Principal, Xamax Consultancy Pty Ltd, Canberra
Visiting Fellow, Department of Computer Science, Australian National University
Version of 13 July 2001
© Xamax Consultancy Pty Ltd, 2001
This document was prepared in support of a presentation to a seminar on eSecurity and eCrime, run by the UNSW Continuing Legal Education Programme, Sydney, 19-20 July 2001
Republished in Privacy Law & Policy Reporter 8, 3 (September 2001) 63-65, 68
This document is at http://www.anu.edu.au/people/Roger.Clarke/DV/IdCertainty.html
Human identification is the lynchpin of the burgeoning technologies that enable data surveillance. Ignorance is rife, about the nature of identification and identity authentication, and about anonymity and pseudonymity. Yet more disturbing is the ignorance within the national security and law enforcement communities of the dramatic impact of these technologies on civil freedoms and democracy. The notion of 'certainty of identity' is a highly dangerous nonsense.
The title of this session, 'Certainty of Identity', was presumably intended to be provocative. But unfortunately it reflects very nicely the simplistic perceptions that are evident within the agencies of social control and among the technology providers that sell to them. This brief paper argues that certainty of identity is an extraordinarily dangerous notion, which represents a far greater threat to society than the evils that security technologies are supposed to combat.
The paper surveys the technologies of surveillance, and shows how identity is central to them. It presents key concepts relating to identity and identification, and juxtaposes the alternatives of anonymity and pseudonymity. It identifies inappropriate presumptions that are commonly made by staff in national security and law enforcement agencies. It concludes that these agencies, and the attitudes rife in them, are among the most serious threats to society.
The paper is brief, but provides access to a substantial literature.
Visual and electronic surveillance have been complemented, and are increasingly being supplanted, by surveillance of individuals and populations through the copious data trails that are generated about their activities.
Mass dataveillance provides an efficient means of monitoring large numbers of people in order to generate suspicion about specific individuals and select them for closer attention. Larger numbers than ever before can be subjected to more intensive personal dataveillance, because the techniques are largely automated.
Key technologies of surveillance include the following:
Surveillance technologies depend upon mechanisms for the identification of human beings. This is a remarkably poorly understood topic. One frequently overlooked facet is that individual entities of all kinds, including people, have multiple identities, rather than just one.
Conventional identifiers such as names and codes are associated with identities rather than with entities. Law and practice in civilised countries recognises this, and permits the use of multiple identities. Sanctions are applied where individuals perform significantly anti-social actions, including those that depend upon multiple identities; but the use of multiple identities per se is in few cases itself an offence. Naturally, criminals use the scope provided by this freedom to adopt multiple identities as a means of avoiding retribution. This is just another of the many tensions that exist between the needs for freedom and for control over criminal behaviour.
Some identifiers are capable of reaching behind the identity and recognising the entity itself. These are termed biometrics, because they measure some feature of the individual, or of the individual's behaviour.
Identification is the process whereby an identifier is acquired, and an association achieved between an identity and information stored in a database. Identity authentication is the further process whereby a sufficient degree of confidence is established that the identification process has delivered a correct result. Identity authentication can be performed by collecting multiple identifiers, acquiring knowledge that only the right individual is expected to have, or inspecting tokens that only the individual is expected to possess.
The concept of 'certainty of identity' is a forlorn hope. All identification and authentication techniques are subject to error. In addition to accidental errors, all are capable of being circumvented with varying degrees of ease. False inclusions arise, including successful masquerades; and the tighter that the tolerances are set, the greater is the frequency of false exclusions. The disbenefits of false exclusion fall on the affected individuals; and the less easily compromised techniques impose mightily on the people who are subjected to them.
Rather than the naive concept of 'proof of identity' (POI), the focus needs to be on 'evidence of identity'; and rather than the self-serving military concepts of 'absolute security' and 'absolute trust', the real world is about the management of risk and the balancing of competing interests.
A lot of discussion about security makes the blithe presumption that it is normal for transactions to be identified. The presumption is false. A great deal of human activity has always been conducted anonymously. Common examples include:
The contemporary trend towards authoritarianism, aided by technological developments, has been rapidly undermining anonymity, through demands for identification in all manner of circumstances, and the creation of new data trails that can be mined.
Many kinds of people resent demands for identification, and seek ways of obscuring their identities and selves. Of course, some of these people have criminal intent. Others are intent on undermining the current political system, or are 'scurrilous rumour-mongers'. But there are many other motivations, including:
The kleptomania of government agencies and marketing organisations for identified personal data has stimulated a great deal of constructive behaviour by software developers. Tools to deny information, deny identity, and assure anonymity are readily available, especially in the electronic context, and increasingly popular.
Anonymity compromises accountability, in that it undermines society's ability to impose sanctions on miscreants, and therefore reduces the extent to which fear of retribution curbs disapproved behaviour.
