Resources
- Identity Use Cases & Scenarios.
- FIDIS Deliverables.
- Identity of Identity.
- D2.1: Inventory of Topics and Clusters.
- D2.2: Set of use cases and scenarios.
- D2.3: Models.
- D2.6: Identity in a Networked World – Use Cases and Scenarios.
- D2.13: Virtual Persons and Identities.
- Interoperability.
- Profiling.
- Forensic Implications.
- HighTechID.
- Privacy and legal-social content.
- Mobility and Identity.
- Other.
- Identity of Identity.
- IDIS Journal.
- FIDIS Interactive.
- Press & Events.
- In-House Journal.
- Booklets
- Identity in a Networked World.
- Identity R/Evolution.
D2.1: Inventory of Topics and Clusters
Another important reason for identifying a person is to allow access to relevant information that increases the impact of the interaction. The benefit of accessing this information concerns primarily the system accessing this information. It can, however, have some positive implications for the person herself, for instance by allowing a more customised and effective interaction between the system and this person. In other cases, the access to this information is a mandatory condition for the delivery of a particular service (examples include diagnostic services, or recommendation services that directly exploit this information).
Conversely, access to this information can also be harmful to the person. For instance, commercial companies (direct marketing) can exploit this information in order to better manipulate the target person. In other cases, this information provides the beneficiary of this information an unfair advantage over the person (advantage that can be exploited in a negotiation or in a job interview, for instance).
Monitoring and accountability
Monitoring and accountability relates to the ability to record and audit the actions of a person (and connect it to a partial identity).
This accountability can be used in a variety of contexts. In commerce, it can be used to help support different aspects of a transaction (payment, consumption, etc.). It can also help support some of the social aspects of electronic marketplaces, contributing, for instance, to the formation of the vendors or the customers reputation (for example, eBay utilises such mechanisms). Additionally, it can help monitor the general profile of the customer visiting a particular (web) site. In the domain of entertainment, monitoring may be used to record the downloading activities occurring in a peer-to-peer network (via the IP number of the computers involved in the exchange). In communication activity, this monitoring may consist of providing information (for instance login name, IP number …) that can be used to identify the author (or its virtual identity). In a security perspective, information may be logged in order to be used to identify suspect activities.
The risks associated to (incorrect or undesired) identification
It is important to mention that Identification (authenticating, knowing, monitoring) brings about a series of issues that can have some negative consequences for the person.
The problems can arise because of:
incorrect identification
undesired identification
Incorrect identification often relates to identity theft or identity fraud
Indeed one should be aware of the fact that the level of reliability of an identification is rarely absolute: for instance, login / password can be stolen, sender email address can be very easily forged (a practice often adopted by spammers), the visual identity of a web site can easily be imitated (for instance, phishing fraud consists of fooling the user by creating a copy of an official site), identity information spontaneously provided can be biased or obsolete. The consequences of incorrect identification can be serious, such as the disclosing of confidential information (for instance in the case of a break-in in a company information system), or the loss of important sums of money (e.g., if a phishing operation manages to convince a person to disclose her credit card information).
Note: The FIDIS workpackage “WP5 ID-Theft, privacy and security” specifically addresses the criminal aspects of Identity. Of particular interest for our concern is a task on ID fraud that is conducted in this workpackage which will comprise an ID fraud inventory.
The undesired identification directly relates to privacy issues
E-commerce, spyware and other similar mechanisms (such as tracing techniques employed by advertising companies) typically disclose information against the desire of the person and at her expense (this information can be used to manipulate the person and trigger a buying act).
In the workplace, undesired disclosure of information (for instance information about the affiliation to a union, a working practice, business contact, medical information) can severely harm the person and result in negative consequences (organisational pressure, job loss, etc.).
For the citizen, undesired disclosure of information (political opinions, expression of opinion) may have similar negative consequences.
In a later chapter of this document, we indicate mechanisms that can be used to reduce these risks and that achieve a better support for the authentication, the protection of the information, and the anonymity of a person.
The identification mechanisms
Explicit / implicit identification
Two different approaches to identification (of person characteristics and authentication) can be defined:
The explicit identification
The implicit (inferred) identification
Explicit identification relates to processes in which the person is aware, and even participates in this identification. This includes all of the explicit mechanisms that are used to authenticate a person such as: passwords, ID cards, biometric elements, business card, and presentation by another person (a social process). This also includes all the mechanisms that are used to collect explicitly the identity information (person characteristics) such as: questionnaires, ID cards (for the information they contain), etc.
Implicit identification relates to the processes that are used to authenticate the person and obtain the identity information without this person being aware. Implicit identification relies upon a series of available information (such as log files) from which the identity information is inferred or extracted. This can include identifiers attached to the person (such as RFID, IP number of the person, visual appearance, and social cues), or traces of characteristics (such as behaviour) that can be captured and analysed (for instance using profiling techniques such as data-mining).
As already indicated, not all of the identification mechanisms are equal and, in particular, the reliability varies considerably.
18 / 29 |