Identity Theft, or How To Influence Public Opinion
I've been wanting to write this for a while, but I can never remember to do it when I have the time. Everybody has heard of Identity Theft by now, but just in case you've been in a nuclear shelter the past 10 years waiting for the big one, I'll provide a one paragraph primer:
Identity Theft is a centuries old crime which has the public's attention these days because it has become so much easier to perpetrate due to the massive reliance on electronic data storage, manipulation and migration, all part of the information revolution and in conjunction with the rapid evolution of the Internet. Conceptually, it's really quite simple; the perpetrator assumes the identity of another and performs (usually) financial transactions in their name. Such transactions can include minor stuff like opening a credit card account and using it to steal a few thousand dollars, to somewhat more serious acts such as selling somebody else's house pocketing hundreds of thousands of dollars in the process. It just happens to be a lot easier to do "anonymously", behind a computer screen, hence it's surging popularity.
What I am here to tell you today is that you've been hoodwinked, cheated, lied-to and generally misled about this whole "identity theft thing", by a collaboration of private companies in the "ID theft solutions" industry, politicians wishing to cash in on some political clout, some "experts" who have shrewdly made themselves rather prominent and are now able to cash in on books and speaking engagements, and a financial services industry that loves nothing more than to show how much they care for their customers while screwing them on the backside.
First of all, let's talk a little bit about statistics: everybody loves to flaunt all those numbers that tell you that only last year, 10 or 20 or 30 million people got ripped off through ID theft. Reality check. First of all, these are extrapolations, unfortunately based on somewhat shady original baseline numbers. Second, those numbers represent INCIDENTS, not PEOPLE. That is, if someone stole a credit card checkbook from your mailbox and attempted to cash 10 different checks, it would be counted as 10 incidents. Another way to look at it is that they don't count overlaps; if the same person had their identity "stolen" 100 times, that's 100 people. Of course, pretty much by definition any ID theft crime results in multiple hits on the same person, to "milk" that stolen ID as much as possible. Third, the vast majority of these never end up costing anyone anything; when someone did exactly that to me last year and tried to cash over $15,000 that way, all it took was about an hour on the phone with my card companies to get it resolved, and I never lost a penny. I'm a highly paid consultant, so I could conceivably "count" my hour as worth $275 (my standard hourly rate); of course, that's baloney, since I did it at evening, after working hours, and it really was nothing but a minor inconvenience. And I'm rather "expensive"; it sometimes appears that at least in these statistics, everyone in this great country makes over $100 an hour.
Just think about it logically; if you are to believe the cumulative stats spewed about these past few years, at the end of 2006, over half of the people in this country would have had their identity stolen, each of them suffering between $750 to $3500 worth of damages, depending on who you ask. Such costs are so high that the economy would have literally ground to a halt (150M x $3500 each = that's just over HALF A TRILLION dollars, folks, or over FOUR PERCENT of the US GDP). To hear some of these people speak, you'd think there was a competition afoot to try and find a way, any way, to increase the overall damage done in each consecutive speech. And if you haven't heard your local expert tell you in a little trade show about over, oh, 200 BILLION DOLLARS IN DAMAGES THIS YEAR ALONE, with eyes open big and a booming tone, as they say, you ain't seen nuttin' yet.
But my problem is not even with the snake-oil, because many of these people have good intentions and quite a large number of them have good advice. Oh no. My biggest problem, and where you have been brazenly lied to for years now, is related to the issue of WHAT IDENTITY THEFT ACTUALLY IS.
Let me tell you right now - ID theft has ABSOLUTELY NOTHING TO DO WITH PRIVACY. Nothing. None whatsoever, except that privacy supports ID theft. The next time somebody starts talking to you about ID theft, and leverages privacy in the first five minutes of their spiel, just do yourself a favor and walk away. They are just not worth hearing.
So let's the record straight, shall we? Why isn't ID theft an issue of privacy? I find that the best way to explain these kinds of issues is by way of example. Let's assume that we live in a different world. In this world, everyone has full access to look at everybody's else information - and I do mean full access, including the ability to bring up their health records, criminal history, and yes, financial accounts such as bank and credit card accounts. Oh yes. In this world, you can log in to my bank account any time and look at exactly how much money I have, what I've bought recently, what my birthdate, mother's maiden name and social security number are, the works. Everything.
