Session Title

Document Sample
Session Title Powered By Docstoc

                                       Mr. Austin Hill
                                Zero-Knowledge Systems, Inc.

                                      Mr. Gus Hosein
                                       Policy Counsel
                                Zero-Knowledge Systems, Inc.

ABSTRACT                                             Private credential systems, private
                                                      signature systems and pseudonymous
As we move closer to the goal of ubiquitous           certificate authorities.
public     key    infrastructures,    we    are
encountering a growing number of serious
dangers to individual privacy. Security and       1.0 TOWARD THE PUBLIC KEY
authentication of communications are              INFRASTRUCTURE(S) AND
essential to the growth of the Internet for       ESSENTIALS OF IDENTITY
commerce and social communications, but
many problems exist that might create the         The challenges for the Internet as we
infrastructure of a digital ID card that can be   encounter the electronic marketplace and
used to track individuals and infringe on         the digital society include security and
their privacy.                                    privacy      of    communications        and
                                                  transactions. Before they purchase from a
This paper will explore some of the existing      merchant on the Internet, users are
tracking technologies and the dangers of          demanding a level of security of their
adding widespread use of public key               transaction; when dealing with merchants
infrastructures to the Internet, and will also    and portals, users would also like a level of
examine some technologies and techniques          residual privacy.
that balance privacy and individual rights
with the requirements for authentication and      Experts traditionally discuss cryptography
security.                                         as the solution to these challenges.
                                                  Cryptography conventionally introduces
This paper is non-technical and is geared         confidentiality into a transaction or
toward policy makers and privacy                  communication. With the advent of public
advocates.                                        key cryptography in the 1970s came the
                                                  opportunity for digital signatures, which
Specific topics to be discussed include:          provides for integrity checks. However,
                                                  digital signatures involve public keys --
   Archiving of public speech.                   large numbers with no discernable owners.
   The true-identity certificate authority       Thus entered the digital certificate: a public
    model.                                        key with information that assists in
   Marketing      profiling    technologies      identifying the owner. A digital signature
    currently in use (e.g. Engage,                from a third party, often called the
    DoubleClick).                                 Certification Authority (CA), assures the
                                                  integrity of the certificate. The collection of
                                                  this set, the cryptographic algorithms and

                                                                                     Page 1 of 12
The Privacy Risks of Public Key Infrastructures

protocols, the keys, the certificates, and the    actions. Although repudiation may exist in
CAs, is referred throughout this paper as a       the real world for non-public figures to some
Public Key Infrastructure (PKI).                  extent, this is not the case in the virtual
                                                  world with archived speech. In the middle of
With this PKI, users can now traverse the         the       spectrum    lies    pseudonymous
World Wide Web or communicate via email           communications, which sociologically is
securely, that is with confidentiality. Email     how the Internet community was built: face
and commercial transactions can be                to face communications never quite existed,
effected with a level of security and             and researchers and participants in
certainty in the actual data that is being        discourse developed a reputation not only
shared, i.e. with integrity. The certificate      through their professional and accredited
and the according Authority provide a level       affiliations, but also through reputation
of security and certainty that email is being     capital. Over time, email addresses and
sent and received from known subjects             userIDs in chat forums and email lists
(friends or colleagues), and products are         develop recognition for being wise or for
being purchased from an authorized                being spammers, and so on, and develop a
merchant by an authorized consumer and            life and character.
will always be verifiable in case of dispute,
that is with authentication and non-              Explicitly, this spectrum of anonymity--
repudiation.     With this final phase of         pseudonymity—true-identity can be applied
security -- authentication and non-               on the Internet to electronic commerce,
repudiation -- a significant shift has            legal interchanges, information retrieval,
occurred within the spectrum of identity: to      and discourse. While other types of
an extent, the identity of people and             transactions may exist, for the purpose of
institutions in the virtual world can be          illustrating the differences in amount of
ascertained with near-true certainty.             identity required and used, these will
While the spectrum of identity begins with
anonymity and ends with true-identity, we         In electronic commerce, users can browse
have rarely been accustomed to this level of      through merchant sites with a level of
certainty in identity. In browsing, virtually     anonymity:      the   merchants     do     not
and in reality, we are accustomed to              immediately know much about the browsing
anonymity to a large extent, while more           individual. However, marketing has become
practically we are in fact pseudonymous,          savvier with the introduction of profiling (of
and true-identity browsing occurs the least       browsing      consumers)     and     targeted
frequently, until recently at least. In           advertising, with the assistance of
communications, however, things are               techniques such as cookies, thus providing
traditionally somewhat reversed. In the real      pseudonymous browsing. When the
world, identity is often revealed quickly and     purchase occurs, often the consumer‘s
easily among companions and professional          identity is fully revealed upon payment or
contacts, while in the marketplace,               delivery; and even the browsing can occur
pseudonymity is practiced with credit card        with a true-identity divulging if the cookie,
transactions, and anonymity is assured with       for example, is correlated with the purchase
cash.                                             order.

