Focusing public attention on emerging privacy and civil liberties issues

Project Liberty

"Project Liberty" is an online identification and authentication system. It is similar to the Microsoft Passport system in that it allows individuals to use a single signon in order to access many different web pages. It is being developed by coalition of companies as an alternative to the Passport system.

Identification and authentication systems present privacy risks for individuals. They can become virtual toll booths for the Internet, requiring identity before one can view web pages. This violates a fundamental principle of privacy--the idea of collection limitation. Entities should not collect information unless it is necessary to complete some function. However, with a proliferation of authentication systems, individuals can be compelled to identify themselves for no legitimate reason.

These systems also enable profiling, which results in more spam, direct mail, and telemarketing for individuals. Project Liberty has a stated goal of profiling individuals. The Liberty Alliance web page claims that the service is designed to: "Enable commercial and noncommercial organizations to realize new revenue and cost saving opportunities that economically leverage their relationships with customers, business partners, and employees." The phrase "leverage their relationships" is business terminology for marketing and profiling.

The Project Liberty spec will enable organizations to control the profiles of individuals, as another stated goal is to: "Enable commercial and non-commercial organizations to control, maintain and enhance relationships with constituents."

The single signon feature of these systems exposes individuals to security risks. A single signon is a single point for failure--one that can be exploited and then used against many different web sites instead of a single one. Additionally, individuals assume less risk by storing their password in an encrypted text file on their own computers rather than keeping them with a third party.

It is questionable whether consumers want single signon authentication, and whether the system provides consumer benefits. An April 2002 Gartner report found that individuals distrusted online authentication systems.

In the physical world, trust and a "shared history" is not needed between buyer and seller because cash enables anonymous and secure payment. Instead of creating anonymous and secure transactions online, Project Liberty enables information sharing and profiling. As such, it is not a privacy enhancing technology. It moves us backwards hundreds of years to barter-style sale arrangements where information is necessary to complete a sale.

News Items

Resources