Pun Salad

This book is from Jim Harper, Director of Information Policy Studies at the Cato Institute; it discusses the public policy implications of "identification" systems used by businesses and governments: how they make sure that the "you" they're dealing with today is the same "you" from yesterday, last month, or three years ago. Since my day job involves (in part) trying to make sure that unauthorized people don't gain access to resources and information to which they aren't entitled, this was (arguably) right up my alley.

Harper starts with the basics: identification is something we do every day in ordinary life, and civilization is built on it. Unforunately, fraudsters are rife. (Harper could have, but didn't, how old identity fraud is: see Genesis 27 on how Jacob tricked Isaac by posing as Esau.) I'm used to seeing identification systems classified as "something you have" vs. "something you know". Harper uses a finer classification: "something you are" (e.g., biometrics); "something you've been assigned" (names, Social Security Numbers); "something you have" (ID cards); and "something you know" (passwords).

Since Harper is a Cato guy, he's free-enterprise friendly and government suspicious. He makes a convincing case that government has gone down the wrong road with too much reliance on a single number (the SSN) and a single ID mechanism (the driver's license, which, at the time the book was written, was threatening to grow into REAL ID). He also swipes at the post-9/11 TSA airport hassle, which is "security theater" meant to reassure the rubes that the government is "doing something" about airline security, while not thwarting any actual terrorism.

Harper advocates doing away with the effective government monopoly on many forms of identification, instead adapting decentralized systems developed by private enterprise. (One example: Clear, a biometric card that can speed up your process through security checkpoints.) He argues that customers should demand more privacy in their business dealings (or, at least, get clear benefits for surrendering a known bit of anonymity); businesses should, on their end, develop solutions to adapt to such demands.

My own employer has, for nearly all students and employees, long piggybacked on the Social Security Number for its own identity management efforts; now, chastened, we're in the costly and time-consuming process of coming up with something else. If only Harper's book had been available years ago, this is a mistake we could have avoided.