This Article 
 Bibliographic References 
 Add to: 
Identity Management's Misaligned Incentives
November/December 2010 (vol. 8 no. 6)
pp. 90-94
Jean Camp, Indiana University
With the publication of the National Strategy for Trusted Identities in Cyberspace (NSTIC), the US federal government attempts to solve what it asserts is the identity problem on the Internet. Identity, however, is often confused with authentication or authorization. This linguistic confusion masks the core problem: perverse incentives in digital risk management.

1. National Strategy for Trusted Identities in Cyberspace (Draft),25 June 2010;
2. A.M. Odlyzko, "Privacy, Economics, and Price Discrimination on the Internet," Proc. 5th Int'l Conf. Electronic Commerce (ICEC 03), N. Sadeh, ed., ACM Press, 2003, pp. 355–366.
3. G. Hardin, "The Tragedy of the Commons," Science, vol. 162, 1968, pp. 1243–1248.
4. "Flash Drive Caused Pentagon Cyber Attack," ABC News, 26 Aug. 2010;
5. C. Hoofnagle, "Internalizing Identity Theft," UCLA J. Law and Technology, vol. 13, no. 2, 2009;
6. P. Samuelson, "DRM {and, or, vs.} the Law," Comm. ACM, vol. 26, no. 4, pp. 41–45.
7. Y. Gernter, T. Malkin, and S. Myers, "Towards a Separation of Semantic and CCA Security for Public-Key Encryption," Proc. 4th Annual Theory of Cryptography Conf., LNCS, Springer, 2007, p. 20.
8. R. Dingledine and N. Mathewson, "Anonymity Loves Company: Usability and the Network Effect," Proc. 5th Workshop Economics of Information Security (WEIS 06), 2006;
9. D. Solove, The Digital Person, New York Univ. Press, 2004.

Index Terms:
Security & privacy, incentive alignment, digital risk management, National Strategy for Trusted Identities in Cyberspace, NSTIC, authentication, economics of security
Jean Camp, "Identity Management's Misaligned Incentives," IEEE Security & Privacy, vol. 8, no. 6, pp. 90-94, Nov.-Dec. 2010, doi:10.1109/MSP.2010.178
Usage of this product signifies your acceptance of the Terms of Use.