Identification -vs- authentication

I was reading a presentation on the Belgian electronic identity card (PDF 150 kb, in French, by a friend). Compared to the old, analogic card, this new card has an electronic chip on it. This chip contains some information that are already visible to any human eye on the surface of this card and more information (like a photo, your address, digital certificates, …). I stopped on the 5th slide where it’s said that this new “e-ID” will allow someone to be identified, to authenticate (what?) and to fill in on-line administrative papers.

Being in the “general culture” of privacy-related subjects, I often heard these two words (identification and authentication). But I never paid too much attention to their meaning. So, once and for all, I decided to have a look in a dictionary.

Identification is the act or process of identifying somebody or something or of being identified. So, it’s an act or process of showing or proving who somebody is. The identity card (ID card) is a card bearing the holder’s name, signature, etc. and often a photograph, carried or worn by somebody to show who he/she is.

Authentication is the act or process of proving something to be valid, genuine or true (act of authentication). You even have the word authenticity, the quality of being authentic.

So, why put identification and authentication means in the same card? Aren’t they redundant? The old, analogic ID card was sufficient to prove who I am to a policeman and to retrieve administrative documents. I think the idea behind this new e-ID card is to adapt this identification process to the electronic world (internet being the most obvious one). It seems it’s far more easy to forge another identity based only on character strings and bits than on a real, physical human being. When paying on the internet with a credit card, you need your card number, your name and a “validation number” that is on the back of your card. Now, with the e-ID, you’ll have digital certificates to electronically identify yourself and authenticate this identification.

As I use to say, this is only a tool (like a hammer, a knife, a RFID tag, a video camera, etc.). But now, I often add that it depends on the goals behind the creation of the tool.

A knife was first created to cut meat, branches, etc. A hammer was first created to hit on a nail. A video camera was first designed to add motion to photographs. Now some people use knives to take control of planes, they use video camera to film their children playing around or British cars registration numbers. This diversion of usage, combined with an increasing “Western comfort” lead some people (in governments or not) to the need of preserving this comfort, this security. They now not only created new tools (DRM, RFID, …), they created tools in order to keep and further increase their profits, to control identities, …

I am not saying that the Belgian government is intentionally imposing the e-ID card in order to control Belgians. But, apparently, some points are not clear … Who will control who (or what application) will have access to the information stored on the chip? And who will control if the restrictions on information access are respected (and how)? Who will control data mining done with information retrieved from the chip (and how)? For the moment, only information already available from different sources are now grouped on the chip, making them easier to retrieve. Who knows what kind of information could be added on the chip, later? If you want more information on this topic, I suggest you to follow the news on the AEL website.

P.S. I really like dictionary: you are looking for one word and you finally read definitions of 2 or 3 words. And if you have an illustrated dictionary, you’ll also look at the pictures. For example, in my Oxford dictionary, “identification” is on the same page than an illustration of an iceberg. An iceberg is just “a huge mass of ice floating in the sea”. But, because it’s related to the idiom “the tip of the iceberg”, nearly 80% of the illustration is showing iceberg part below the see level. By the way, while I was there, I also checked the word idiom: “a phrase or sentence whose meaning is not clear from the meaning of its individual words and which must be learnt as a whole unit” (of course, I also read the other definitions of idiom …).

One thought on “Identification -vs- authentication

  1. Distinction between authentication and identification is very fuzzy. It seems that a lot of people are easy mixing both concepts. By mixing the two concepts, they are introducing dangerous claims like “Biometry is used for authentication” or “I’ll revoke my sign of identity”. We have to inform the society about the real meaning behind the terminology used (it’s always a matter of terminology).For me (IMHO), Identification is just a collection of one or more signs to identify at least a person (or any other entity). The signs used are often fixed or not a lot variable during the lifetime of the entity (The biologist may give other example or contradict me on that ;-). An authentication is here to prove the identify (composed of one or multiple signs) during a certain period of time. We can easily revoke an authentication but not with ease the signs composed for our identity. The proof is not in the identification but in the authentication… but that”s only a PoV.

Comments are closed.