Momentum Builds for Digital IDs

 
 
By Chris Nolan  |  Posted 2005-06-09 Email Print this article Print
 
 
 
 
 
 
 

Opinion: Given the current ease of data theft, consumer demand may spur development of more secure forms of ID.

Its beginning to feel like a weekly occurrence: A large company with sensitive employee or customer information—financial records, Social Security numbers—announces that its security has been breached. Theres a flurry of headlines and then a little pause. Then theres another announcement by another company. This week it was CitiGroups turn. The company said digital tape records carrying customer credit ratings had been lost en route to a credit agency. In this announcement, CitiGroup joins Time Warner, ChoicePoint and Lexis-Nexis in having to acknowledge security breaches or loss of records, although CitiGroup said that, as far as it could tell, no harm had been done any of its customers. Whats going on here? Why are these incidents in the news all of a sudden?
For that you can blame California politicians. Lawmakers probably didnt intend to launch a drumbeat of bad publicity for credit card and other big companies when they passed a law requiring those companies to notify customers when they learn that their personal information has been released. But thats the effect the law is having.
Its simply too hard to parse out California customers—the state is so large that it would receive most of the notices anyway—so companies are erring on the side of caution and telling everyone when theres a potential problem. And that drumbeat of publicity is, itself, having consequences. Click here to read about Bank of Americas approach to fighting identity theft. Not to be left out, other states are passing or introducing their own legislation mimicking Californias law. And its fairly clear that Congress will take similar action by the end of this year. So notification will become the law of the land. That, of course, could mean more bad publicity.
Which raises a more important question: What—really—is to be done in the long term? Its hard to tell. Part of the problem, says Larry Ponemon, a data security and privacy expert, is that Congress and the Federal Trade Commissioners (the FTC is the agency that oversees fraud and other consumer issues) isnt very technically sophisticated. They dont see the range of trouble and theyre often dismissive of sophisticated solutions. "I dont think the regulators understand the complexity of the problem, said Ponemon, who has been called in to talk to some groups on Capitol Hill. "Their technological acumen is pretty low." Well, its hard to make a group of folks who depend on being recognized by the Capitol Police as they walk around the U.S. Capitol and its surrounding office buildings understand the utility of, for instance, a barcode system of tags that could be read by sensors embedded in doorways thresholds. For the unsophisticated, it just seems too easy to rely on a machine, not a man who smiles and holds the door. The security systems that are used today—reliance on personal information like birthdays, mothers last name, Social Security numbers—worked well when commerce was based on paper and information was harder to discover and difficult to save in an orderly fashion. Once information is stored in a database it can be found, replicated, linked to other information and easily shipped around. That, of course, makes it easy for an American shopper to use a credit card in Singapore or for a business traveler to claim frequent flyer miles at the airport check-in, but it also creates easy opportunities for theft. Once a thief knows a little, he knows a lot. One solution that appears to be gaining some credibility is the idea of a Digital ID. The ID—a number or code—could be replaced if it fell into the wrong hands. Unlike a Social Security number, its not tied to bank accounts or credit reports. There are problems with this idea, of course. It cant be sloppily managed like, say, the allocation of Social Security numbers has been. If compromised, the system would never work properly. Its got to be tightly managed from the beginning. Read more here about Microsofts digital ID vision. Still, the idea of a system which separates identifying features from the accounts that are currently associated with ID—namely Social Security numbers—isnt a bad one. But Digital ID does sound a little too controlling for some. Its a bit too close to the creation of a national ID card—in fact, its probably a first step—and that is a concept that will meet with strong opposition from a number of quarters in and outside the tech community. Certainly, frustration is building, and the regular announcements about data security breaches arent going to ease anyones fears. Instead, they may well increase peoples worries. Consumers, frustrated by seeing their personal information released again and again into the wrong hands, and especially business and other frequent travelers frustrated by airport and immigration delays and a growing sense that online security is far too fragile, may well force some sort of universal solution. It wont be immediate—its maybe four or five years away—but its coming. Check out eWEEK.coms for the latest news, views and analysis of technologys impact on government and politics.
 
 
 
 
Standalone journalist Chris Nolan runs 'Politics from Left to Right,' a political Web site at www.chrisnolan.com that focuses on the intersection of politics, technology and business issues in San Francisco, in California and on the national scene.

Nolan's work is well-known to tech-savvy readers. Her weekly syndicated column, 'Talk is Cheap,' appeared in The New York Post, Upside, Wired.com and other publications. Debuting in 1997 at the beginnings of the Internet stock boom, it covered a wide variety of topics and was well regarded for its humor, insight and news value.

Nolan has led her peers in breaking important stories. Her reporting on Silicon Valley banker Frank Quattrone was the first to uncover the now infamous 'friend of Frank' accounts and led, eventually, to Quattrone's conviction on obstruction of justice charges.

In addition to columns and Weblogging, Nolan's work has appeared in The Washington Post, The New Republic, Fortune, Business 2.0 and Condé, Nast Traveler, and she has spoken frequently on the impact of Weblogging on politics and journalism.

Before moving to San Francisco, Nolan, who has more than 20 years of reporting experience, wrote about politics and technology in Washington, D.C., for a series of television trade magazines. She holds a B.A. from Barnard College, Columbia University.

 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Close
Thanks for your registration, follow us on our social networks to keep up-to-date
Rocket Fuel