This morning on Fox News Channel as they were discussing the Bank of America information loss one of the pundits bluntly declared that we are living in an information society and there just isn't good information security. He is right.
Pete Lindstrom has a great idea on his blog which is to publicly publish social security numbers. At first blush it seems like an insane idea... think of all of the identity theft! But that is the beauty of his idea - social security numbers are not an adequate mechanism to prevent identity theft since they really aren't secret. Neither are credit card numbers nor drivers' licenses nor passport numbers.
Today is was just announced that Bank of America lost backup tapes containing personal information for a million customers. Last week Choice Point sold personal information of 145,000 people to crooks. T-Mobile allowed unauthorized access to its customer databases over the last year (although it wasn't until Paris Hilton was put out that it made the headlines).
And unless we change our model it is only going to get worse. New strains of spyware are motivated by profit - expect less obvious and more insidious techniques for obtaining your personal information since it yields financial gain right now.
So we need to get to a place where knowing my personal information such as social security number, credit card numbers, etc. gets a stranger nowhere. How do we do that? First we should consider a national identity system that is designed for authentication. But to overcome the cultural hurdle let's make it optional - let people opt in when they are ready. Let businesses support it at their option - but as we discover that the system reduces identity theft risks their will be a lot of incentive to opt in to this system. I imagine that the system would include a physical token such as a credit card sized smart card that can be used as identity at everything from airports to grocery stores. Embedded on this identity card would be one or several digital certificates issued by various Certificate Authorities of the person's choosing. This might include employers and governments. You would also use these certificates for online transactions without necessarily having to use the card. For your personal computer you would safely store the certificates, on public systems we might have a smart card reader.
Bottom line - my social security number would only ensure that my taxes go to the right account once I am authenticated. Think of this like my phone number or street address - having them doesn't get you my mail or phone calls. If you don't want to move to the new system... fine... get in line and fill out the paperwork.
Do you want to get a free personal digital certificate right now? Go to Thawte and see if you have some local notaries in your area if you want to have an authenticated certificate. (The biggest flaw in the system right now is the lack of a good US identity card to authenticate to - I always require a driver's license and some other acceptable ID card.)
Same goes for Mother's maiden name. Unfortunately, it is still being used as authentication even at this day and age. Change takes a long time, but I like your "opt-in" idea!
Posted by: Saar Drimer | February 26, 2005 at 04:27 PM
I don't want to outsource my authenticators, and I don't think you (usually) do either. It makes for some very ugly incentives to pervert the issuers of authenticators. Why does Blockbuster issue a card? Why does Visa? Why not key everything off the drivers license?
There are very good reasons, including local control of identifiers, local revocation, and local issuance.
Posted by: Adam Shostack | February 27, 2005 at 12:02 AM
The driver's license is not ubiquitous (only US drivers need one) and each state has a different one with varying levels of qualifications as to proving authenticity of holder. What use is a driver's license in a state where an illegal alien can obtain one - we certainly don't know their identity.
I say offer a market of authenticators so we can choose based on our criteria. The Blockbusters and VISAs of the world are trying to get us to buy their services, their cards offer little value in identity, just business risk reduction. Let a host of groups offer authentication, non-profits, military, commercial, hobbyist, banks whoever wants to try. I would pay money for this service to a few of the instituions that I already trust. Personally I wouldn't allow Microsoft to do this for me even if free. (Passport being a failed attempt at this.)
Posted by: Stuart | February 27, 2005 at 12:22 AM