The      identity  spectrum    in     Internet    Interaction with legal entities, such as
communications has always been an                 governmental agencies, can be somewhat
interesting dynamic. Anonymity is ever            different. At the inquiry stage, mere
present, but in the case of communications,       browsing is occurring, such as the inquiring
anonymous communication is deemed                 into social benefits and welfare. Profiling
pernicious, as US Supreme Court Justice           does not occur as often in these
Scalia once wrote.         The anonymous          transactions, so pseudonymity is not often
speaker is free from responsibility, while the    used overtly. However, plans on bringing
identified speaker carries the full weight of     social benefit administration to the Internet
complete responsibility for statements and        (such as with the US Social Security

                                                                                     Page 2 of 12
The Privacy Risks of Public Key Infrastructures

Administration 1 ) eventually incorporates a       infrastructure. This introduction (and not
requirement for complete divulging of              entirely inevitable development) of the
identity in order to receive benefits, and to      Public Key Infrastructure will change the
change personal information on-line.               balance of the spectrum in each case. It is
                                                   the purpose of this paper to argue that the
Researching or news retrieval on the               PKI will in fact introduce an infrastructure of
Internet is again somewhat different. Free         perfect true-identity, of security gained, and
information is available from many sites and       of privacy lost. Yet, privacy need not fall
browsing may be anonymous. However in              victim to advances in security, and
some cases, cookies or IP addresses are            coexistence is possible where many of the
used to track the movement of readers              parties' interests are maintained and
pseudonymously, where the cookie or IP             preserved.
address is not linked to a true-identity and is
used     for     advertising,    or     maybe
personalization of the news. However,              2.0 INFLUENCES AND INTERESTS IN
some news sites, without necessarily               PKI
requiring payment, do require registration
(e.g. the New York Times), where users             The significant interests at play within the
enter personal data and allows for a cookie        current security and privacy conflict include
to be placed on their systems to allow the         consumers and users, merchants and
information provider to monitor their reading      marketers, and government institutions.
habits.                                            While there are no clear demarcations on
                                                   specific intents and interests, and a high
Finally, in discourse, such as mailing lists,      level of simplification is assumed, this
USENET groups, IRC, etc., the spectrum is          section aims to provide some level of
balanced          somewhat          differently.   understanding as to what is being sought
Constructively,      mailing     lists      and    and what are the consequences of public
newsgroups        have     arisen       through    key infrastructures.
pseudonymous communications, where
people from all over the world communicate
with others through pseudonyms or by               2.1 CONSUMERS AND USERS
leaving behind an email address that
means very little to participants outside of       The interests of this group are that with
the discourse; and names and faces are             electronic commerce and interaction with
often not important. Rather, reputations           legal authorities, fraud is reduced and
arise with time. Users can post                    privacy is retained. Privacy is considered to
anonymously to these discussion forums,            include confidentiality of email and
but unless anonymous posters change                transactions, as well as control over
anonymous-userIDs consistently, inevitably         personal information that is gathered and/or
a reputation will develop. Meanwhile, rarely       generated.
has the situation arisen where the members
of a large discussion forum actually relied        With the market in electronic commerce and
on true-identity.                                  information retrieval, the consumer interest
                                                   does include personalization and ease of
The above examples were used merely as             use. This can be achieved through
illustrations of the current state of affairs in   merchants providing easy access to
the identity spectrum.         However, this       products and information that consumers
section began with the discussion of the           wish to purchase, and for others, relevant or
need for security and privacy, and the             targeted advertising may be valued.
introduction of cryptography as an                 Consequently, many consumers are also
                                                   interested in gaining value for their personal
                                                   information, and benefiting from loyalty
 See GCN Spotlight: Electronic Commerce, by        schemes.
Richard W. Walker, in Government Computing News,
May 3, 1999.

                                                                                      Page 3 of 12
The Privacy Risks of Public Key Infrastructures

In discourse, the threat of archived speech        Using cookies under a technique entitled
and spam traditionally has participants            Dynamic      Advertising   Reporting    and
concerned with the flow of personal                Targeting, DoubleClick can control the
information and the archiving of statements        number of times a browser encounters the
of opinion.                                        same advertisement, and decide on which
                                                   particular ad would most appeal to a user.

