Identity Assurance Costs: Difference between revisions

From IDESG Wiki
Jump to navigation Jump to search
Line 18: Line 18:


==Solutions==
==Solutions==
* Government standards
* Government standards for identity assurance started with their own internal security needs and only lately spread to consumers.
** The result has been to fall back to collecting user attributes until some threshold had been met.
** There


==References==
==References==

Revision as of 16:28, 17 August 2020

Full Title

The cost of providing assurance of a person's identity online is growing as more people are demanding more control.

Context

  • Over the years attacks against user's online identifiers has become the industry known as Identity Theft.
  • Increasing awareness of the need for privacy online has lead to mandates for all holders of user private information to be more careful of what the user now considers to be high value information about themselves.
  • Enterprises with valuable secrets or access to dangerous materials have solved access problems by focusing on the people that have access to valuable or dangerous assets. They assure that the people and known and act swiftly when breaches are uncovered.
  • The same techniques have been offered to the general public, but none of the industrial grade security measures have been acceptable to the population. The one exception has been the introduction of chip cards to financial transactions and even that has been resisted for years.
  • Identity chip cards are slowly spreading in some nations and for passports and other travel documents, but adoption has recently slowed.
  • Nothing that has been accomplished to date has improved the perception or the reality of a user's sense of privacy.

Problems

  • Privacy was first considered a legal right in a law journal article titled “The Right to Privacy” by Warren and Brandeis 1890 that defined the right to be let alone.
  • Legislation in the past dozen years has lead to an explosion of court cases based primarily on compensating victims for breaches to those laws.
  • Now most "privacy experts" are lawyers and most emphasis has been on adjudicating or avoiding tort actions.
  • Two areas of daily life have government mandated requires for identity assurance:
  1. Financial, where anti-money laundering laws have lead banks to impose "know your customer" (KYC) policies.
  2. Medical, where a mismatch between patients and the medical records have lead to injury and death.

Solutions

  • Government standards for identity assurance started with their own internal security needs and only lately spread to consumers.
    • The result has been to fall back to collecting user attributes until some threshold had been met.
    • There

References