Repkine, Alexandre and Hwang, Junseog (2004): A Network-Economic Policy Study of Identity Management Systems and Implications for Security and Privacy Policy.
Preview |
PDF
MPRA_paper_7850.pdf Download (182kB) | Preview |
Abstract
Solving the problems associated with identity management in the “virtual” world is proving to be one of the keys to full realization of the economic and social benefits of networked information systems. By definition, the virtual world lacks the rich combination of sensory and contextual cues that permit organizations and individual humans interacting in the physical world to reliably identify people and authorize them to engage in certain transactions or access specific resources. Being able to determine who an online user is and what they are authorized to do thus requires an identity management infrastructure. Some of the most vexing problems associated with the Internet (the deluge of spam, the need to regulate access to certain kinds of content, securing networks from intrusion and disruption, problems of inter-jurisdictional law enforcement related to online activities, impediments to the sharing of distributed computing resources) are fundamentally the problems of identity management. And yet, efforts by organizations and governments to solve those problems by producing and consuming identity systems may create serious risks to freedom and privacy. Thus the implementation and maintenance of identity management systems raises important public policy issues.
The identity management systems (the IMS-s) often tend to require more information from the consumers than would otherwise be necessary for the authentication purposes. The typical choice being analyzed in IMS is the one between a completely centralized or integrated system (one ID - one password, and a single sign-on) and the one comprising a plethora of (highly) specialized IMS-s (multiple ID-s and passwords). While the centralized system is the most convenient one, it is also likely to require too much personal information about the users, which may infringe on their rights to privacy and which definitely will result in serious damage should this personal information be stolen and/or abused. When more than two IMS-s interconnect (more of a practical side with various types of commercial values), they share the private information with each other, thus increasing consumers’ exposure to possible information misuse. It is thus rather obvious that the public policy plays an important role to maintain the structure of identity management systems ensuring the existence of a sound balance between the authentication requirements and consumers’ rights to privacy. The focus of this paper is on investigating this type of tradeoff by employing a theoretical framework with agents whose utility depends on the amount of private information revealed, and on making policy recommendations related to the issue of interconnection between alternative IMS-s. Our model derives optimal process of interconnection between IMS-s in the simple case of three IMS-s, then generalizing it to the case of more than three firms. The socially optimal outcome of the interconnection process in our model implies encouraging the interconnection between smaller rather than larger IMS-s.
Item Type: | MPRA Paper |
---|---|
Original Title: | A Network-Economic Policy Study of Identity Management Systems and Implications for Security and Privacy Policy |
Language: | English |
Keywords: | Networks; Interconnection; Identity Management; Regulation Policy |
Subjects: | L - Industrial Organization > L2 - Firm Objectives, Organization, and Behavior > L25 - Firm Performance: Size, Diversification, and Scope L - Industrial Organization > L1 - Market Structure, Firm Strategy, and Market Performance > L14 - Transactional Relationships ; Contracts and Reputation ; Networks L - Industrial Organization > L5 - Regulation and Industrial Policy > L51 - Economics of Regulation D - Microeconomics > D7 - Analysis of Collective Decision-Making > D78 - Positive Analysis of Policy Formulation and Implementation D - Microeconomics > D8 - Information, Knowledge, and Uncertainty > D85 - Network Formation and Analysis: Theory |
Item ID: | 7850 |
Depositing User: | Alexandre Repkine |
Date Deposited: | 21 Mar 2008 06:10 |
Last Modified: | 30 Sep 2019 03:28 |
References: | Bennett C (1992) Regulating Privacy: Data Protection and Public Policy in Europe and the United States (Ithaca: Cornell University Press). Clauss, S., and Kohntopp, M., “Identity management and its support of multilateral security”, Computer Networks, 2001. Davis, J.C., “Protecting privacy in the cyber era”, 2000. Economides, N., “The economics of networks”, International Journal of Industrial Organization, 1996. Gavison R (1980) 'Privacy and the Limits of the Law', Yale Law Journal 421. Hansen, M., and Berlich, P., “Identity Management Systems: Gateway and Guardian for Virtual Residences”, Emtel Conference, 2003. Heal, G., and Kunreuther, H., “Interdependent security: the case of identical agents”, mimeo, 2002. ICPP and SNG, “Identity management systems (IMS): identification and comparison study”, Independent Centre for Privacy Protection (ICPP) and Studio Notarile Genghini (SNG), Contract No. 19960-2002-10 F1ED SEV DE, September 2003. Kelsen, 1966. Quoted from Pizzorusso, Scialoja, Branca—page 3. Galgano, Struttura logica e contenuto normative del concetto di persona giuridica, Riv. Dir. Civ., I, 553-633. Kelsen, La dottrina pura del diritto, Einaudi, 1966, 200; Teoria generale del diritto e dello stato, Etas, 1978. Lehnhardt, M., “Identitat im Netz: das Reden von der “Multiplen Personlichkeit””, in: Martin Rost (Ed.): Die Netzrevolution—Auf dem Weg in die Weltgesellschaft, Eichborn, Frankfurt am Main, 1995. Mead, G.H., “Mind, Self and Society”, Chicago Press, 1934. Olivero, N., and Lunt, P., “Privacy versus willingness to disclose in e-commerce exchanges: the effect of risk awareness on the relative role of trust and control”, Journal of Economic Psychology, Vol. 25, pp. 243-262, 2004. Wakaha, O., et al., “New combinatorial designs and their applications to authentication and secret sharing schemes” |
URI: | https://mpra.ub.uni-muenchen.de/id/eprint/7850 |