|
Authentication Technologies and Their Privacy Implications
March 16, 2006: Committee Chair Stephen Kent testified at a hearing of the Subcommittee on Social Security of the House Committee on Ways and Means. The hearing addressed expanding the use of the SSN card and measures to prevent SSN card fraud. Dr. Kent presented analysis from IDs--Not That Easy (2002) and Who Goes There? (2003). The written testimony is available here and here. Publications
 |
IDs -- Not That Easy: Questions About Nationwide Identity Systems aims to highlight some of the challenging policy, procedural, and technological issues presented by nationwide identity systems. Its goal is to raise the level of discussion among policymakers and stakeholders about whether such systems are desirable or feasible. (2002)
|
 |
Who Goes There? Authentication Through the Lens of Privacy explores authentication technologies (including passwords, PKI, biometrics, etc.) and their implications for the privacy of the individuals being authenticated. As authentication becomes ever more ubiquitous, understanding its interplay with privacy is vital. The report examines numerous concepts, including authentication, authorization, identification, privacy, and security. It provides a framework to guide thinking about these issues when deciding whether and how to use authentication in a particular context. The report explains how privacy is affected by system design decisions. It presents steps one can take to mitigate adverse privacy effects of authentication systems. The report also describes government's unique role in authentication and what this means for how government can use authentication with minimal invasions of privacy. In addition, the report outlines usability and security considerations, and it provides a primer on privacy law and policy. (2003) |
Project Scope
In response to a request to CSTB from the United States Government's Chief Counselor for Privacy, CSTB has framed an assessment of emerging approaches to authentication in computing and communications systems that focuses on the implications of authentication technologies for privacy. The project will engage a committee of diverse experts working under National Research Council processes, and the committee's work will be presented in a consensus report with recommendations, which will be briefed and disseminated widely.Committee Members
Stephen T. Kent, Chair
Chief Scientist-Information Security
BBN Technologies; Verizon Communications
Michael Angelo
Staff Fellow
Compaq Computer Corporation
Steven Bellovin
Fellow
AT&T Labs Research
Robert Blakley
Chief Scientist for Security
Tivoli Systems, Inc./IBM
Drew Dean
Computer Scientist
SRI International
Barb Fox
Senior Architect, Cryptography and Digital Rights Management
Microsoft WebTV
Stephen H. Holden
Assistant Professor, Dept. of Info. Systems
University of Maryland, Baltimore County
Deirdre Mulligan
Director, Samuelson Law Technology Public Policy Clinic
University of California, Berkeley
Judy S. Olson
Professor, School of Information
University of Michigan
|
Joe Pato
Principal Scientist & Chief Technology Officer
Internet Security Division
HP Labs Cambridge
Radia Perlman
Distinguished Engineer
Sun Microsystems
Priscilla M. Regan
Associate Professor of Government and Politics
Department of Public and International Affairs
George Mason University
Jeffrey Schiller
Network Manager, Information Systems
Massachusetts Institute of Technology
Soumitra Sengupta
Assistant Professor
The Department of Medical Informatics
Colombia University
James Wayman
Biometrics ID Research Director
College of Engineering
San Jose State University
Daniel J. Weitzner
Technology and Security Domain Leader
World Wide Web Consortium/ MIT
|
Staff Lynette I. Millett, Program Officer (Study Director)
Jennifer Bishop, Program Associate
Suzanne Ossa, Senior Project Assistant (through September 2001) Related Publications from Other CSTB Projects Trust in Cyberspace (1999)
Fostering Research on the Economic and Social Impacts of Information Technology (1998)
For the Record: Protecting Electronic Health Information (1997)
Cryptography's Role in Securing the Information Society (1996)
Continued Review of Tax Systems Modernization for the Internal Revenue Service (1995)
Rights and Responsibilities of Participants in Networked Communities (1994)
Computers at Risk (1991)
Sponsors National Science Foundation
Office of Naval Research
General Services Administration
Chief Information Officers' Council
Social Security Administration
Additional resources from the Vadasz Family Foundation enabled development of the report on nationwide identity systems.
|