2.2 MERCHANTS AND MARKETERS                        With growing concerns in the market and
                                                   among regulators regarding privacy and
A synergistic relationship exists between          particularly   cookies,    DoubleClick       is
the merchants and marketers on the                 concerned that it will lose the ability to
Internet. Merchants would like to sell their       provide its service. DoubleClick is
products, and in order to assist them in this      particularly uncertain about the future of the
process, knowing the demands and desires           EU Data Protection Directive and its effects
of their customers would assist greatly.           on transborder data flow.
Thus they rely on marketing and advertising
companies to provide the merchants with            2.2.2 Engage Technologies
customers, and some market information             Engage provides to merchants a service
regarding these potential consumers.               similar to DoubleClick. Engage recognizes
                                                   itself as the world‘s largest database of
This is advanced through customer                  anonymous Web-user profiles. Using a
profiling. Individual merchants can choose         double-blind cookie management system,
to track their site visitors with session-         the identity of Web users is pseudonymized
cookies 2 or with cookies that will be used        through a unique cookie to which merchant
when users return. While a lot can be              sites are oblivious, and to which only
learned from this, more advanced                   Engage has full access.         Even then,
techniques exist that are not limited to           acknowledging privacy interests, Engage
learning from what customers review when           does not relate true-identifying information
they are visiting the site, and that will also     with the cookie.
provide targeted ads to people who browse
consistent genres, i.e. behavioral targeting.      Engage manages to develop behavioral
To illustrate these techniques, let us             profiles on Web browsers based on long
examine more closely the leading marketing         term browsing. The profiles are categorized
services providers on the Internet:                among 22 different interests, such as
DoubleClick and Engage Technologies.               Automobiles,       Entertainment,     Books,
                                                   Hobbies, Stocks, etc. These profiles are
2.2.1 DoubleClick                                  stored centrally at the Engage data center
As of September 1998, DoubleClick has              and are released to merchants when
received over 3.2 billion requests for the         required; however personally identifiable
delivery of ads generated by an aggregate          information such as name, e-mail, phone,
of approximately 4,200 Websites or 440             etc., is reportedly not collected or stored,
Web publishers that are part of the                and therefore this is again a relatively
DoubleClick     44-million-user   worldwide        pseudonymous collection of data. Assisting
network. From all of these sites and users,        in profile development, clickstream data and
aggregate information is accumulated in a          registration    demographics      are   also
central database that assists DoubleClick in       gathered.
deciding on which banner advertising to
place on the screen of a Web browser.              Regarding privacy interests, in its Privacy
                                                   FAQ, Engage promises:

                                                   ―Engage Knowledge protects the privacy of
  Monitoring can also consist of tracking the IP   Website visitors through anonymity. Web
addresses on each session, but this is assuming    marketers do not need to know the
static IP addressing, which is a very large
                                                   personally identifiable information like
                                                   name, address or e-mail address of a

