T.Kenji Sugahara wrote: > I think it has to be a combination of both prosecution and prevention. Sure, I'm all for prosecution. > The problem with prosecution in the current context is that is treated > as a property crime. As a property crime, it does not have the same > priority as a personal crime. Many times, identity theft isn't > prosecuted because financial institutions usually take the hit. This > results in a perception among criminals that they can get away with > it. Most of the time they do. It has become so easy to steal an > identity, it's turned into something akin to script kiddies breaking > into unsecured systems. The real problem is that people waste hundred > of hours trying to repair their credit records. These victims keep > getting bills from accounts they never opened... years after their > identity was stolen. It makes it more difficult for victims to obtain > home loans, car loans, etc. I see the problem. I agree that throwing more resources at prosecution will help. My point is that it is rather like trying to keep thieves from stealing $100 bills that we insist on leaving on the sidewalk. Even a nominal effort at prevention will pay off BIG TIME compared to expensive prosecution efforts. > The solution is to vigorously prosecute identity thieves. Personally > I would like to see it made into a measure 11 crime, but again, we run > into the problem of scarce resources, jail space and law enforcement > resources. I hear you. Solution: stop incarcerting people for their choice of recreational chemicals. I'm very tired of paying for a hopeless drug war that cannot be won. > In terms of prevention: > > I'd personally like to see biometric information encoded onto a chip > on your drivers license. (sort of like the chips starting to show up > on some credit cards.) However, you are right, people will always > find ways around the system. There is a biometric encoded on your driver's license: the *photograph*. The problem is that the card is just a stupid piece of plastic, and it is trivial to pry it apart and put in a different photograph. Fancy/different biometrics will do nothing to help. What would help would be a tamper-resistant smart card. Tamper resistant cards store the authentication info on a chip, and are packaged in epoxy and wire such that if you try to cut them open, they fry themselves. But that would cost a LOT of money. > My question is, how would a uniform identity system involving the use > of biometric or other authentication system run afoul of civil > liberties? We're already tracked through our SS numbers, how would > this be any different? It would run afoul of effectiveness. You'd spend a bunch of money on it, and then discover that the ID thieves are back in business within weeks, with no slow-down in their efforts at all. Here's my Swiftian suggestion on how to get organizations to *really* stop using social security numbers as authenticators: publish them in a big book. Make a *really big noise* about the fact that Oregon is sick and tired of ID theft, and therefore is going to publish everyone's social security number in a giant database. It will be available on the web, and on CD to anyone who asks. Horrors! This will make it easy to obtain social security numbers. All too easy. It makes them so hopelessly ineffective that even the dumb asses who are using them for authentication now will have to switch to something else. Just make sure that you give the public 6 months notice on this move, so the various orgs that need to clean up their act have time to deploy. I called this Swiftian. I lied: I'm deadly serious. This will work, if the State has the courage to go through with it. The only way to get people away from the illusion that a social security number is a decent authenticator is to utterly destroy its authentication value. Stop social security number theft by making them not worth stealing. Crispin -- Crispin Cowan, Ph.D. Chief Scientist, WireX http://wirex.com/~crispin/ Security Hardened Linux Distribution: http://immunix.org Available for purchase: http://wirex.com/Products/Immunix/purchase.html
This archive was generated by hypermail 2b30 : Fri Sep 27 2002 - 00:10:11 PDT