Past Releases and Reports
About Privacilla
Privacy Fundamentals
Privacy and Government
Privacy and Business
Online Privacy
Financial Privacy
Medical Privacy
Something else you can do is e-mail Privacilla!
Your Source for Privacy Policy from a Free-market, Pro-technology Perspective

Click to return to the Privacy Fundamentals outline

Home > Privacy Fundamentals > Book Reviews > Who Goes There?: Authentication Through the Lens of Privacy

Book Review: Who Goes There?: Authentication Through the Lens of Privacy, by the Committee on Authentication Technologies and Their Privacy Implications, Computer Science and Telecommunications Board, Division on Engineering and Physical Sciences, National Research Council, Washington, D.C.: The National Academies Press, 214 pages

Read this book if you are interested in authentication. It is a good survey of this complicated concept. It breaks no significant ground on privacy, however, or the interplay between privacy and authentication.

"Authentication" is the process of checking the credentials put forth by a person or entity in a transaction. Though authentication has been a part of financial and personal interactions forever, the new online environment requires new authentication processes - and a formalization of these processes in literature like this.

This good study goes through many of the concepts in authentication, helping to demystify the topic. For example, the paper discusses in a common sense way the three major approaches to authentication: based on something you know (a password), something you have (a card), and something you are (a biometric). Just reviewing these processes helps to rationalize and elucidate authentication.

Would that the portions dealing with privacy were as good. The study tries to deal with the topic consistently, but breaks privacy into four groupings: informational privacy, decisional privacy, bodily integrity privacy, and communications privacy. Bodily integrity privacy? Um, OK.

The book also parrots standard privacy catechisms like the unquestioned merits of "Fair Information Practices" and the assumed failure or impossibility of markets to meet consumers' privacy interests. The most laughable ideological moment is in a definitional section where examples of the defined term "adversary" includes "Hackers, criminals, terrorists, and overly aggressive marketers." Move over Osama - someone's out there trying to sell time-shares in Colonial Williamsburg.

It's fun to make fun, but there are very good sections in Who Goes There. The discussion of the driver's license in a section called "Government as Issuer of Identity Documents" is worth a careful read. And the report comes to the right conclusion, citing to an earlier study on national ID programs: they are a bad idea.

This is an important work on authentication, though the field has a great deal more maturing to do before the concepts are fully formed and a natural language of authentication replaces all the jargon. Happily, the jargon that is used today comes fairly cheap: the entire book is downloadable online.


Comments? (Subject: Privacy and Freedom)

[updated 12/15/04]

©2000-2004 All content subject to the Privacilla Public License.