                                                                                      Page 4 of 12
The Privacy Risks of Public Key Infrastructures

Website visitor. Instead, a Web marketer              practice full disclosure so the user knows
only needs the ability to distinguish one             what their data will be used for. Second, we
Website visitor from another and to                   practice what we call ‗optability‘. This allows
recognize that visitor when they return to a          our users to change profiles and opt out of
site. By restricting the storage and access           the process if they don't want to participate.‖
to the data collected, Engage prevents                [emphasis added]
inappropriate use of the anonymous
information and its association with                  Therefore, marketers and merchants are
personally identifiable information.‖                 faced with multiple profiles, anonymous
This is assisted by the difficulty in gathering       profiles, pseudonymous profiles, and the
such personally identifiable information.             need for new techniques.
Like DoubleClick, however, Engage is
concerned with the future where cookies
are frowned upon and erased from hard                 2.3 GOVERNMENT  AGENCIES                 AND
drives by users. Engage is thus looking for           LAW ENFORCEMENT
new techniques for gathering demographic
and behavioral information.3                          Briefly stated, the interest of government
                                                      and law enforcement agencies in particular
Meanwhile, Equifax, a firm that provides              tends towards perfect true-identity more
credit information on over 300 million                frequently than it does towards sustaining
people      to    companies     world-wide,           privacy. Often contradictory efforts occur
announced in April 1999 4 that it was                 from governments, such as the EU as it
working on a new technique for online                 passes its own Data Protection Directive,
retailers to immediately gauge the credit-            while also placing an interest in issues such
worthiness of Internet customers. Equifax‘s           as ENFOPOL.
announced plan is to develop ‗electronic ID
cards.‘                                               Various governments have used the danger
                                                      of immoral behavior as a reason to
While cookies may or may not involve                  suppress anonymous speech, and on the
identity, anonymous cookies are in the                Internet, legal and criminal cases have
interest of marketers and merchants.                  arisen     due   to    anonymous     and
Pseudonymity thus exists largely through              pseudonymous speech. Legal cases
pseudonymous profiling, such as the                   include the Raytheon case, and criminal
service provided by Engage Technologies.              cases include the sharing of child
Even multiple profiles exist, as profiles are         pornography on Bulletin Board Systems,
destroyed and recreated, in effect multiple           etc.
IDs.     The New York Times Website, for
example, requires cookie use for the free             The same applies for access to government
viewing of articles, as well as registration.         services    over    the    Internet: many
According to the director of sales and                governmental initiatives have assumed that
marketing5:                                           access to services over the Internet will
                                                      involve authentication of users first,
―We follow two basic principles regarding             information after.
gathering and using user data. First, we
                                                      At the same time, practically all
 Taken from the amended S-1 form for Engage           governments have an interest in seeing
Technologies, under Risks, at the Securities and      their constituencies become the prime
Exchange Commission, dated July 19, 1999.             locations for electronic commerce, and
4                                                     therefore wish to pass laws and create
 See Equifax CEO: credit data to be sold online, By
Reuters, Special to CNET, April 15, 1999,    policies that support this endeavor. If this
4:00 p.m. PT.                                         can be done while meeting the interests of
                                                      government agencies, then the situation
 Taken from Got the Click-Through Blues?, by          can only be win-win for government. A good
Deborah Kania, in Clickz Network Precision
Marketing Column, available at
                                                      example of this is the discovery of FBI

                                                                                         Page 5 of 12
The Privacy Risks of Public Key Infrastructures

plans 6 to develop a system to monitor                 The X.509v3 model is founded originally on
activities on networks, to track ‗patterns of          the X.500 standard database. This was to
patterns‘ of behavior, in order to prevent             be the database of databases, a global
cracking attacks.                                      database of all users of the Internet. Such
                                                       a database now seems impossible
In summary for this section, various groups            considering the sheer complexity required
have different interests in privacy and                to include every user in the world, but the
security for the Internet, as well as the              spirit remains. Users would each have a
changing spectrum of identity. All groups,             Distinguished Name, or Subject Name,
however, acknowledge that things are                   which was unique, and users would then
about to change. The development of PKI is             accordingly have a public key of their own.
one such change.                                       This public key would get signed and
                                                       incorporated in an X.509 digital certificate,
                                                       and thus become part of the PKI, but only
3.0 ON PUBLIC KEY                                      upon a thorough identification proofing
INFRASTRUCTURES                                        process, where the owner would go to an
                                                       approved CA and show proof of ID.
PKI, as it is being developed, consists of
the transformation of public keys into                 Now, this certificate, using the Secure
certificates through the digital signatures of         Socket Layer protocol, would be part of a
Certification Authorities, based on a                  process to establish a secure link with a
hierarchical system of authorities. The                remote server, or Website. That is, all
X.509v3 standard for certificates is most              communications with that Website would be
common, and consists of numerous fields                encrypted for confidentiality; data could be
on top of the basic key and name, as                   digitally signed to ensure the integrity of the
follows:                                               data;     and    because     the    encrypted
                                                       communication began with the sharing of
        version                                       the signed certificate assuring the Website
        serial number                                 of the name of the certificate's owner, the
        signature algorithm ID                        operator of the site could be certain with
        issuer name                                   whom he was communicating. In effect, the
        validity period                               certificate has become a data security tool,
        subject (user) name                           while also being a passport-level proof of
        subject public key information                identity; in essence, an ID card. The same
                                                       applies to email and newsgroup posting: a
        issuer unique identifier (version 2
                                                       message can be digitally signed certifying
         and 3 only)
                                                       the true-identity of the person sending that
        subject unique identifier (version 2
         and 3 only)
        extensions (version 3 only)                   The Global PKI is not quite a dead dream,
        signature on the above fields                 however. Large-scale efforts exist to
                                                       develop a PKI. For example, consider the
The extensions allowed in version 3,                   US Government initiative ACES, and a
according to RFC2439, include a Subject                Global PKI proposed by a group of banks.
Alternative    Name,     where    additional
information can be bound to the subject of
the certificate, including ―an Internet                3.1 ACES: ACCESS CERTIFICATES FOR
electronic mail address, a DNS name, an IP             ELECTRONIC SERVICES
address, and a uniform resource identifier.‖
                                                       This scheme involves a high level of
                                                       identification proofing for the provision of
                                                       X.509 certificates, where each certificate
 See Computer security readied, Targeting intruders:   will be unique in order to bind one and only
U.S. system, overseen by FBI, would protect vital
government, industry data networks, By John Markoff
                                                       one user identity to an individual public key.
of the New York Times, July 27, 1999.