I'll give you a couple seconds to digest the above, I know, it sounds kinda scary.
Alright. Now, in this world, because information is available to everybody, it is very easy to create a powerful AUTHENTICATION AND AUTHORIZATION system to ensure that only the person performing a transaction is indeed allowed to do so. Why? Because all information is always available, including, say, DNA signatures. So you can very easily get them to use some form of biometric authentication - fingerprint and retina scan, say - whenever they want to transact with someone. In this particular world, (financial) ID theft does not exist, because there is no point in trying to assume somebody else's identity; once you try to perform a transaction in their name you will immediately and automatically be exposed, due to the availability of perfect information.
Note something interesting here: PRIVACY IS THE CHIEF REASON that ALLOWS ID THEFT TO SUCCEED. In other words, privacy and ID theft go hand-in-hand. Anyone attempting to deal with ID theft should be firmly opposed to measures of privacy, because privacy is what allows the assumption of somebody else's identity.
Got that?
ID theft is an AUTHENTICATION AND AUTHORIZATION issue, NOT privacy. It has nothing to do with privacy, except that privacy enables it.
So how do we solve ID theft? only one way; by allowing someone to build a bulletproof authentication system. This means that this central authority will have to have information about each of us - or at least those of us wishing to participate - that would unequivocally identify us, for example, through DNA and biometric signatures, probably obtained partially through things like blood samples. Oh yes. The second part would require that the financial services industry utilizes this central authority to authorize transactions (including account openings, for example). And lastly, merchants will have to incorporate additional measures to facilitate this authorization scheme, for example, getting your fingerprint when you go through the register at Safeway.
Guess what? Do that, and ID theft disappears. Poof. Just like that. Of course, all the privacy zealots will scream that this is a huge violation of people's rights, and their privacy, and blahblahblah (you may note that I don't have much appreciation for privacy advocates), and there you have it, ID theft is alive and well. And why? Because of privacy guys.
Oh well.
Just remember. ID theft is NOT an issue of privacy. There are many, many people out there that have a very powerful interest in making you think that it is, but it is not. In fact, it's quite the opposite. Privacy enables ID theft. ID theft is an issue of authentication.
Identity Theft is a centuries old crime which has the public's attention these days because it has become so much easier to perpetrate due to the massive reliance on electronic data storage, manipulation and migration, all part of the information revolution and in conjunction with the rapid evolution of the Internet. Conceptually, it's really quite simple; the perpetrator assumes the identity of another and performs (usually) financial transactions in their name. Such transactions can include minor stuff like opening a credit card account and using it to steal a few thousand dollars, to somewhat more serious acts such as selling somebody else's house pocketing hundreds of thousands of dollars in the process. It just happens to be a lot easier to do "anonymously", behind a computer screen, hence it's surging popularity.
What I am here to tell you today is that you've been hoodwinked, cheated, lied-to and generally misled about this whole "identity theft thing", by a collaboration of private companies in the "ID theft solutions" industry, politicians wishing to cash in on some political clout, some "experts" who have shrewdly made themselves rather prominent and are now able to cash in on books and speaking engagements, and a financial services industry that loves nothing more than to show how much they care for their customers while screwing them on the backside.
First of all, let's talk a little bit about statistics: everybody loves to flaunt all those numbers that tell you that only last year, 10 or 20 or 30 million people got ripped off through ID theft. Reality check. First of all, these are extrapolations, unfortunately based on somewhat shady original baseline numbers. Second, those numbers represent INCIDENTS, not PEOPLE. That is, if someone stole a credit card checkbook from your mailbox and attempted to cash 10 different checks, it would be counted as 10 incidents. Another way to look at it is that they don't count overlaps; if the same person had their identity "stolen" 100 times, that's 100 people. Of course, pretty much by definition any ID theft crime results in multiple hits on the same person, to "milk" that stolen ID as much as possible. Third, the vast majority of these never end up costing anyone anything; when someone did exactly that to me last year and tried to cash over $15,000 that way, all it took was about an hour on the phone with my card companies to get it resolved, and I never lost a penny. I'm a highly paid consultant, so I could conceivably "count" my hour as worth $275 (my standard hourly rate); of course, that's baloney, since I did it at evening, after working hours, and it really was nothing but a minor inconvenience. And I'm rather "expensive"; it sometimes appears that at least in these statistics, everyone in this great country makes over $100 an hour.
