========================================================================
[3] EPIC Recommends Against Use of Universal Identifiers
========================================================================
In comments to the Federal Trade Commission, EPIC warned against using
universal identifiers in authentication systems. “Any move toward
universal identifiers, while potentially deterring amateur thieves,
increases the potential for misuse once determined criminals steal that
data,” EPIC said.
EPIC also urged the restriction, rather than expansion, of the use of
Social Security numbers as identifiers. “Social Security numbers have
become a classic example of ‘mission creep,’ where a program designed
for a specific, limited purpose has been transformed for additional,
unintended purposes, sometimes with disastrous results,” EPIC said. The
pervasiveness of the SSN and its use to both identify and authenticate
individuals threatens privacy and financial security; expanding use of
the SSN, making it a universal identifier, would harm, rather than help,
security efforts, EPIC said.
EPIC recommended against the creation of a centralized identification
system and advocated an identity metasystem in which authentication is
confined to specific contexts in order to limit the scope for potential
misuse. EPIC and others have explained that it decreases security to
have a centralized system of identification with one ID card for many
purposes, as there will be a substantial amount of harm when the card is
compromised. “Using a national ID card would be as if you used one key
to open your house, your car, your safe deposit box, your office, and
more,” EPIC said. A centralized system of identification creates a
“one-stop shop” for identity thieves. “The confidence and trust of
consumers will fall when such a breach occurs; people will withdraw
because of privacy and security questions,” EPIC said.
EPIC explained that “a system of distributed identification reduces the
risks associated with security breaches and the misuse of personal
information.” For example, a banking PIN number, in conjunction with a
bank card, provides a better authentication system because it is not
coupled with a single, immutable consumer identity. If the combination
is compromised, a new bank card and PIN number can be issued and the old
combination cancelled, limiting the damage done by the compromised data.
“Distributing identity in this way allows for different profiles to be
used in different authenticating contexts. New profiles can be created
as required within a single identity metasystem,” EPIC said. Misuse is
therefore limited to the context of the information breached, whether it
is a single bank account, online merchant, or medical records.
Possibilities for data misuse can also be limited at the data collection
stage, EPIC explained. Amassing large databases of credit card numbers
creates an attractive target for potential identity thieves. “One simple
response to identity theft is to require a PIN to be used in conjunction
with all credit cards. An identity metasystem would further reduce the
value of such aggregated database targets, because authenticators would
be separate and distinct from all personally identifiable information,”
EPIC said.
The FTC will hold a workshop, “Proof Positive: New Directions for ID
Authentication,” on April 23 at the Commission’s Satellite Building
Conference Center located at 601 New Jersey Avenue, NW, Washington, D.C.
The event is open to the public and attendance is free. There will not
be pre-registration.
EPIC Comments to the FTC (March 23, 2007) (pdf):
http://www.epic.org/privacy/id_cards/epic_ftc_032307.pdf
Federal Trade Commission Notice Announcing Workshop and Requesting
Comments:
http://www.epic.org/redirect/ftc0407.html
EPIC page on Identity Theft: Causes and Solutions:
http://www.epic.org/privacy/idtheft/
EPIC page on National ID Cards and the REAL ID Act:
Reinke Faces Life 