                                                                                          Page 6 of 12
The Privacy Risks of Public Key Infrastructures

That is, a one user identity – to – one public        working hard on developing electronic
key relationship.                                     commerce bills that support the legal
                                                      validity of digital signatures under certain
This certificate will be interoperable with all       conditions. However, their interests, as
government agencies that support public               briefly outlined in the previous section,
user certificates. This includes the Social           comes clear in the specifications of their
Security Administration (SSA), which has              requirements, particularly any emphasis on
already agreed to use ACES for its                    identity.     For example, consider the
Personal Earning and Benefit Estimate                 following     national    or    multinational
Statement online program. According to                statements on digital signatures.
Government Computing News 7 , the SSA
has been looking for a way to re-launch the
online initiative that it had to pull from its        3.3 SINGAPORE’S ELECTRONIC
Website in 1997 after privacy advocates               TRANSACTIONS ACT 1998
argued that it would be too easy for
someone to access another person‘s                    The language of the act includes the
financial data. The SSA is expecting to use           defined ‗subscriber,‘ that is ―a person who is
ACES to provide a high level of                       the subject named or identified in a
authentication, which will then grant users           certificate issued to him and who holds a
access to their own personal financial data.          private key that corresponds to a public key
                                                      listed in that certificate.‖
Plans also exist to extend this access to
allow for ACES users to include the right of          The resulting digital signature will only be
the individual to access and correct                  treated as secure and trustworthy if the
personal information in all available                 ―certificate is considered trustworthy, in that
Government records. 8                                 it is an accurate binding of a public key to a
                                                      person‘s identity.‖

3.2 BIG BANKS PKI                                     And under enforcement, section 26 explains
                                                      that     any     person    who    ―knowingly
In October 1998, eight large banks from               misrepresents to a certification authority his
around the world announced that they                  identity or authorization for the purpose of
would issue digital certificates worldwide.           requesting for a certificate […] shall be
This involves the creation of a global                guilty of an offence…‖
certificate authority, a central root to the
hierarchy. According to a vice president at           In general the Act, and even press releases
Chase Manhattan: ―This venture seeks to               and general reports from the Singaporean
address the key missing link in e-commerce            government, hinge on establishing the
today, particularly in the business-to-               identity of the person who owns the public
business environment.         […]     That is         key. A February 10, 1999 press release
establishing verifiably the identity of trading       states:
partners in open network.‖ 9
                                                      ―In the faceless world of the Internet,
If it hasn‘t been governments trying to set           transacting parties may not be able to
up a national PKI, governments have been              reliably verify each other's identity. A CA
                                                      thus plays the important role of a trusted
                                                      third party in vouching for the identities of
 See GCN Editorial: No risk, no gain, Government      holders of certificates that it issues (i.e. its
Computing News, February 22, 1999.                    subscribers). Parties participating in online
 As reported by Greg Woods, from the Minutes of the   transactions can, through the digital
GiTS Meeting on May 6, 1999.                          signatures created and the information
                                                      contained in the certificates, reliably verify
 Taken from Big banks back digital certificates, By   the identities of the transacting parties.‖
Tim Clark, Staff Writer, CNET, October 21,
1998, 12:55 p.m. PT, URL:,4,27800,00.html

