Future identity theft: balancing exposure and security
Identity theft made the news again today. Will future identity controls enable us to better protect ourselves? Without limiting expression?
Blame the Victim
Crime prevention is often a matter of telling potential victims to limit their exposure. The message is similar, whether the threat is mugging, rape, or identity theft. This doesn’t sit right with me. Should we force the majority to change their behaviour because a few people may take advantage?
This advice seems based on the assumption that the recommended steps are zero cost. They are not, in many cases.
To limit the utility of a gadget for fear of using it is one thing, though we should not underestimate the effect of that fear. To propose that women change how they dress and act, and where they go and when is quite another.
On these grounds, it is always with some hesitation that I sit in radio studios handing out advice when the latest reports appear about growing online security threats. Like this morning. The latest report from Cifas, showing dramatic rises in identity theft, fuelled in part by the range of information we now share online.
Should I tell people to lock down their privacy settings? To view every email as a potential phishing attack? I’m worried about reinforcing the view, held particularly in some demographics, that the Internet is an inherently dangerous place. That by venturing there, they are inviting attack.
Where I try to settle is on some form of balance. As I put it this morning, it’s about locking your front door, not putting bars across all your windows. Put your privacy settings to a sensible minimum, but don’t retreat from all the wonder that online interactions can bring.
Part of the problem is that the definition and validation of identity is such a tricky thing. For the most part it is defined by the jigsaw of personal information. Information that we all — still — find ourselves entering into forms on a frequent basis. Name, address, date of birth etc. Because we still define identity this way, assemble enough pieces of the jigsaw and someone can pretend to be you.
Could our future identity be better protected and controlled?
Certainly some start-ups are doing interesting things with encryption and blockchain. Controlling access to different services with digital keys, sometimes combined with hardware factors or biometrics. But the setup of these identities still seems to come down to a jigsaw of pieces. Validating that you have control of social networks in your name, for example.
Perhaps we cannot get away from this. Identity is a complex thing. Perhaps the only way to define it reliably is to assemble a unique jigsaw for each person. The trick is not then how we identify each other but how we protect that identity and prevent it being misused.
Challenges to Success
The challenge here is one of fragmentation. What if every service now tries to hold a super-validated identity for its users. Already there are many different people tackling this problem. Can any one service — or even a small group — build up the levels of trust and oversight by users needed to ensure that fake identities cannot exist in parallel with real, just on different platforms?
There’s also an issue of access. Imagine if instead of a credit score, you have a trust score predicated on how many different ways you can validate your identity — access to social networks, banking, credit, bills, location etc. Imagine this trust score becomes an integral part of accessing finance products or — and this doesn’t seem too far fetched in the current political climate — government services.
Before we even get into the evolving definitions of gender and the mass diversification of culture, the very mechanisms by which we hold and control our identities are going to go through rapid change in the next few years. Will we get greater protection against theft and impersonation from future identity controls? Will they enable us to balance access and security?
Right now it is unclear. Historically criminals have usually found a way. Block one vector and they find another. But perhaps with these new technologies we can improve the balance between defence and expression of our future identity.