What is the right balance between security and privacy? This is a common starting point in many policy discussions, especially in government. It’s a trick question because it presets the conversation as a balancing act between two values as if they are antithetical – they are not. In practical terms, privacy is security. It is the first thing a security professional learns as part of the Confidentiality – Integrity – Availability “CIA” acronym. Privacy is the individual’s confidentiality control. If we’re going to start the conversation with a question that prejudices the playing field let’s use this one: “Do you love privacy or do you hate America?”

Part of the reason we get into trouble when having these discussions is because most people confuse trust with identity. In our immediate surroundings, identity is the only basis of trust. I trust those I know. But in a larger and interconnected world, I cannot know everyone I need to trust, so I have to use references. I ask my neighbors if they know a good plumber and use their trust as a proxy to extend my trust. Do I care if the plumber is John or Suzy? If they bank with CorpBank or if they are licensed to drive? Not really.

In an even broader context I use other proxies for trust. I check an eBay seller’s “feedback” rating, I read product reviews by consumers on Amazon. I read with interest the opinions of blogger “Jerome” on the price of oil because of his track record. Yet truly, I have no idea if Jerome is a he, or if the alias Jerome is “his” real name.

If I need more trust in a transaction I look for “attestation” by a trusted organization. The DMV has attested that I can drive. Fair Isaac has attested that I pay my bills with a confidence level above 750 out of 800. As a society we hope that both the DMV and FICO have a reliable process that leads to predictable results.

But it’s important to differentiate between the narrow aspect of identity they validate (attestation) and the identity itself. If the DMV says I can drive, what difference does it make if my last name is unpronounceable and Greek-sounding? As long as the fact that I am licensed to drive can be securely associated with my person then my name, address and all that other info is irrelevant. Worse, it is a liability because every time I pull out an ID that is “comprehensive” I reveal far more than necessary for a specific transaction.