                                                                                          Page 7 of 12
The Privacy Risks of Public Key Infrastructures

                                                  In early work on digital signatures, the
                                                  European Commission took a different
3.4 INTERNATIONAL CHAMBER OF                      approach to identity.        In a 1997
COMMERCE                                          Communication       (Com97(503)),    the
                                                  Commission stipulated early that:
Interestingly, this international group has
very similar wording in its GUIDEC: General       ―Business partners sometimes do not have
Usage for International Digitally Ensured         an interest in the precise identity of a
Commerce report from 1997.                        particular person or entity, but only in the
                                                  confirmation of previous contacts, in their
                                                  affiliation to a defined group of persons, in
3.5 CANADA                                        their individual characteristics such as
                                                  solvency and creditability or simply in
The Draft Uniform Electronic Commerce             unforged data.‖
Act, as of March 15, 1999 defines an
electronic signature as:                          The Commission followed this with an
                                                  example stating that credit card companies
―information in electronic form that is           do not confirm the identity of the cardholder,
associated with an electronic document by         but rather the presence of credit.
a person for the purpose of signing the
electronic document; and/or information in        The Commission continues to state that in
electronic form that a person, directly or        many cases people will have several key
through an agent, associates with an              pairs corresponding to their different roles,
electronic document for the purpose of            in complete contrast with the X.500
establishing a connection between the             philosophy. Moreover, the Commission
electronic document and the person.‖              states:

Thus, in order for legal status to be given to    ―Those persons not wishing or not obliged
an electronic signature, the electronic           by law to communicate under their name
signature must be reliable for the purpose        can choose a pseudonym which safeguards
of identifying the person.                        their anonymity in transactions and
                                                  communication (though the signatory is
Canada also has been working on                   identified to the CA) whilst fully exploiting
developing a Government of Canada                 the integrity and authentication functions of
Federal PKI, with the following goal:             digital signatures.‖

―To facilitate electronic commerce nationally     Therefore, this creates a certificate
and internationally and to achieve its goal of    relationship of many user identities to many
conducting        business      electronically    public keys, in direct contravention to the
whenever possible […]. In order for               notion of one user identity to all applications
electronic transactions to be seamless            that is presented in the traditional x.500
across Canada, it is important that similar       worldview.
infrastructures, policies and standards be
adopted nationally.‖                              Thus, while some governments push for
                                                  identity-based certification for use like a
The policy of true-identity as central to the     Social Security/Insurance Number for
value of a certificate and signature is thus to   many, if not all, applications, others are
be translated from Federal government             acknowledging that there may be a need
initiatives to all recognized CAs in the          not only for many certificates, but even
country.                                          pseudonymous certificates.

                                                  Beyond national and international policy,
3.6 EUROPEAN COMMISSION AND                       legislation,   and    government     efforts,
EUROPEAN UNION                                    VeriSign is leading a significant commercial

                                                                                     Page 8 of 12
The Privacy Risks of Public Key Infrastructures

                                                  or for intercepting, recording or misusing
3.7 AN IDENTITY-INTENSIVE                         documents or messages.‖10
VERISIGN CA                                       The Commission thus acknowledged that
                                                  the PKI could be used as an instrument of
VeriSign begins by stating clearly that its       surveillance. The European Commission
DigitalIDs address the problem of online          went through with implementing this in a
impersonation, by providing an electronic         Proposal for a European Parliament and
means of verifying someone‘s identity.            Council Directive on a Common Framework
                                                  for Electronic Signatures. The Committee
VeriSign makes no effort to hide metaphors:       of the Regions responded11 with its opinion
the company continues to define DigitalIDs        on the proposal with the following
as the electronic counterparts to passports,      statement:
driver licenses, and membership cards.
Accordingly, VeriSign offers different            ―The Committee expects the Commission
classes of DigitalID akin to each level of        … to monitor from the point of view of
identity verification.                            privacy protection, that the technical ease of
                                                  using electronic signatures does not lead to
Together -- the national policies, the            the    introduction     of    recognition   in
Certification Authorities, the contents of the    transactions where it is not absolutely
certificates -- this is what makes up a PKI.      necessary. Such a development could be
The following section combines this and           regarded as posing a threat to, for
previous sections to provide support to the       example, transparency in administrative
argument that the PKI can be used as an           dealings by requiring recognition in
infrastructure for surveillance.                  situations      where       anonymity       is
                                                  appropriate.       Similarly, in electronic
                                                  commerce, it would be enough in most
4.0 SYNTHESIS: POTENTIAL FOR                      cases to verify that a payment is effected by
ABUSE                                             the client and received by the supplier.‖
                                                  [emphasis added]
In Section 2, the interests and requirements
of the consumer, the marketers, the               Thus, the European Union is set to act on
merchants, and government institutions            the idea that the PKI need not be true-
were briefly outlined. In Section 3, the PKI      identity based because it would threaten
was presented. This section will synthesize       privacy; and in fact, there are occasions
these themes to argue that the PKI has a          where anonymity is appropriate within an
potential for abuse.                              infrastructure that seems built and set on
Our paper focuses on the issue of identity
and the PKI rather than the confidentiality       How exactly does it become an
afforded by cryptography. The European            infrastructure for surveillance? Consider
Union recognized this difference in the           marketing and electronic commerce. In
process of creating its own policy on digital     Section 2, both Engage and DoubleClick
signatures, as outlined earlier. In an early      acknowledged concerns that the time may
policy statement, the Commission decided          come when the method of cookies would
that pseudonymous certificates should be          become unacceptable to the consumer, and
allowed for, and the reasoning for this was
that:                                             10
                                                    Taken from Towards a common framework for
                                                  electronic signatures, Com(97)503, DGXIII, European
―Without such a privacy safeguard, digital        Commission, 1997.
signatures could be abused as an efficient
instrument for tracing individual on-line           Taken from Opinion of the Committee of the
consumption patterns and communication            Regions on the ‘Proposal for a European Parliament
                                                  and Council Directive on a common framework for
                                                  electronic signatures. (1999/C93/06), April 6, 1999,
                                                  Official Journal of the European Communities.

