, and ultimately no security for the community.
Biometric authentication stands out as the only currently available means of securing identity reliably. As such, it is the best tool we have to ensure that we protect both the privacy of our citizenry and the community itself.
Privacy and Security
Privacy is one of those words that we use frequently and define seldom. Words such as privacy, freedom, liberty, and democracy are the parameters of our existence and express much of what we value about our society. But the more we use such words without carefully considering their meanings, the less they actually mean; and the more sacred we hold them, the harder it becomes to have a meaningful discussion about them.
Last refuge of scoundrels?
Samuel Johnson, the renowned English lexicographer and critic, once said that patriotism is the last refuge of a scoundrel. Ambrose Bierce, his tongue-in-cheek American successor, only differed in his ranking:
"In Dr. Johnson's famous dictionary, patriotism is defined as the last resort of a scoundrel. With all due respect to an enlightened but inferior lexicographer I beg to submit that it is the first."
It may seem counterproductive to introduce humor into a discussion that we all agree is extremely serious, but the point Johnson and Bierce make is quite relevant. They poke fun at individuals who use a time-honored value such as patriotism in an absolute sense in order to mask an agenda that is less than honorable. This activity is commonly known as "wrapping one's self in the flag," and is precisely the activity in which extremists on both sides of the current privacy debate find themselves engaged.
Absolute values are useful rhetorical tools, but we have to live in the real world where such values are generally relative in practice. We live in a representative democracy, not an absolute democracy. Your freedom to throw your fist ends where my nose begins. I am at liberty to behave as I please only so far as my behavior does not interfere with the rights of others. Absolute privacy is enjoyed only by absolute hermits.
How are privacy and security related?
The opposite of absolute privacy is absolute accountability. If everything was known about everybody, nobody would be able to "get away with" anything. Accountability is an objective of all crime detection, investigation, and prevention. Privacy is an objective of all criminal activities. However, it does not logically follow that all who desire privacy should be suspected of being criminals. Privacy is a human right and a human need -- not a subterfuge.
Privacy is implicit in Maslow's hierarchy of human needs -- right after the physiological need for sustenance. The absence of privacy is the presence of vulnerability, and thus the absence of security. While privacy and security are not synonymous, they are inextricably intertwined within Maslow's second level of human needs, the need for safety.
We cannot fulfill our security requirements without understanding and fulfilling our privacy requirements; we cannot fulfill our privacy requirements without understanding and fulfilling our security requirements.
Can I define my own privacy requirements?
To a degree. The amount of privacy you require affects the amount of interaction you can have within the larger community we call society. "Opting out" is a time-honored tradition of North American democracies. A considerable percentage of the non-native population of North America is descended from European immigrants who came in search of political, religious, and/or economic freedom. Many groups within Western societies choose to remain aloof from the dominant culture. Such groups are generally tolerated, provided they do not actively advocate the overthrow of the dominant culture's political apparatus, as in the case of Timothy McVeigh and associates.
Opting out comes at a price that most people are not prepared to pay. The number of activities in which you cannot participate without a credit card continues to grow. There is a movement afoot to institute a national ID and share data amongst all levels of government. If the driver license doubles as this national ID, individuals who do not wish to leave a paper or electronic trail will no longer be able to drive a car. Of course, many such opt-outs do not drive vehicles other than horse-drawn wagons now.
Toward a working definition of privacy
We need a working definition of privacy so that we can debate security and privacy requirements in a meaningful way. Clinging to either of these values as absolutes only serves to defer the real debate while the pseudo-debate's participants' tempers flare and their voices grow louder, until they remind us of Mark Twain's definition of a patriot as "the person who can holler the loudest without knowing what he is hollering about."
Most dictionaries provide several senses for the word privacy. Depending on the sense, privacy can be a state, a place, or a right. It is in the sense of privacy as a right that we are interested. This right is variously defined as:
- Freedom from intrusion by the public, especially as a right.
