Robbing Peter to Pay Paul: Surrendering Privacy for Security's Sake in an Identity Ecosystem

By Crossler, Robert E.; Posey, Clay | Journal of the Association for Information Systems, July 2017 | Go to article overview

Robbing Peter to Pay Paul: Surrendering Privacy for Security's Sake in an Identity Ecosystem


Crossler, Robert E., Posey, Clay, Journal of the Association for Information Systems


1 Introduction

Information security is a prominent concern for many entities, such as individuals, organizations, militaries, and national governments. One core reason for such concern comes from the importance of and demand for information privacy, which represents agents' desire to have influence over data about themselves (Bélanger & Crossler, 2011). In highlighting the extent to which the protection of sensitive information is an issue, the Privacy Rights Clearinghouse has chronicled nearly 4,700 publicly reported privacy breaches in the decade from 2005-2015 in the US alone. During roughly the same time period (i.e., 2005-2014), many E.U. member countries experienced similar types of breaches with a collective total of 229 events that equated to 645 million records potentially compromised across various entities (e.g., commercial, educational, government, medical, and military) (Howard, 2014). Thus, issues surrounding the protection of sensitive data are not unique to one country, industry, or entity type.

Not surprisingly, discussions regarding the need for the development and implementation of more secure environments have arisen. The Association for Information Systems (AIS) has also recognized the need to reengineer the Internet and has launched a grand challenge called the Bright ICT Initiative (also referred to as the Bright Internet Initiative) to do so (Lee, 2015). As a result of the Bright ICT Initiative, the AIS and the United Nations International Telecommunications Union have signed a memorandum of understanding to work together to create a safe Internet that eliminates malicious attacks without sacrificing individual Internet users' privacy (Pritchett, 2015). Further outcomes of these discussions aim to improve the degree with which sensitive data are protected from threats. Interestingly, some of the more recently proposed solutions appear to offer improved security but sacrifice information privacy (Dyck & Pearson-Merkowitz, 2013; Goss, 2013; Schneier, 2008). These proposals suggest that, if online agents-individuals and organizations-are vetted and connect through a known and "trusted" identitymanagement intermediary, then certain types of personal information would not need to be shared across the public Internet infrastructure, which would reduce the likelihood that unknown attackers would intercept any transmitted sensitive information. Thus, agents would need to share complete and accurate identifying information with one or more known entities relatively few times (i.e., federated login) rather than known and potentially unknown entities repetitively so that agents could engage in secured activities with each other when they share sensitive data. These centralized entities would, therefore, be responsible for many activities including but not limited to vetting network agents (e.g., individual users, corporations, and educational institutions), managing credentials, and revoking access rights for agents who become noncompliant with the identity-management system specifications. Thus, researchers and policy makers have come to call these types of systems "identity ecosystems".

In summary, identity ecosystems provide a controlled environment where users provide their sensitive and identifying information to a third party that manages their and other users' access to the Internet. In doing so, users (both consumers and vendors) would not have to provide sensitive identifying information to each other to conduct secure transactions because the managing third party would have already validated them both. Conceptually, doing so would decrease the privacy and security risks in individual transactions but would necessitate users' trusting their private information to the centralized third party manager of the entire identity ecosystem. Thus, this situation creates an interesting tradeoff between selectively sharing personal information and making security-related decisions by trusting a single party with all of this information (which includes all Internet activity that one conducts in the identity ecosystem). …

The rest of this article is only available to active members of Questia

Already a member? Log in now.

Notes for this article

Add a new note
If you are trying to select text to create highlights or citations, remember that you must now click or tap on the first word, and then click or tap on the last word.
One moment ...
Default project is now your active project.
Project items
Notes
Cite this article

Cited article

Style
Citations are available only to our active members.
Buy instant access to cite pages or passages in MLA 8, MLA 7, APA and Chicago citation styles.

(Einhorn, 1992, p. 25)

(Einhorn 25)

(Einhorn 25)

1. Lois J. Einhorn, Abraham Lincoln, the Orator: Penetrating the Lincoln Legend (Westport, CT: Greenwood Press, 1992), 25, http://www.questia.com/read/27419298.

Note: primary sources have slightly different requirements for citation. Please see these guidelines for more information.

Cited article

Robbing Peter to Pay Paul: Surrendering Privacy for Security's Sake in an Identity Ecosystem
Settings

Settings

Typeface
Text size Smaller Larger Reset View mode
Search within

Search within this article

Look up

Look up a word

  • Dictionary
  • Thesaurus
Please submit a word or phrase above.
Print this page

Print this page

Why can't I print more than one page at a time?

Help
Full screen
Items saved from this article
  • Highlights & Notes
  • Citations
Some of your highlights are legacy items.

Highlights saved before July 30, 2012 will not be displayed on their respective source pages.

You can easily re-create the highlights by opening the book page or article, selecting the text, and clicking “Highlight.”

matching results for page

    Questia reader help

    How to highlight and cite specific passages

    1. Click or tap the first word you want to select.
    2. Click or tap the last word you want to select, and you’ll see everything in between get selected.
    3. You’ll then get a menu of options like creating a highlight or a citation from that passage of text.

    OK, got it!

    Cited passage

    Style
    Citations are available only to our active members.
    Buy instant access to cite pages or passages in MLA 8, MLA 7, APA and Chicago citation styles.

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn, 1992, p. 25).

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn 25)

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn 25)

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences."1

    1. Lois J. Einhorn, Abraham Lincoln, the Orator: Penetrating the Lincoln Legend (Westport, CT: Greenwood Press, 1992), 25, http://www.questia.com/read/27419298.

    Cited passage

    Thanks for trying Questia!

    Please continue trying out our research tools, but please note, full functionality is available only to our active members.

    Your work will be lost once you leave this Web page.

    Buy instant access to save your work.

    Already a member? Log in now.

    Search by... Author
    Show... All Results Primary Sources Peer-reviewed

    Oops!

    An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.