                                                                                           Page 9 of 12
The Privacy Risks of Public Key Infrastructures

thus unprofitable. However, merchants             In a section entitled ―A Better Solution:
would still want to know who is accessing         Using DigitalIDs to Identify Users‖, VeriSign
their site, what exactly customers are            argues that the certificate allows for a
interested in and what they are looking for,      unique identifier (the identity of the user)
while also providing advances in security         that allows the merchant to personalize
and privacy to meet a market need.                information and advertising for each user,
                                                  match behavioral patterns with a user‘s
Addressing these concerns, VeriSign               profile, control a user‘s access to a
published a white paper entitled Digital IDs:     particular information or services, and
The New Advantage. In the white paper,            secure email messages. The difference
VeriSign positioned the DigitalID, or the         between then (section 2) and now (section
digital certificate, as the next replacement      4) when it comes to electronic marketing,
marketing tool for merchants.                     the merchants and marketers are given the
                                                  identity of individuals who visit their site and
First, VeriSign proposed that the certificate     present their certificates.
would replace the cumbersome username
and password scheme that most sites have          Just as the current US Government ACES
for registered users – one certificate could      certification policy admits that it is uncertain
be used to access many merchant sites,            about the status of the specified digital
while still uniquely identifying the customer     certificates and how they fit under the EU
in a way that is similar to a ―driver‘s license   Data Protection Directive, the VeriSign
or passport.‖                                     ‗solution‘ is even more suspect.

Second, VeriSign addressed cookies.
Remarking that privacy concerns have been         5.0 OVER-EMPHASIZING
raised regarding cookies because users do         IDENTIFICATION
not know when a cookie is passed or what
information is in the cookie, and that            With the PKI, the type of profiling outlined in
cookies provide merchants with no                 Section      1   becomes        identity-based.
mechanism for gathering information about         Pseudonymity will no longer exist, and the
first time visitors, VeriSign promotes the        only thing that will remain is the divulging of
certificate again as the solution. VeriSign       true-identity at every Internet purchase,
also states the following limitations to          every time information is accessed from
cookies, as they:                                 government Web servers, at every
                                                  newspaper article read on the Internet, and
   ―Offer no mechanism for third party           every time someone posts a message to a
    verification of the identity of the user.     newsgroup. Repudiation, within the PKI, is
    Furthermore, everyone using a browser         gone.
    on a particular computer presents the
    same cookie to the server.                    The Public Key Infrastructure concept
   Provide no way to track user                  makes one very important and dangerous
    information, such as demographic              mistake very early in its establishment: it
    profiles, unless the site implements a        tends to assume that everything must
    full registration process.‖                   revolve around the identity of the public key
                                                  owner, and this identity is linked to some
Yet, Engage Technologies even noted that          database. Relying on identity as a focal
it was not necessary for sites to have            point, as the index, reveals far too much
detailed personal information, because it         personal information, far more than is
was the practices and uniqueID that               necessary, and in some cases, more than is
merchants truly sought, and not necessarily       legal.
the name of each and every visitor to their
site. But VeriSign argues that because the        As an alternative technology to PKI, being
certificate provides security and encryption,     the Simple Public Key Infrastructure
it should be preferred over the cookie.