- The right to keep one's personal matters and relationships secret
- The state of being free from unsanctioned intrusion: a person's right to privacy.
- The right to be left alone; the right to live life free from unwarranted publicity.
Definitions such as these, of course, always beg further definitions:
- What constitutes "personal matters"?
- What constitutes "unsanctioned intrusion"?
- What constitutes "unwarranted publicity"?
It is questions such as these that necessitate privacy laws. As rights go, privacy is perhaps the most variable, which is why definitions of privacy always contain adjectives such as "unsanctioned" and "unwarranted". The Online Dictionary of Library and Information Science contains one of the more enlightened definitions of the right to privacy:
"The right of an individual to keep information about his (or her) life from the knowledge and attention of others, including government organizations and commercial enterprises, and to remain free from outside intervention except under the provisions of law."
The phrase "except under the provisions of law" is quite telling and clarifies the situation somewhat. Your right to privacy is both guaranteed and restricted by law. In other words you have the right to privacy until there is "probable cause" to suspect you of wrong-doing, in which case "authorities" are sanctioned by law to intrude upon your personal privacy in the greater interest of public security. As law.com's online legal dictionary says of the right to privacy: "once a person is a "public figure" or involved in newsworthy events, the right to privacy may evaporate."
What does privacy law cover?
Robert Graham's Hacking Lexicon lays out the primary concerns of privacy law as follows:
- Collection: What somebody collects about you, namely your name, address, social security number and so forth. One of the biggest concerns in this area is whether a person consents to the collection of this data (and how they consented).
- Use, disclosure: Who will the entity disclose your private information to, under what circumstances, and exactly what parts of the information. A chief concern is whether the organization will sell your information to marketing companies. Note that some disclosures might be involuntary, such as to law enforcement. Another concern is if you will be notified of disclosure.
- Security: How well is the information guarded against involuntary disclosure? This includes both information security as well as physical security.
- Storage: Where is the information kept and how is it disposed of? Is it physical or electronic? When will it be "aged" out?
The horror, the horror...
The legal provisions for the right to privacy seem reasonable in theory, but horror stories abound. Stories about wrongful convictions, corporate and government abuses, and identity theft point to willful contravention of the law, carelessness, and errors of omission. Privacy advocates are right to be wary of abuses by the so-called authorities that are empowered to intrude into our personal lives. They are right to be wary of the corporate marketeers who collect personal information in the name of more efficient marketing. They are right to warn us of the identity thieves who ruin our credit ratings and good names.
The Truth in Justice Web site details literally dozens of modern-day wrongful convictions that have been overturned only after protracted periods of imprisonment. The story is frequently the same: once a party is assumed guilty, all circumstances are twisted (either consciously or unconsciously) to point to that party's guilt. Witnesses are coached or otherwise encouraged to see events in a certain way. Exculpatory evidence is ignored, because the authorities "know" the accused party is guilty. In the their zeal for justice, the authorities trample the civil liberties of the wrongfully accused.
In times of real or perceived threats to national security, the right to privacy is often treated as superfluous. Barry Goldwater's famous utterance, "extremism in the defense of liberty is no vice," is typical of the kind of rhetoric that leverages "absolute" values such as liberty for political gain at the expense of civil liberties.
On the other hand...
We cannot ignore the potential for abuse in any proposal for enhanced security, but neither can we deny that we need to enhance security if we are to avoid repetitions of the horrendous events of 9/11. We must somehow balance the need for privacy with the need for security. We must make informed decisions so that we introduce only solutions that enhance security while preserving privacy. If we are not careful, the opposite may happen. The Electronic Frontier Foundation expressed this fear in a recent Web alert concerning a national ID system using driver licenses:
"EFF fears that we'll end up with the worst of both worlds: a system that isn't good enough to protect against terrorism, but is good enough to create an internal passport system for ordinary, law-abiding Americans."
