AGAINST USE OF
UNIVERSAL IDENTIFIERS (UIDs)
IEEE-USA Position Statement
February 15, 2001
The Institute of Electrical and Electronics Engineers - United States of America (IEEE-USA) strongly recommends that use of a “universal identifier (UID)” — an identifier implemented in all interactions of an individual or other entity with its society — be explicitly rejected.
The concept of an identifier that is both unique to an individual and “universal” in the sense of being always used by that individual to identify himself or herself in interactions with society, is fraught with danger. While such an identifier could provide convenience to the individual in assembling a detailed, intimate understanding of his or her interactions with society, similar convenience could well accrue also to many other parties and thus simultaneously be very attractive to many forms of painful misuse at the expense of the individual’s privacy and security.
A number of different types of identifiers are currently in use:
Policy makers must be made aware that: conventional identifiers can be changed, but only at great inconvenience; biometric identifiers are existential identifiers and, if compromised, are essentially incapable of modification; while encryption keys can be readily changed.
Conventional identifiers are often perceived to be remote and thus appropriate for use as secure public or private identifiers. On the contrary, they are widely and often publicly available. Therefore, such identifiers offer the illusion of privacy and security, but they guarantee neither, and can readily be used to compromise both.
No single identifier should be used for more than one class of functions — as a personal identifier, for authentication, or for authorization for actions. Privacy and security are likely to be greatly enhanced if different data elements and/or approaches are used for each, respective, class or function. No identifier should be “universal.”
IEEE-USA believes that individuals and society will be better served by a family of identifiers instead of by the use of a single identifier. A family of identifiers would allow different identifiers to be used, as appropriate to the security needs, privacy desires, and other tradeoffs of different transactions or situations. For example, person A might want to give a certain identifier to some other person B, so that B could also use that identifier to access certain information; but A might want different identifier(s) for other uses.
IEEE-USA believes that a high level of encryption must be used when authenticating an individual’s identity, authenticating an individual’s identifier, and storing or transmitting such identifier or identifying information.
The chosen identifier must be defined so as to be algorithmically suitable for its intended function. Such definitions would need to assure at the least that the identifier itself can be mathematically proven to have been accurately used and unchanged (such as with one or more “check digits”). The definitions must be extended to include additional levels of error correction and security as may be required for different intended functions. For example, social security number does not have any such check digit (as do credit card numbers) meaning that a simple transcription or data entry error transposing two digits will go undetected.
This statement was developed by the Committee on Communications and Information Policy of The Institute of Electrical and Electronics Engineers - United States of America (IEEE-USA) and represents the considered judgment of a group of U.S. IEEE members with expertise in the subject field.