A further form of nymity exists, which has the scope to achieve a balance between personal freedoms and social accountability. Instead of an identifier, what is associated with data is a pseudo-identifier or pseudonym.
In principle, the relationship between the pseudonym and a person is able to be discovered (otherwise it would be anonymous). In practice, however, it may or may not be able to be discovered, because the link is protected by technical, legal and organisational arrangements. For those protections to be circumvented, particular conditions need to be fulfilled, such as the issuing of a search warrant or other form of court order.
There are several mechanisms that can be used to give effect to pseudonymity, including 'identity escrow', escrow of partial identifiers, and 'secret-sharing'. This is not a mere theory, nor a new idea. Longstanding examples exist in such contexts as auctions and financial exchanges, epidemiological research, and the arts.
If the discussion can be moved beyond the trivial level of assuming that 'certainty of identity' is a meaningful concept, then a fuller model of identity, identification and nymity could be used as a basis for designing schemes that achieve suitable balances betweem security and freedoms.
Against this background, it might be hoped that some serious-minded discussions are in train between the law enforcement community and representatives of the broader community. Tensions exist between law enforcement and other social objectives and values, and enormous care is needed in implementing invasive technologies such as Caller-ID, reverse telephone directories, MOLI, payment mechanisms, road-tolling schemes, ATM and railway-station surveillance, road-traffic surveillance, biometrics and DNA databases.
Regrettably, however, the law enforcement community appears to see no need to compromise its use of such technologies, no need to consult with the community about them, and no risk to their waning public credibility if they proceed in accordance with the technological imperative, and the blandishments of their favoured technology providers.
A serious rift is developing between the hard-headed law-and-order devotees, and the lovers of freedoms and democracy. Here are some presumptions that are conventional among some kinds of people:
Contrast those with the following perceptions that are shared by many people around the world:
We can feel comfortable about statements like those when they are used in relation to, say, Sierra Leone, Indonesia or Russia. What is disturbing is that all are capable of being used in relation to Australia, with degrees of credibility ranging from dubious (5) through highly feasible (2, 3 and 6), to clearly true (1 and 4).
Given the explosion in privacy-invasive technologies, and their blind application, it is difficult not to feel deeply pessimistic about the directions our society is taking. The world is recognising the threats that technologies pose for the survival of the species; but, in the meantime, the survival of society as we know it is under dire threat in a much shorter time-scale.
Dataveillance technologies threaten to dramatically increase the power of the organisations that control their deployment. Power corrupts, and the scale of power that can be delivered by dataveillance technologies will increase the degree of corruption of the organisations that control them. When lists of 'public enemies' are drawn up, national security, law enforcement and social control agencies will need to be not just included, but placed high up on the scale.
Meanwhile, the balance of power in an increasingly globalised world is changing. Transnational and even large national corporations are increasingly above the law, and will impose and enforce law as they wish it to be, and co-opt law enforcement agencies to their own needs. Alliances between government agencies and private sector corporations are still in their infancy. As they become more common and more pervasive, personal data will leak across organisational boundaries, and organisations will cross-leverage their power over individuals.
Pitifully weak data protection laws will not even be able to retard the bushfire of the surveillance society, let alone quench it. Individuals who stand out against the use of power will be increasingly subjected to dataveillance, psychological pressure, and countermeasures.
The technologies of surveillance need to be resisted, not just by criminals but also by people who actually like the ideas of freedom and democracy. Whilever people are capable of contemplating a concept as vacuous as 'certainty of identity', law and order devotees will pursue simple-minded objectives of subjugating society. Nymity services are going be very big business.
The following are the source materials, researched over the last quarter-century, that underlie the arguments in this paper.