In other words, we must be vigilant in the creation of new security solutions, lest we accidentally extinguish the values we set out to preserve. Judging by past experience, privacy and security are too important to be left solely to the discretion of politicians, bureaucrats, and corporations. The debate must be public and informed.
How Much Security / Privacy Is Enough?
We cannot discuss the issue of security without also discussing the issue of privacy. Physical security is an absolute requirement: without physical security (along with food and shelter), no aspect of civilized life can survive for long. All other aspects of Western civilization, such as individual rights and privacy, disappear when physical security is lost.
"Grub first, then ethics", said Bertholt Brecht, meaning that we must first have our basic needs fulfilled before we can think about being civilized. Even in the best of times, a society cannot guarantee absolute physical security, but, as horrific as the events of 9/11 were, we must not lose statistical perspective. While such events drive home to us the fact that our physical security is not absolute, we must also realize that we are still by and large, relatively - that is to say, statistically - safe.
Civilized society has always been a balancing act between the rights of the individual and the security of the collective whole. In the wake of the events of 9/11, our collective task is to improve security, so that we can minimize the havoc caused by random acts of terror, while not infringing on the individual's right to privacy. These objectives may seem contradictory, but they can in fact be complementary.
The Place of Biometrics in a Security Framework
One of the keys to effective security is keeping human intelligence in the loop. Ann Cavoukian, author of Who Knows: Safeguarding Your Privacy in a Networked World, and the Ontario Information and Privacy Commissioner, has said that we must "guard against an over-reliance on technology". She goes on to say:
"Internet wiretaps, monitoring systems and the deployment of biometrics may assist law enforcement officials, but they cannot replace the human element that is an essential component of effective intelligence. Indeed, many have argued that our over-reliance on electronic forms of intelligence has actually contributed to the problems we now face, resulting in the under-deployment of other much-needed forms of intelligence such as human intelligence." (CBC, September 21, 2001).
Biometric security should be seen as an extension of human intelligence, and not as a replacement for it, because automated security will only be as good as the human intelligence that backs it up. A person can be who he or she claims to be and still be a suicide terrorist. For any security system to be effective, it must first have the intelligence that identifies the person as a potential threat.
The danger of relying too heavily on technology is nowhere more real than in the area of biometric surveillance. Such surveillance is most effective if the people you are trying to locate are not aware of its use. However, such discreet surveillance runs counter to public sentiment. Even if you post notices to inform the public that they are being scanned, privacy advocates will complain (perhaps with reason) that their privacy is being invaded. What constitutes a reasonable expectation of privacy? It is difficult to formulate an answer to this question that all can upon.
The truth is that biometric surveillance, while creating a major public relations nightmare, provides only a slight enhancement to security. If you are introducing a real or perceived limitation of the public's privacy, you should ensure that the benefits far outweigh the negative press you will receive.
Audit trails left by an individual as he or she uses airports, car rentals, and any other services that require biometric authentication (i.e., possibly any activity that requires the use of a credit card, driver's license, passport, or any other major form of identification) could become a significant contribution to intelligence systems. For example, an intelligent, automated database system could send an alert to appropriate authorities if it detects a number of suspect individuals who show up in the same city at the same time.
Biometrics as an Enabling Technology
The key to this use of biometric authentication lies in the development of comprehensive, shared, intelligent, watch list databases. Such databases would be repositories for both automatically gathered intelligence and human intelligence. While the development of such databases with "data mining" capabilities is outside the immediate scope of biometric authentication, it is clearly key to preventing recurrences of the events of 9/11.
In this scenario, biometrics is an enabling technology. It does not perform data mining. Rather, it verifies that a person is who he or she claims to be in situations in which they are normally asked to provide identification or a credit card. This information is available now, but biometrics will make it far more reliable.
Home | Website Design | SEO | SEO Copywriting | eMail Marketing
White Papers | Case Studies | Customers | Portfolio | Book Reviews