Millions pumped into identity theft project
Bring on the brains
SECURE IDENTITY MANAGEMENT SYSTEMS are going to receive a make-over courtesy of our good friend the government.
The Whitehall-funded research project will be launched some time this October and will be titled Vome (Visualisation and Other Methods of Expression).
The three-year project will unite experts at Cranfield University, Royal Holloway University of London, Salford University, Consult Hyperion and Sunderland City Council with an aim to stamp out identity theft which is costing the UK £1.7 billion a year.
The egg-heads will look into privacy and consent for identity management in order to help users make well-informed judgments on which sites they use, how to use them and, more importantly, what information they give out.
"There is a concern that people aren't really clear about the value of their unique identity”, explains Debi Ashenden, lead researcher at Cranfield University.
Vome will involve a £5.5m investment from the Economic and Social Research Council (ESRC) and the Technology Strategy Board, Engineering and Physical Sciences Research Council (EPSRC).
This huge investment will also be used to fund two similar projects which will also concentrate on identity protection.
Project results are expected to be published some time in September 2011. µ
L'Inq
Computer
Weekly
Comments
its the use of false identity
It is the use of a false identity or alias that is becoming more and more commen with the internet and it needs to be stop. Also people who commit these crimes must be punished and punished hard. Unfortunatly the hotels with bars that we put them in are not unplesent enough to stop them doing it again. We need a complete rethink on what we are doing because it is not working. And no system will very be completly safe just harder to break but today once it has been broken it is too easy to use it over and over again.Wrong direction
Why not begin with the label? Let us change it from "identity theft" into "acceptance of falsified identification". The first word indicates the root of the problem. It is the fact that companies like banks, service providers and merchants, but also governments accept falsified identification. And they can easily do that because the burden of proof is transferred to innocent people, whom we call the "identity theft" victims. How is an individual suppose to go after organised crime that includes felons, banks and a government, not to mention courts who are unwilling to put an end to this story?If you think things are bad in the UK, you should take a close look at the situation in the USA. The misuse of the "social security number" has reached astronomical proportions and the US government is doing nothing to fix the problem. Instead of making it illegal to use the social security number for anything but social security, the US government forces more and more organizations to require the social security number for identification purposes. This is a simple number that is being used as means of identification. Nuts!
Speaking of identity theft studies
I would love to have a serious analysis done in the US as well. Someone needs to inform credit card companies and employers that it is NOT ok to require a Social Security Number when an application is turned in. Yes, not even for a job. I want to be in charge of my own taxes, not give the responsibility over to some idiot who's chosen KFC as a career.Get the cards to perform a function
so that they need more than just a series of numbers. All you need is a photo of a credit card and you can use it online, that's ridiculous.Simple fix: ask the customer a question based on their account password. Something like what is the 1st and 4th characters of your password. Vary it each time, that will make it more difficult for cards to be used.
Easy peasy, can I have the 1.x billion now please?
And why does it cost 1.x billion, just put a 10mil-100mil prize to whoever has the best method and make it open source. Much cheaper and more effective. Can you imagine how many geeks would be working on this and how clever it would be if they thought they would get a share of 100mil?
Even Better Solution: hash of low-res pic.
Get a low-res pic, like icon-size for an ID card, and get the hash of it, or some mathematical transform of it.Make it so that the ID card, when plugged into a reader, displays the encoded information
( name,
age,
address,
yes/no driver's licensed + which rating,
state of registration,
signature
- no signature on the physical card, so someone could have a specific signature for the ID card, and any thief would need a reader to discover that )
and the mini version of the pic that's encoded.
Make it so that changing anything will break the encoded information.
Make it so that the encoded image can be compared with the actual person.
Make it so that anyone trying to get a false one automatically gets 3 years, but getting a replacement ( & the old one deactivated ) is quick & easy.
Make 'em so they self-destruct when anyone is trying to crack/hack 'em.
This wouldn't require SS#/SI#, wouldn't make anyone's health information available, and would be much safer than what alternatives are being pushed.
The real threat, however, is the authoritarian motivation for the You Must Obey ID-schemes being pushed: a few more years and the prequel-to-execution "Your Papers Are Not In Order" will be heard in our countries...
"stamp out identity theft"
Might want to start by stamping out government loss of personal data, no ?