                                                                                     Page 10 of 12
The Privacy Risks of Public Key Infrastructures

(SPKI)12 outlines, ―with the explosion of the            is the implementation of X.509 PKI
Internet, it is likely that one will encounter           problematic, but its worldview is as well.
keyholders who are complete strangers in                 Merchants do not need true identities, nor
the physical world and will remain so.                   should a user be restricted to owning one
Contact will be made digitally and will                  certificate for use in multiple applications.
remain digital for the duration of the
relationship. Therefore, on first encounter,             Furthering the SPKI notion of multiple
there is no body of knowledge to be                      certificates are the three types of digital
indexed by any identifier.‖                              certificates as outlined by Bohm, Gladman,
                                                         and Ellison.13 The first type is the identity
SPKI theorists argue that the X.509 type                 certificate, as outlined throughout this
identifier is problematic. The consequence               paper, but not relying on a unique identifier
of the identifier is that it requires a GlobalID         of a name. The second type is that of
system in which people must be unable to                 accreditation: a certificate that states that
repudiate an identifier, and must be unable              the owner is a member of a group without
to generate another (after all, why would                necessarily specifying the identity of the
someone who is not evil wish to change his               owner. So a certificate stating that the
or her name?). SPKI supporters argue that:               owner is a member of the Association for
―To make that scenario come true, one                    Computing Machinery should suffice for
would have to have assignment of such                    access to the ACM Digital Library, so long
identifiers (probably by governments, at                 as there is a unique identifier such as a
birth) and some mechanism so that it is                  serial number. Finally, the third type is
always possible to get from any flesh and                authorization and permission certificates:
blood person back to his or her identifier.‖             The CA delegates some form of authority to
SPKI theorists argue that such a system                  the key being signed (example given of a
only exacerbates the privacy situation by                Bank authorizing the withdrawal of money
raising the possibility of using biometrics for          using a certificate for account 742507).
that purpose. The concern is then that                   Again, no name is required; the account
these certificates are required to purchase              number should suffice.
CDs and books online.                SPKI then
advocates the existence of multiple                      The result is that not only are there many
identities for one individual.                           certificates to own such as in SPKI and
                                                         AADS, but also not all the certificates relate
Another alternative scheme is AADS:                      back to personal information such as a true-
Account Authority Digital Signatures. This               identity, or a name. The existence of
scheme        is   idealized    for  financial           multiple identities also allows for the
transactions, and preserves privacy through              existence of multiple pseudonyms, since
its electronic commerce payment protocol                 the identities need not relate directly to the
x9.59. Arguing that it is not necessary for a            true-identity, or the real name of the owner.
merchant to know the identity of the                     There is no need for an x.500 type of 1
consumer for payment, X9.59 would merely                 identity to 1 public key. Rather it is safer to
assure a merchant that payment is possible               have 1 identity to many public keys, or
– that is the extent of the concerns for the             rather than 1 X.509 certificate to many
merchant. As well, the certificates that exist           applications. The relationship can be
will differ for each account held.                       reduced to 1 x.509 certificate based on
                                                         pseudonym to each application.
The likelihood of either of these alternative
schemes becoming standard is not the                     The EU recognized the dangers of a true-
point of the above discussion. Rather, the               identity PKI in its policy statements and
two alternative schemes show that not only               papers. A Memorandum by Members of the

  Taken from SPKI Certificate Theory, Internet Draft,
Expires 3 December 1999, by Carl Ellison, Bill Frantz,     See Digital Signatures, Certificates, and Electronic
Butler Lampson, Ron Rivest, Brian Thomas, Tatu           Commerce, ver 1.1, by Brian Gladman, Carl Ellison,
Ylolen, May 28, 1999.                                    and Nicholas Bohm, June 8, 1999.

                                                                                                 Page 11 of 12
The Privacy Risks of Public Key Infrastructures

Global Internet Liberty Campaign to the UK
Government was released in February 1999
that places the possibility of surveillance in
an appropriate perspective. Although
referring more to confidentiality and key
escrow, the Memorandum had a key point:
―Encryption has the power to authenticate
the identity of these authors to their
partners abroad, and protect their identity
from despots at home. [To restrict
encryption] would mean a tremendous blow
to international efforts to support the cause
of human rights.‖


True-identity is not the panacea. Multiple
IDs where some are pseudonyms is an
alternative method to the surveillance
infrastructure that the PKI may become. As
a result, pseudonym management and
pseudonymous certificates may meet the
needs of the consumers, the market-
sensitive merchants and marketers, and the
government that wishes to support
electronic commerce. Under this model, the
only unhappy parties are marketers and
merchants that gather hazardous amounts
of personal data, and governments bent on
creating an infrastructure of surveillance.

And the age-old balance between security
and privacy is not the key issue. In the end,
the essential endeavor is that the identity
spectrum must remain balanced.

                                                  Page 12 of 12

Shared By: