Re: Identity theft (PGN, RISKS-21.04)
I used to try to keep my SSN private -- then I realized that that's blaming the victim (me). It's not the SSN holder's fault that stores and other institutions use improper means for authenticating people. It's the store's fault. Any information held by a credit bureau is public. So is any information held by any government agency, if I'm to believe the spam I get occasionally. So, that information is not acceptable for authentication -- even in person, but especially online. It's not merely unacceptable when dealing with the credit bureau. The credit bureau poisons the information for everyone. Now -- how do we get consumer protection laws that make it clear that a consumer is not liable for any debts incurred by someone claiming to be him/her unless there is irrefutable authentication during registration (e.g., videotape of the consumer signing up for the service). This means killing all issuing of credit online, by mail, by phone, etc. Maybe I'd stop getting all those credit-card applications in the mail.... [This opens a technical challenge: how can we authenticate anyone, if we rule out information that an attacker can get?] - Carl --- All inventions or works of authorship original to me, herein and past, are placed irrevocably in the public domain, and may be used or modified for any purpose, without permission, attribution, or notification.
participants (1)
-
Carl Ellison