Understanding Privacy F or more than a decade, businesses, governments, universities, and other organizations have devel- oped and deployed identiﬁcation–authentication systems based on public-key infrastructure (PKI). But despite this strong institutional support, an alternative system for identiﬁcation and authentication organically evolved, improved, and spread during recent years. This identiﬁcation–authentication regime is not based on public-key cryptography, but instead on the ability to re- ceive email sent to a particular address. In this article, I argue that despite some security short- comings, email-based identiﬁcation and authentication (EBIA) is a reasonable approach for many current com- mercial and government applications. EBIA provides a better match to the usability, privacy, autonomy, resiliency, and real-world business requirements than PKI technol- ogy. Today, even sensitive applications that let us enter into binding business agreements worth thousands of dollars (for example, on eBay) and electronically transfer money between bank accounts (for example, with PayPal), use EBIA. Here, I analyze its advantages and weaknesses, dis- cuss best practices for its continued use, and show how EBIA might evolve into a system with stronger security properties. The “Related work” textbox on page 24 de- scribes other PKI alternatives in progress. Identiﬁers and identity theft Personal identiﬁers typically are names, symbols, or codes that represent a human being. Identiﬁers can be contextu- ally or globally unique: There is only one George Bush who lives at 1600 Pennsylvania Avenue in Washington, D.C., but there are two people named George Bush in the New York City telephone directory and another 15 else- where in New York state. Sometimes different people can use the same identi- ﬁer—a family can share a telephone number, for example. Other applications require singularly unique identiﬁers. In 1936, the Social Security Board adopted the nine-digit social security number (SSN) system to track the earnings of different Americans with the same names. The 1935 Social Security Act required tracking each American’s earnings through his or her employment lifetime because it based, in part, retirement beneﬁts on lifetime earnings (see “The History of Social Security;” www.ssa.gov/ history/). Thus, while two people living today in New York City have the George Bush name, each of them should have a unique SSN. Moreover, those numbers should be different from that of the George Bush living on Pennsylvania Avenue in Washington, D.C., and every other person cataloged in the social security system. Universal identiﬁers, which the SSN has become, are identiﬁers used simultaneously by different organizations. But not all universal identiﬁers were designed with this purpose in mind. The SSN evolved into a universal iden- tiﬁer as various government agencies began to use it in preference to numbers that they could issue. It was cheaper for the federal government to use pre-existing SSNs as military serial numbers, then as federal employee numbers, and, ﬁnally, as taxpayer identiﬁcation numbers, than it was for all other bureaucracies to develop and maintain their own identiﬁcation regimes. But the SSN is a poor universal identiﬁer. It lacks secu- rity features such as a check digit (to detect typographical errors) and a large space of unused codes (to decrease the likelihood that a randomly-chosen number matches a real SIMSON L. GARFINKEL Massachusetts Institute of Technology Email-Based Identiﬁcation and Authentication: An Alternative to PKI? 20 PUBLISHED BY THE IEEE COMPUTER SOCIETY ■ 1540-7993/03/$17.00 © 2003 IEEE ■ IEEE SECURITY & PRIVACY Email-based identiﬁcation and authentication is an emerg- ing alternative to public-key infrastructure. It overcomes many problems inherent with traditional authentication techniques, such as social security numbers, and provides functional security when used within a limited context.