Rants, raves, and musings about Identity from the Old Man in the Corner, Dave Kearns.
|
About Dave Kearns
IdM Journal Wired Windows Dave Kearns' Fusion newsletters on:
|
Thursday, July 21, 2005
Allons enfants!Sun's Robin Wilton is blogging from the Liberty Alliance meeting in Chicago and today posted about a workshop on Identity Theft he attended. After stating that he "was pleasantly surprised at how much momentum there is behind the ID Theft initiative," he mentions one part of a possible solution broached by the group:"It seems clear, even after a day of mostly US-oriented discussion, that ‘Data Controllers‘ are vital in both theory and practice. In theory, because defining the responsibilities of a data controller looks like the best way to start setting our a clear and comprehensive range of ID Theft guidelines; in practice, because there is already a body of expertise and experience (most notably across Europe) about how the data controller role can be executed to good effect." To my friends at the Liberty Alliance: HAVE YOU NOT BEEN LISTENING? A major theme at last week's Catalyst Conference, attended by many Liberty Alliance members, was the rise of user-centric identity: each user as the controller of their own data. Most identity theft is accomplished through old-fashioned fraud or new-fashioned dumpster-diving followed by authentication fraud. It's just a modern twist on the old bunko, a con game with a wider range of victims. Putting users in control of their own data, and needing to approve and verify it's dispersal, could cut a majority of this fraud. Making lending and credit-granting institutions verify their applicants through authoritative sources with the consent of the user could wipe out most of the rest of this fraud. Institutions seem powerless to prevent the fraud from happening. Or are simply reluctant to take the steps necessary. Users have a much bigger stake. Empower them to protect themselves. LID, Sxip and other user-centric identity schemes are not, as yet, fully-baked but they are showing the way. User-centric identity is an idea whose time has come, it's time that the corporate world recognized it. Tuesday, July 19, 2005
Phishing without a computerJohannes Ernst pointed me to an entry on David Cowan's (he's a VC at Bessemer Venture Partners) blog outlining a real scam he conceived and executed on the spur of the moment to illustrate to his wife why he invested in so many security companies.As with all of the "identity theft" stories in the press, Cowan illustrates why these aren't computer problems, but societal or access problems which can happen any where, any time. Kim Cameron points to a Gartner study (as reported by the Wall Street Journal) which reports survey data suggesting that "Internet Scams, Breaches Drive Buyers Off the Web." Actually, though, it's stories in media such as the Wall Street Journal which lumps all manor of crime into the "identity theft" category which drives people away from the web. As far as I can tell, no one going directly to a bank on-line site (as opposed to clicking a weird link in their email) has ever lost a penny nor had their identity "stolen" nor been a victim of a scam (at least in regards to that transaction). Yet Cameron notes: "According the story, 77% of concerned online-banking customers said they are using online banking services less frequently. More than 4% of those Internet banking customers concerned with fraud have abandoned online banking altogether." People in the security community, of course, are quick to exacerbate the situation since they believe (wrongly, I feel) that it helps them sell more product. It's time for those in the IdM space - whose technology and livelihood are being dragged through the mud - to step up and begin the process of educating the public, the tech community, the analysts but especially the general press as to exactly where the problems lie.
|
|
![[Powered by Blogger]](http://buttons.blogger.com/bloggerbutton1.gif){kind=small}