June 10, 2008
President Clinton famously disputed the meaning of the word "is". The world may see this as too clever by half. What if he were proven prescient?
Peter P. Swire and Cassandra Q. Butts have just released a white paper on "the ID divide" (*), providing a much needed analysis of what an ID should be. Its major point is that governments should not rush in designing systems to enable one to prove who one "is". The reader is encouraged to download the report. It is concise and speaks for itself. More relevant to these fillips, which have shown Identity necessary to Privacy, is its explicit mention of several concepts that, though fundamental, have failed so far to reach a broader audience.
Take my earlier call to differentiate my individual ID, which establishes my identity, from my ids, which enable my many socio-economic relationships. If a word can have many meanings, many words can mean the same. To Peter Swire and Cassandra Butts, my ID carries identification, my ids authentication. Keeping this translation in mind, the reader will find my position vindicated as the authors suggest a shift from insisting on identification to acting on authentication. We both deplore the underlying addiction to centralizing information in ever growing databases.
Take my recurring statement (1) that many topics related to identification fall under pattern recognition, an engineering science which teaches errors of two kinds, so called false positive and false negative, are inevitable and that attempts to decrease the former quickly leads to increasing the latter. In the ID Divide authors' own words, this is the issue of "accuracy" and they do not fail to recognize the inherent trade-off between catching more cheaters and wrongfully ensnaring more people. They even give a quantitative example (2).
Take another of my favorites, recommendation mechanisms (3). In order to pass muster, all such mechanisms, id verification in the instance, must include a clear protest process. The authors likewise requires an "effective redress process" as a matter of principle.
If I find fault with the report it is that it is falls frustratingly short of an opportunity. Mark its astute observation that "the holder of the information only guards the information at the level of risk to that organization". This is exactly why I have been and remain so vehemently opposed to personal data aggregation by advertising networks. Because the risk to the database owner is small compared to the cumulative risk of the individuals profiled, a conflict of interest arises between maximizing corporate profits and ensuring user confidentiality. But risk imbalance goes beyond privacy breaches.
Why not mandate each "effective redress process" to define an appropriate compensation, to be paid by the organization to each individual its verification process wrongs as a "false negative", a position similar to the one endorsed by the national taxpayer advocate, Nina E. Olson? If governments become liable for matching mistakes, they will be the first to do detailed due diligence on such methods. Individual information abuse is akin to environmental pollution. To fight it, money-based mechanisms are increasingly viewed as an efficient way to decentralize principled global decisions into practical local implementations. Victim compensation would reveal the true social cost of each identity verification scheme.
Critics may reply, citizens ought to bear burdens incurred in the promotion of their own safety and forgo compensation as a matter of principle. But Peter Swire and Cassandra Butts' very report preempts this argument. Far from being randomly distributed among all citizens, false positives fall disproportionately on specific segments of the population, the ones of the wrong side of the ID Divide. National security is not sustainable if unfair.
The marriage of Fairness and Sound Economics may seem to bring the romantic closure expected by movie goers. It would be a mistake.
The Associated Press reports how checkpoints will be set by the Washington police around a "crime-ridden neighborhood" (**). Lynnley Browning initiates us to the "rarefied world" of "high net worth individuals", some of which may have been tempted by UBS into evading taxes (***). Another example of the ID Divide? Not if UBS upholds the Swiss bankers' reputation for password-based, self authentication with little regard to name accuracy, while the Washington police content themselves to check motorists, who ought to carry a driver license.
At issue here is that defining Identity as "who the individual is" is not operative until one defines what the meaning of the word "is" is. What IRS inspectors and policemen are after is not indeed who one "is", but whether one "is identical to someone already known". A topic fit for a future fillip.
- (*) ....... The ID divide, by Peter P. Swire and Cassandra Q. Butts (Center for American Progress) - June 2008
- (**) .... Killings Lead To Checkpoints For All Drivers, Associated Press report (New-York Times) - June 6, 2008
- (***) .. Inquiry Into a Guarded World, by Lynnley Browning (New-York Times) - June 5, 2008
- (1) to read more about it, type pattern recognition in the search box on the index page of these fillips
- (2) In a quote from Professor Overton, "photo-identification requirements would deter over 6,700 legitimate votes for every single fraudulent vote prevented".
- (3) to read more about it, check recommendation mechanisms in the major theme list for these fillips