May 1, 1998
The Honorable Robert Bennett
United States Senate
431 Dirksen Senate Office Building
Washington, DC 20510
Dear Senator Bennett,
We are writing to express our concern about the privacy and consumer issues raised by pending legislation on digital signatures and electronic authentication. We are pleased to see that attention is being paid to this issue, which is vital to the development of electronic commerce and the Internet. However, we are concerned that S. 1594 does not adequately address the privacy issues inherent in the creation of digital certification systems. Protecting individual privacy and computer security by promoting consumer choice and fair information practices is critical to building a trusted framework for electronic communication and commerce.
Privacy Consequences
The consequences of neglecting these privacy concerns include:
Unauthorized access and identity fraud -- The Social Security Number (SSN) offers a useful example of these problems. SSNs are used in so many ways and are so widely available, through driver's licenses, credit-report headers and other public and private records, that systems that rely on it as a certifier have become vulnerable, and individual privacy has been placed at risk. With an SSN, a deceitful person can gain access to systems, duplicate or "spoof" another's identity, and access another's personal information. The use of a common certifier for online transactions poses similar risks.
Centralization of personal information collection -- A single certifier used for many different purposes risks creating a vast warehouse of data about an individual's activities. In today's world various record-keepers have information that reflects different aspects of an individual's life. The bank has banking records; doctors have medical records; and credit card companies have records of credit transactions. Keeping records or certificate systems separate protects individual privacy by limiting the damage that can occur through either internal misuse or unauthorized access. Separate records or certificate systems also curtail the surveillance and monitoring capacity of each system.
Greater collection and use of personal information -- Time-tested fair information practice principles -- such as limiting the collection of data to only what is needed -- are jeopardized when a single certifier is given a wide variety of uses. If a single means of certifying is used across all transactions, it will by default become a certifier that is based on personal identification. Even though only certain marketplace transactions now require personal identification, a single certifier will result in a great deal of data being collected -- more data, in fact, than is needed to support a large number of marketplace and individual-to-government interactions. In essence, using a single certifier for every purpose creates an electronic trail of all of a citizen's interactions.
Privacy Principles
A system using digital signatures should be designed to enhance, or at least maintain, privacy and consumer protections. To do this, a system must include the following three elements:
Consumer Choice through a Decentralized Infrastructure -- Legislation should allow for and encourage a variety of certificate authorities. Legislation should not skew the market by favoring particular technologies, industries, or certificate providers.
Multiple Certificates for Multiple Purposes -- Just as credit cards, "loyalty cards" (e.g., frequent flyer cards), and identification cards all serve different purposes, various certificates should be available to achieve these certification functions in the online world. Legislation also should be based on approaches that do not always tie identity into certificates.
Fair Information Practices -- Any tested certification system must adopt fair information practice principles. Such principles should be rooted in existing fair information practices (such as the attached OECD Guidelines) and focus on the specific needs of online certification. They should include:
Collection Limitation - Information collected should be limited to that which is needed for any given transaction, and should be obtained with the knowledge and consent of the subject. A system that meets these goals would have to use different certificates in order to complete different transactions.
Purpose Specification - The purpose of the collection should be specified at the time that the data is collected and should not exceed the amount of information necessary to complete the transaction. By specifying a purpose it becomes clear that identity is not needed in all transactions.
Use Limitation - Personal data should not be disclosed, made available, or otherwise used for purposes other than those specified. This includes the sharing of data with third parties as well as unnecessarily tying personal identification to transactional records.
Regular Destruction of Data - By periodically destroying data, or removing personally-identifiable features, we can limit abuses of the system and inappropriate cross-referencing.
Overall, any public policy relating to digital signatures and certificates must embody these privacy protections, or it will ultimately prove unacceptable to consumers and other market players who are increasingly demanding safeguards for their privacy and security online. In addition, there are other consumer concerns raised by this legislation which must also be addressed and are outlined in a letter to Senator D'Amato from consumer groups.
Electronic commerce and certification are still at the very early stages of development. Congress must proceed carefully to assure that any legislation builds a proper basis for the economic and democratic growth of the Internet. We look forward to working with you and your staff to achieve these goals.
Sincerely,
Center For Democracy and Technology
U.S. Public Interest Research Group (PIRG)
cc: Senator D'Amato; Senator Sarbanes; Senator Gramm; Senator Dodd; Senator Shelby; Senator Kerry; Senator Mack; Senator Bryan; Senator Faircloth; Senator Bryan; Senator Grams; Senator Boxer; Senator Allard; Senator Moseley-Braun; Senator Enzi; Senator Johnson; Senator Hagel; Senator Reed; Senator McCain; Senator Hollings
The Center For Democracy And Technology
1634 Eye Street NW, Suite 1100
Washington, DC 20006
(v) +1.202.637.9800 (f) +1.202.637.0968
For more information,
write webmaster@cdt.org
