how to create the perfect fake identity

Eugen Leitl eugen at leitl.org
Thu Sep 4 08:21:01 PDT 2008


http://www.wired.com/politics/security/commentary/securitymatters/2008/09/securitymatters_0904

How to Create the Perfect Fake Identity

Bruce Schneier Email 11 hours ago

Let me start off by saying that I'm making this whole thing up.

Imagine you're in charge of infiltrating sleeper agents into the United
States. The year is 1983, and the proliferation of identity databases is
making it increasingly difficult to create fake credentials. Ten years ago,
someone could have just shown up in the country and gotten a driver's
license, Social Security card and bank account -- possibly using the identity
of someone roughly the same age who died as a young child -- but it's getting
harder. And you know that trend will only continue. So you decide to grow
your own identities.

Call it "identity farming." You invent a handful of infants. You apply for
Social Security numbers for them. Eventually, you open bank accounts for
them, file tax returns for them, register them to vote, and apply for credit
cards in their name. And now, 25 years later, you have a handful of
identities ready and waiting for some real people to step into them.

There are some complications, of course. Maybe you need people to sign their
name as parents -- or, at least, mothers. Maybe you need to doctors to fill
out birth certificates. Maybe you need to fill out paperwork certifying that
you're home-schooling these children. You'll certainly want to exercise their
financial identity: depositing money into their bank accounts and withdrawing
it from ATMs, using their credit cards and paying the bills, and so on. And
you'll need to establish some sort of addresses for them, even if it is just
a mail drop.

You won't be able to get driver's licenses or photo IDs on their name. That
isn't critical, though; in the U.S., more than 20 million adult citizens
don't have photo IDs. But other than that, I can't think of any reason why
identity farming wouldn't work.

Here's the real question: Do you actually have to show up for any part of
your life?

Again, I made this all up. I have no evidence that anyone is actually doing
this. It's not something a criminal organization is likely to do; twenty-five
years is too distant a payoff horizon. The same logic holds true for
terrorist organizations; it's not worth it. It might have been worth it to
the KGB -- although perhaps harder to justify after the Soviet Union broke up
in 1991 -- and might be an attractive option to existing intelligence
adversaries like China.

Immortals could also use this trick to self-perpetuate themselves, inventing
their own children and gradually assuming their identity, then killing their
parents off. They could even show up for their own driver's license photos,
wearing a beard as the father and blue spiked hair as the son. Ibm told this
is a common idea in Highlander fan fiction.

The point isn't to create another movie plot threat, but to point out the
central role that data has taken on in our lives. Previously, I've said that
we all have a data shadow that follows us around, and that more and more
institutions interact with our data shadows instead of with us. We only
intersect with our data shadows once in a while -- when we apply for a
driver's license or passport, for example -- and those interactions are
authenticated by older, less-secure interactions. The rest of the world
assumes that our photo IDs glue us to our data shadows, ignoring the rather
flimsy connection between us and our plastic cards. (And, no, REAL-ID won't
help.)

It seems to me that our data shadows are becoming increasingly distinct from
us, almost with a life of their own. What's important now is our shadows;
we're secondary. And as our society relies more and more on these shadows, we
might even become unnecessary.

Our data shadows can live a perfectly normal life without us.

---

Bruce Schneier is Chief Security Technology Officer of BT, and author of
Beyond Fear: Thinking Sensibly About Security in an Uncertain World. 





More information about the cypherpunks-legacy mailing list