• The road to hell is paved with good intentions. In Norway, where I work, a great danger exists that the authorities will establish a national registry that will contain all information about everyone's medical history. Not only will it contain the information itself, it will do so in such a way that individuals are identifiable. The argument goes that if researchers in the future find out that you're at risk for disease, you will want them to contact you. There are no signs of an opt-out scheme. Why would there be? After all, it will be automagically assured that only medical researchers of utmost integrity will be allowed to access your data. However, the staff managing a recent medical study focusing on sexual activity made an error revealing 220 female study participants' identities—the kind of error we're assured will never, ever happen.
• According to a press release (pdf, http://www.waymaker.net/ bitonline/2003/09/10/20030910BIT00300/wkr0002.pdf) from 23 September 2003, the Scandinavian Airlines System has tried biometry. According to media reports, the scheme worked very well and SAS is contemplating applying it throughout Scandinavia. This will make available to them information not only about their customers, but also about their customers' bodies. If even an airline knows inescapable facts about your body, how can life ever be the same? This also makes witness protection schemes a joke. They promise not to keep any identifiable information and that they're as concerned with their customers' privacy as their customers are. I can promise that the latter, at least, is false.
• Many dream of digital signatures and public-key infrastructure (PKI). However, if some identification authority issues the public key, using it becomes incompatible with separating authentication from identification. This is particularly worrisome in the cases where instead of creating your own "private" key, one is issued to you, as seems to always be the case. In Norway, the agreement you have to sign to obtain access to online banking services states that you have the right to revoke your identity certificate (if you lose your PIN, for example). The bank also has the right to revoke your identity. You do not have the right to refuse to be revoked. Carl Ellison and Bruce Schneier discuss public keys at length.( http://www.schneier.com/paper-pki.html)
• One often-heard approach to fighting email spam is to require digital signatures on emails. Add to this a PKI where keys are issued to you, and the distinction between authentication and identification blurs again. I find some comfort in the fact that the emails I sent as a student are clearly marked as originating from a student and that only considerable digging in old password files will reveal that the user name belonged to me. I have a range of email addresses, and I appreciate the inherent difficulty in bridging the gap between them and me. In fact, I believe I would be willing to give up on email if I had to identify myself before sending one.
Tage Stabell-Kulø is an associate professor at the University of Tromsø, Norway. Contact him at firstname.lastname@example.org.