Introductory Papers on Dataveillance and Privacy, at http://www.anu.edu.au/people/Roger.Clarke/DV/Popular.html
Definitions (1997-). at http://www.anu.edu.au/people/Roger.Clarke/DV/Intro.html
The Underlying Theory (1988), at http://www.anu.edu.au/people/Roger.Clarke/DV/CACM88.html
Technologies of Mass Observation (2000), at http://www.anu.edu.au/people/Roger.Clarke/DV/MassObsT.html
While You Were Sleeping ... Surveillance Technologies Arrived (2001), at http://www.anu.edu.au/people/Roger.Clarke/DV/AQ2001.html
IT as a Weapon of Authoritarianism or a Tool of Democracy (1994), at http://www.anu.edu.au/people/Roger.Clarke/DV/PaperAuthism.html
Review (1993), at http://www.anu.edu.au/people/Roger.Clarke/DV/NotesAntiUtopia.html
Human Identification (1994), at http://www.anu.edu.au/people/Roger.Clarke/DV/HumanID.html
Anonymity and Pseudonymity (1999), at http://www.anu.edu.au/people/Roger.Clarke/DV/UIPP99.html
Introducing PITs and PETs: Technologies Affecting Privacy (2000), at http://www.anu.edu.au/people/Roger.Clarke/DV/PITsPETs.html
The Technologies (1999), at http://www.anu.edu.au/people/Roger.Clarke/DV/Florham.html#Techno
Resources (1999), at http://www.anu.edu.au/people/Roger.Clarke/DV/PEPST.html
The Technology (1994), at http://www.anu.edu.au/people/Roger.Clarke/DV/MatchIntro.html
The Failure of Cost/Benefit Analysis to Control It (1994), at http://www.anu.edu.au/people/Roger.Clarke/DV/MatchCBA.html
The Technology (1993), at http://www.anu.edu.au/people/Roger.Clarke/DV/PaperProfiling.html
Direct Marketing (1998), at http://www.anu.edu.au/people/Roger.Clarke/DV/DirectMkting.html
The PBL/Acxiom Conspiracy (1999), at http://www.anu.edu.au/people/Roger.Clarke/DV/InfoBase99.html
The Australia Card Proposal (1987), at http://www.anu.edu.au/people/Roger.Clarke/DV/OzCard.html
The Tax File Number Conspiracy (1991), at http://www.anu.edu.au/people/Roger.Clarke/DV/PaperTFN.html
The Resistible Rise of the National Personal Data System (1992), at http://www.anu.edu.au/people/Roger.Clarke/DV/SLJ.html
The Parallel Data Matching Scheme Manoeuvre (1994), at http://www.anu.edu.au/people/Roger.Clarke/DV/PaperMatchPDMP.html
Smart Card Technical Issues Starter Kit (1998), at http://www.anu.edu.au/people/Roger.Clarke/DV/SCTISK.html
Application of the Technology (1997), at http://www.anu.edu.au/people/Roger.Clarke/DV/IDCards97.html
Design Requirements (1997), at http://www.anu.edu.au/people/Roger.Clarke/DV/IDCards97.html#DesOpt
The Technologies (1999), at http://www.anu.edu.au/people/Roger.Clarke/DV/PLT.html
Safe-T-Cam, at http://www.rta.nsw.gov.au/frames/safety/c_f.htm?/frames/safety/c1a&/safety/ca_c.htm&Safe-T-Cam&0
Melbourne CityLink's e-Tag, at http://www.transurban.com.au/
MOLI (Your Mobile Phone as the Spy in Your Own Pocket), at http://www.acif.org.au/MOLI/
The Impacts (2000), at http://www.anu.edu.au/people/Roger.Clarke/EC/eTP.html
The Digital Persona (1994), at http://www.anu.edu.au/people/Roger.Clarke/DV/DigPersona.html
The Information Infrastructure is a Super Eye-Way (1988), at http://www.anu.edu.au/people/Roger.Clarke/DV/Monitor.html
Basics of Internet Privacy (1996), at http://www.anu.edu.au/people/Roger.Clarke/DV/IPrivacy.html
Developments in Internet Privacy (1998), at http://www.anu.edu.au/people/Roger.Clarke/DV/ICurr9908.html
Privacy Risks in Digital Signature Technology (1997, with G.W. Greenleaf), at http://www.anu.edu.au/people/Roger.Clarke/DV/DigSig.html
Public Key Infrastructure Position Statement (1998), at http://www.anu.edu.au/people/Roger.Clarke/DV/PKIPosn.html
Current Status (2000), at http://www.anu.edu.au/people/Roger.Clarke/DV/PKI2000.html
The Fundamental Inadequacies of Conventional Public Key Infrastructure (2001), at http://www.anu.edu.au/people/Roger.Clarke/II/ECIS2001.html
The Technologies (1994), at http://www.anu.edu.au/people/Roger.Clarke/DV/HumanID.html#Bio
Biometrics and Privacy (2001), at http://www.anu.edu.au/people/Roger.Clarke/DV/Biometrics.html
The OECD Data Protection Guidelines (1989), at http://www.anu.edu.au/people/Roger.Clarke/DV/PaperOECD.html
Beyond the OECD Guidelines: Privacy Protection for the 21st Century (2000), at http://www.anu.edu.au/people/Roger.Clarke/DV/PP21C.html
Dataveillance and Information Privacy Resource Pages, at http://www.anu.edu.au/people/Roger.Clarke/DV/
Major Electronic Resources on Dataveillance and Privacy, at http://www.anu.edu.au/people/Roger.Clarke/DV/index.html#ERes
Annotated Bibliography of the author's Papers on Dataveillance and Privacy, at http://www.anu.edu.au/people/Roger.Clarke/DV/AnnBibl.html
Go to Roger's Home Page.
Go to the contents-page for this segment.
Send an email to Roger
Created: 13 July 2001
Last Amended: 13 July 2001
|These community service pages are a joint offering of the Australian National University (which provides the infrastructure), and Roger Clarke (who provides the content).|
| The Australian National University|
Visiting Fellow, Faculty of
Engineering and Information Technology,
Information Sciences Building Room 211
Pty Ltd, ACN: 002 360 456|
78 Sidaway St
Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 1472, 6288 6916