Identity Theft - A real growth industry

While working as an R&D Manager at Visa in the mid-nineties, I had the chance to do a lot of thinking about payment systems, identity, trust, security - all the things that have to be present for value to be exchanged between parties. Visa was heavily involved with the then newly emerging field of public key cryptography as a way of enabling payments on the Internet. The problem was that the systems being proposed were hopelessly complex to use and to implement. Thinking about the societal implications of using certificates and computer stored identity, I became increasingly concerned about the potential for identity theft and false accusations. If everyone agrees that a method is secure, then there is a natural tendency to assume guilt if the method says the person is involved. As we have seen with fingerprints (not unique after all), DNA (not unique, but statistically significant), and biometrics (easily fooled by Jello), it is dangerous to rely on technology to ascertain identity to the exclusion of all other factors. My major concern about storing one's identity in a computer, or chip, or cellphone is what happens when it is stolen. Indeed, the fact that identity is available to be stolen guarantees that it will be. No amount of encryption mathematics is going to prevent misuse by the average customer who fails to safeguard what has now become the key to his entire identity and by implication, wealth. Which all leads to the recent release of a report by the Department of Justice, Bureau of Justice Statistics in the US, entitled "Identity Theft, 2004". It appears that the identity theft industry has grown, and continues to grow, quite nicely. The press release headline for the report says it best -

3.6 MILLION U.S. HOUSEHOLDS LEARNED THEY WERE IDENTITY THEFT VICTIMS DURING A SIX-MONTH PERIOD IN 2004