Identity Crisis?

What if confidence in a person’s identity were eroded to such a degree that it became impossible to prove who you are anymore?

Yes sir, that ID appears to be in order.

Cybercrime is already laser focused on information theft in its many forms; banking details, information to assist in the theft of identity such as driving licence numbers, passport numbers, mother’s maiden name, date of birth, place of birth, the list goes on. Underground forums already exist where this information is traded as a commodity, whole identities for the purposes of financial fraud (loans, credit cards etc.) can be bought for as little as $10 USD.
Much of this theft is accomplished through the use of malware, malicious software infecting people’s computers. This type of criminal malware used to be the preserve of organised crime, as the cost of purchase was prohibitive to hobbyists. Now however, ZeuS for example which used to be a top-end product is available to download free of charge. ZeuS and malware like it has advanced information and remote control capabilities that allow an attacker to snoop on, or modify or steal any information stored in your PC, entered into your browser or any key you press on the keyboard. Crimeware of this sort has become so widespread and so cheap that criminals are now resorting to selling it with add-on services such as hosting or management in order to attract customers.
In an age where utilities companies, credit card companies, banks and other financial institutions are moving their customers ever more toward online services, e-billing and e-statements aren’t we only making it more simple to steal an identity and at the same time more ethereal to assert one? Stolen documents and templates for document creation are available online if you know where to look, so that’s your driving licence taken care of and your passport for that matter. When it comes to proving your address; well don’t you normally need something like your most recent utility bill, for a mortgage your last three months bank statements…
The standard advice has always been, and continues to be “Buy a shredder, shred all personal correspondence, deter identity thieves”. The truth is though, much identity theft is perpetrated electronically and if the criminal can use their software to steal your login details for your utility companies, bank and mortgage provider they have no need to go rummaging through your bin bags at three in the morning.
What do I have, what do any of us have, that really incontrovertibly proves that we are who we say we are? Remember biometric identification is only as good as the initial ID itself, so if I can be you, I can be you enough to apply for a biometric document and present my *own* fingerprints, iris or facial geometry. What then? Do I become you? Who then are you? If we gradually change the parts of a car until nothing is left of the original and yet all the parts make the whole, is it the same car?
If trust were eroded to such an extent that no one had the confidence necessary to trust a “proof” of identity, what would be the outcome? Would the local and even global financial system collapse as the risk of lending became too great? Would the world of online consumer commerce carry on regardless, asserting that “reception of funds is sufficient proof to ship” thus furthering the crisis of confidence as everyone’s bank accounts became a public and shared utility?
In a worst case scenario the financial system as we know it today ceases to exist, no further mortgages or loans are possible, bank accounts become untrusted by default rather than inviolate bastions of privacy. Criminal intelligence that relies on tracking identities, such as counter-terrorism, declines in capability until it represents a liability and serious inconvenience to the innocent as they are repeatedly accused of acts they did not commit. We cannot retreat back into the paper based society of the 1900s as advances in information technology have voided any pretence of reliability that may ever have offered. Neither can we rely on having chips implanted under our skin, that technology as it stands today has already been shown to be unreliable, and besides, if all it takes is ownership of a chip, then aren’t offenses such as kidnap and murder viable options for identity theft?
Perhaps society would return to the parochial notion of “If you weren’t born in the village then I don’t know you and I don’t trust you”; no change then for where I live!

4 thoughts on “Identity Crisis?

  1. JoviU

    Before reaching the end of this entry, I was actually thinking of that chip that can be embeddeded on skin. You raised good points we can ponder on about, but I think there will come a time that all concerns about it will be addressed. I haven’t been following the news on the embedded chip since it debuted on the news years ago, but I think it won’t hurt to assume that the people behind this technology are continuing to improve on it. Perhaps that is something we should look forward to in the future? :)

    I had a great read (and you got one helluva cute kid there ^^)!

  2. Pingback: Identity Crisis? | Business Computing World

  3. Brian Honan

    Excellent post Rik and you raise some interesting points. I have also spoke about the same issues with regards to how people are “verified” by third parties such as government agencies etc. Indeed I have often said in presentations I have given on the topic “Once your umbilical chord is cut you rely on third parties to verify who you really are”

  4. Pingback: Tweets that mention Identity Crisis? » CounterMeasures --

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.