My photo

Bill St. Arnaud is a consultant and research engineer who works with clients around the world on a variety of subjects such as next generation Internet networks and developing practical solutions to reduce CO2 emissions such as free broadband and dynamic charging of eVehicles. He is an author of many papers and articles on these topics and is a frequent guest speaker. For more details on my research interests see

Wednesday, April 4, 2007

Dilemmas of Privacy and Surveillance

[Identity Management (IdM) systems are at the heart of most modern security, privacy and digital rights management systems. Many IT organizations are keen to deploy such systems to authenticate and authorize users access to various digital right services such as on-line music, eduroam services, databases etc. However, sometimes anonymity can be a good thing - and often a better business model both for the IT provider and consumer. We are starting to see this with on line music sales where some record companies are recognizing that DRM is hurting sales, and with Eduroam where some universities are recognizing there is much better value in providing to the community open access Wifi as opposed to a complex technology of federated identity systems. Thanks to Johannes Ernst for his comments and pointer to the Berkman site -- BSA]

[Johannes Ernst reports:]

My own wake-up call came in a small workshop put on by the Berkman Center at Harvard about a year ago on Digital Identity, in which people such as Rebecca McKinnon (ex-CNN chief in China, then fellow at Berkman) and Marc Rotenberg (ED of the Electronic Privacy Information Center) gave some rather striking examples how that abuse might occur, and in some cases, has occurred already. And we haven't seen no nothing yet ... think of somebody compromising a regional health information organization (now so much in vogue), which requires identity technology to be able to function, in a place such as Washington, DC. Tom Clancy anybody?

The important thing to remember here is that identity deployments come in two flavors: centrally controlled and user-controlled. This difference is not so much even a matter of technology (although some technologies do not lend themselves to decentralized, user-controlled deployment) than it is a matter of fundamental architecture of the deployment. The more centrally controlled, the more easy to abuse ("single point of control/failure" at the center). The more decentralized and user-controlled, the less easy to abuse for a variety of reasons.

Most identity technologies that people are familiar with are centrally controlled, including, say, passports, driver's licenses, social security numbers, health smart cards in some countries, frequent flier membership cards etc. It is exactly with that background that now newer, user-centric identity technologies are popping up all over the place....

From: Brian Randell [From Dave Farber's IPer list]

The (UK) Royal Academy of Engineering has just issued a report on
"Dilemmas of Privacy and Surveillance" that will I trust be of
considerable interest to IP.

From their press release at:

> People think there has to be a choice between privacy and security;
> that increased security means more collection and processing of
> personal private information. However, in a challenging report to
> be published on Monday 26 March 2007, The Royal Academy of
> Engineering says that, with the right engineering solutions, we can
> have both increased privacy and more security. Engineers have a key
> role in achieving the right balance.
> One of the issues that Dilemmas of Privacy and Surveillance -
> challenges of technological change looks at is how we can buy
> ordinary goods and services without having to prove who we are. For
> many electronic transactions, a name or identity is not needed;
> just assurance that we are old enough or that we have the money to
> pay. In short, authorisation, not identification should be all that
> is required. Services for travel and shopping can be designed to
> maintain privacy by allowing people to buy goods and use public
> transport anonymously. "It should be possible to sign up for a
> loyalty card without having to register it to a particular
> individual - consumers should be able to decide what information is
> collected about them," says Professor Nigel Gilbert, Chairman of
> the Academy working group that produced the report. "We have
> supermarkets collecting data on our shopping habits and also
> offering life insurance services. What will they be able to do in
> 20 years' time, knowing how many donuts we have bought?"
> Another issue is that, in the future, there will be more databases
> holding sensitive personal information. As government moves to
> providing more electronic services and constructs the National
> Identity Register, databases will be created that hold information
> crucial for accessing essential services such as health care and
> social security. But complex databases and IT networks can suffer
> from mechanical failure or software bugs. Human error can lead to
> personal data being lost or stolen. If the system breaks down, as a
> result of accident or sabotage, millions could be inconvenienced or
> even have their lives put in danger.

The full report is at: