Back to Previous Page
By David H. Holtzman
One of the strengths of digital communications is the ability to momentarily borrow an insanely expensive computer network (i.e. the Internet) to deliver a message, make a purchase or look up information.
Ironically, this most freeing quality of the computer age has also become the most troublesome. Since we share these services with many other people, we have to identify ourselves with digital "keys" each time we use one. And it's these identification keys that provide the convenience of use for us that also provide the convenience of misuse by Identity Thieves.
Get the key, get the person. Who ever sees the face anyway?
E-Commerce is a misnomer. Most regional, national and global businesses have adopted the strengths and weaknesses of E-Commerce even if they have no online presence. The main element of E-Commerce is not having a web site; it is restructuring a business so that it is database driven. This is the dirty secret of CRM; it dehumanizes the customers and replaces them with numbers.
Converting an organization to this kind of business has many wonderful benefits for a company, it provides transportability for the customer service organization, it allows real-time business metrics that were unheard of even ten years ago and it presents a unified, "clean" feel to the grab bag of businesses and their software systems that most executive teams are managing these days. The obvious down side is a growing sense of customer disillusionment, decreasing brand loyalty and a hard-edged cynicism towards corporate America that is no doubt contributing to current market conditions.
The real damage is subtler--the substitution of these identification keys for the person, while probably necessary, has created an environment that is conducive to identity theft. It is much easier to find a way to get the identification keys that will unlock an account then it is to break a window and leave with a television set. There is every reason to believe that Identity theft will grow and become a significant problem, both for consumers and for industry.
Identity Theft is a good business
- It's harder to get caught in the act. Cloning a cell phone, War driving or Packet sniffing are virtually untraceable. Unlike real world thievery, the most dangerous moment for the crook is not when the crime is committed, but when they try to cash the proceeds.
- It's replicatable. If you can get one key, you can probably get hundreds of them, maybe even hundreds of thousands. Picking one pocket is petty thievery but picking every pocket in a crowd can be lucrative.
- The legal system isn't equipped to handle it. Jurisdictional responsibility becomes murky and prosecution is only effective when it’s a cut and dried case of demonstratable financial gain and easily understood harm, preferably against a protected class of people like senior citizens.
- The crime is frequently not discovered for quite a while. Many identity thefts are not discovered until a monthly statement comes out or a check bounces.
- It’s a white-collar crime and can be conducted in any room any where in the world that has an online computer and a telephone.
Biometrics--an eye for an eye
Let’s assume, for the moment, that biometric systems are 100% accurate. They’re not of course, but it’s easy to believe that their accuracy will continue to improve as a result of the money being poured into Homeland Defense. Whether a system is based on retinal scan, fingerprint matching, DNA analysis or facial profiling, every system will require the presence of a master database to reference into. It’s going to take a while to build a database that comprehensive and there will be stiff opposition every step of the way from privacy advocates.
I suspect that highly accurate biometrics will probably involve multiple physical measurements and that the price point for a turnkey version of this kind of system is going to be too high for integration into Point-of-sale devices for the near future. Biometric identification will eventually have to make its way into the home and workplace otherwise the requirement that a consumer be physically present for authentication will offset the benefit of convenience that consumers get from these online systems in the first place.
The bottom line is that biometrics will only prove useful to consumers as an effective guard against identity theft when the authentication devices are as widely deployed as ATM machines and are backed up by an accurate and universally accessible database that provides biometric criteria sufficient to identify most of the population of America. Of course, the very existence of this database brings up other privacy issues that are beyond the scope of this article.
Will you respect me in the mourning?
There’s sometimes more at stake here then just money. If you know the right keys to authenticate yourself to a computer system as someone, then for all intents and purposes you are that person in every possible way. Not only can you withdraw their money from their bank account, trade their stocks and sell their house, you can utilize their professional credentials (doctor, lawyer, police officer), establish commitments and relationships as them including online romances, libel or slander someone and generally wreck havoc on their personal lives. Most of the above scenarios have occurred without using computers but computers make it so much easier. Every new online capability that is introduced will have the potential for abuse by Identity Theft if there is an incentive for someone to do so. For instance, online voting systems and social welfare programs would be obvious candidates for abuse.
There have already been cases where people have had their online identity stolen instead of their "real" one. While this is not generally financially harmful, it can undermine years of good citizenship in a virtual community. Women have been "cyber-raped" by having their online persona taken over via a password theft and then made to act in an unwanted or inappropriate way. This reputational hack will become more devastating as the new generation, generation IM (Instant Messenger) comes of age.
But what about the children?
I call this new generation, "Generation IM" -- because they're the first one that has grown up in an always-on world. They view computers as a structural material because almost every aspect of their life is computer-powered. In school the traditional library card has given way to a terminal login with their student id. At work, they enter their hours worked into a computer system and get their cash from the bank via an ATM machine.
The SAT test, the modern Cerberus guarding the passage to higher education and presumably financial success, is as much a test of computer literacy as it is of general knowledge. Otherwise preparation classes like the Kaplan course wouldn’t be able to raise the scores in any significant way. What the Prep classes offer is not a quick cram session for Euclidean Geometry or double digit increases in working vocabulary, but insight into the methodology and process expected by the SAT test. In short, helping the test taker learn to think like the machine.
Their school papers have always been on computers and therefore will never be destroyed when the cellar floods, their friends may move out of the school district but they’ll never really be out of touch via email unless they want to be. Their id numbers, handles, email addresses and domain names define the boundaries of who they are and as they get older, these keys will be the claim checks for retrieval of their memories. This new generation, generation IM, is the first one whose identity is completely defined by their online presence and will therefore always be vulnerable to Identity Theft.
Blind, dead or screwed: The Oedipus family
Legislation will not effectively contain the identity theft problem because:
- It's too difficult to enforce, let alone prove, for legal action to be an effective deterrent
- It's completely orthogonal to homeland security
- Identity theft's cousin, Direct marketing, is a protected species
Judicial actions can be effective by building up a foundation of applicable case law and by being punitively brutal to the perp when given a chance. Unfortunately, the basic ammo to load the judicial guns, ie; some clear guidelines on identity, are not at hand.
Each individual must be vigilant in protecting their own identity and controlling access to their digital keys. Like losing a wallet to a pickpocket, reporting the crime to the authorities is a futile gesture after the fact. Smart tourists wear a money belt.
What's in a name?
Identity theft is not about numbers and it’s not about money. If it was, we could write laws to protect ourselves. We could easily create a national id card with biometric identifiers and use it to identify ourselves in public areas, pay for all of our purchases and contain a sample of our DNA and medical history for health care. Yes sir, we could use that card to buy our condoms and Viagra and Herpes medicine and Zit cream at the drugstore and then use the same card at the toll booth to get onto the highway, while of course going the speed limit so we don’t receive an automatic ticket so we can come home to our house and use that card one more time to disarm the alarm system. Every artifact that we interacted with knew who we were and added what we did to governmental and probably commercially available transactional databases.
The easy way to solve Identity Theft is to systematically remove any ambiguity of who we are or what we are at any time or place, real world or virtual. Anything less provides an opportunity for theft. That is the price for freedom.
• Respond on the Message Board
• Back to Previous Page
|
