Tuesday, August 09, 2005, 8:37 PM

Identity and Privacy in Security

As I reread my post on the problems with RFID passports (http://blog.onghome.com/2005/04/sanity-around-rfid-passports.htm), it occurred to me that there is a more fundamental observation that needs to be made here...

When designing security systems based on strong authentication and identities, privacy is an important dimension to consider. The US State Department thought we could have better security by introducing strong(er) digital identities in passport via RFID tags. They forgot (or didn't realize) that without privacy considerations, the strong identity could be used, perhaps lethally, against the identity owner.

This reinforces my belief in the importance of privacy (and the works of individuals like Stefan Brands) to ensure the digital identity systems we build are actually usable.

0 Comment(s):

Post a Comment

<< Home