A Risk Assessment Framework for Digital Identification Systems
Allison Woodruff, Dirk Balfanz, Will Drewry, Mariana Raykova
TL;DR
This paper presents a comprehensive risk assessment framework for digital identification systems, aiming to improve privacy and security through expert analysis, case studies, and practical piloting.
Contribution
It introduces a novel risk assessment framework and best practices, supported by a casebook and expert critique, to guide responsible digital identification development.
Findings
Framework is robust and helpful for reviews
Piloting over one year demonstrates practical utility
Supports policy and standards development
Abstract
We introduce a risk assessment framework for digital identification systems, as well as recommended best practices to enhance privacy, security, and other desirable properties in these systems. To generate these resources, we created a casebook of a wide range of digital identification systems, and we then applied expert analysis and critique to identify patterns. We piloted the framework on several reviews within our organization over a period of approximately one year, and found it to be robust and helpful for those reviews. This work is intended to inform product review and development, product policy, and standards efforts, and to help guide a consistent responsible approach to digital identification across the broader digital identification ecosystem.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.