Just think about it logically; if you are to believe the cumulative stats spewed about these past few years, at the end of 2006, over half of the people in this country would have had their identity stolen, each of them suffering between $750 to $3500 worth of damages, depending on who you ask. Such costs are so high that the economy would have literally ground to a halt (150M x $3500 each = that's just over HALF A TRILLION dollars, folks, or over FOUR PERCENT of the US GDP). To hear some of these people speak, you'd think there was a competition afoot to try and find a way, any way, to increase the overall damage done in each consecutive speech. And if you haven't heard your local expert tell you in a little trade show about over, oh, 200 BILLION DOLLARS IN DAMAGES THIS YEAR ALONE, with eyes open big and a booming tone, as they say, you ain't seen nuttin' yet.
But my problem is not even with the snake-oil, because many of these people have good intentions and quite a large number of them have good advice. Oh no. My biggest problem, and where you have been brazenly lied to for years now, is related to the issue of WHAT IDENTITY THEFT ACTUALLY IS.
Let me tell you right now - ID theft has ABSOLUTELY NOTHING TO DO WITH PRIVACY. Nothing. None whatsoever, except that privacy supports ID theft. The next time somebody starts talking to you about ID theft, and leverages privacy in the first five minutes of their spiel, just do yourself a favor and walk away. They are just not worth hearing.
So let's the record straight, shall we? Why isn't ID theft an issue of privacy? I find that the best way to explain these kinds of issues is by way of example. Let's assume that we live in a different world. In this world, everyone has full access to look at everybody's else information - and I do mean full access, including the ability to bring up their health records, criminal history, and yes, financial accounts such as bank and credit card accounts. Oh yes. In this world, you can log in to my bank account any time and look at exactly how much money I have, what I've bought recently, what my birthdate, mother's maiden name and social security number are, the works. Everything.
I'll give you a couple seconds to digest the above, I know, it sounds kinda scary.
Alright. Now, in this world, because information is available to everybody, it is very easy to create a powerful AUTHENTICATION AND AUTHORIZATION system to ensure that only the person performing a transaction is indeed allowed to do so. Why? Because all information is always available, including, say, DNA signatures. So you can very easily get them to use some form of biometric authentication - fingerprint and retina scan, say - whenever they want to transact with someone. In this particular world, (financial) ID theft does not exist, because there is no point in trying to assume somebody else's identity; once you try to perform a transaction in their name you will immediately and automatically be exposed, due to the availability of perfect information.
Note something interesting here: PRIVACY IS THE CHIEF REASON that ALLOWS ID THEFT TO SUCCEED. In other words, privacy and ID theft go hand-in-hand. Anyone attempting to deal with ID theft should be firmly opposed to measures of privacy, because privacy is what allows the assumption of somebody else's identity.
Got that?
ID theft is an AUTHENTICATION AND AUTHORIZATION issue, NOT privacy. It has nothing to do with privacy, except that privacy enables it.
So how do we solve ID theft? only one way; by allowing someone to build a bulletproof authentication system. This means that this central authority will have to have information about each of us - or at least those of us wishing to participate - that would unequivocally identify us, for example, through DNA and biometric signatures, probably obtained partially through things like blood samples. Oh yes. The second part would require that the financial services industry utilizes this central authority to authorize transactions (including account openings, for example). And lastly, merchants will have to incorporate additional measures to facilitate this authorization scheme, for example, getting your fingerprint when you go through the register at Safeway.
Guess what? Do that, and ID theft disappears. Poof. Just like that. Of course, all the privacy zealots will scream that this is a huge violation of people's rights, and their privacy, and blahblahblah (you may note that I don't have much appreciation for privacy advocates), and there you have it, ID theft is alive and well. And why? Because of privacy guys.
Oh well.
Just remember. ID theft is NOT an issue of privacy. There are many, many people out there that have a very powerful interest in making you think that it is, but it is not. In fact, it's quite the opposite. Privacy enables ID theft. ID theft is an issue of authentication.