ID Theft and the 18-24 Set

Matt Rose has an interesting post, “What is Higher Education’s Role in Regards to ID Theft?:”

A recent study by the US Justice Department notes that households headed by individuals between the ages of 18 and 24 are the most likely to experience identity theft. The report does not investigate why this age group is more susceptible, so I’ve started a list…

It’s worth looking at. I’ve suggested the random slinging of SSNs about as part of the applications process, but would like to add applications to rent property. The stock forms demand absolutely everything you need to steal an identity, with the possible exception of mother’s maiden name. The maiden name is more useful for account-takeover fraud, which is less damaging to young people, since they’re unlikely to have rich accounts to drain.

EU Courts Rule Against PNR Sharing with USA

The European Court has ruled the US/EU treaty on data sharing around air travelers is not legal. (I’m not saying “about air travelers” because I read Ed Hasbrouck, and thus know that PNRs contain data on more than just the travelers.) That’s not why I’m posting. I’m posting because of this choice quote from the New York Times, “European Court Bars Passing Passenger Data to U.S.:”

“The planes will continue to fly and the security data will continue to be exchanged,” [DHS Spokesman Jarrod Agen] said. “There wont’ be any lowering of the data protection standards or effect on passengers or disruption to air traffic in the near term.”

Of course not. The data protection standards can’t get any lower, unless maybe we posted it all on the internet.

The SSN Is Also A Poor Identifier

oswald-social-security.jpgThere’s an idea floating around that a major problem with SSNs is their dual use as identifiers and authenticators. (For example, Jeremy Epstein, “Misunderstanding the risks of SSNs,” in RISKS-24.29) This is correct, but the phraseology leads to people trying to solve the problem by saying “if we just used SSNs as ID numbers, and made them all public, we’d be fine.”

This is dangerously seductive and wrong.

  • They’re too short: 30% of all possible SSNs have been issued.
  • They lack a check digit. Between these two, you should never design an identifier like this, because any keying error is acceptable, and likely to affect a two people.
  • They’re externally issued. This one is a little subtler, and I will argue by analogy. Mastercard and Visa, who understand risk management, make up their own numbers. They do this so that they can control when the numbers change, rather than being controlled. Seems like good database design to me.
  • As a design principle, compartmentalization adds to resilience. (Kim Cameron had a good post on this, “IBM Researcher Rejects UK Identity Card Scheme.”)

Not only is the SSN a poor identifier, but the use of the SSN as an authenticator will end up living on, even if we published them all, as Pete Lindstrom has suggested. What Lindstrom hopes is to stop the use of SSNs as authenticators, but that’s not done by publicizing them. If we want to stop the use of SSNs as authenticators, we could pass a law to do that. So why not work for that law, rather than one we hope will cause the courts to impose negligence penalties in accordance with our hopes?

Related to the resilience of a system, national ID numbers are inimicable to liberty. The English understood that what a government wants to control, it must first enumerate, and called the enumeration “The Doomsday Book.”

So, using the SSN as “just an identifier” is a bad idea. Publishing a list of them is a baroque and convoluted way to reach a useful goal, although it has great value as a publicity stunt.

(Lee Harvey Oswald’s SSN card via “Examination of Handwriting and Fingerprint Evidence” report to the Select Committee on Assassinations. Note the useful identifier.)

Maybe they can borrow a few million from the IRS

[T]he VA’s inspector general, George Opfer, said that the agency had been unable to formally notify the affected veterans because “we don’t have 26 million envelopes.”

via the Bradenton Herald
Now that the funny part is out of the way…

Asked the cost for preventing and covering potential losses from identity theft, [VA Secretary] Nicholson estimated “way north of $100 million” and did not rule out a total as high as $500 million.

I’m curious what is meant by “covering potential losses” here. It sounds like an effort fraught with peril, or at least imprecision, unless you just want to give an insurance policy to 26.5 million people, not caring whether their losses are due to this theft or some unrelated one.

Compartmentalization of Identity

ss-global-identity-deployed.jpgKim Cameron has a post, “IBM Researcher Slams UK Identity Card Scheme” in which he writes:

He couldn’t be more right. My central “aha” in studying the British government’s proposal was that the natural contextual specialization of everyday life is healthy and protective of the structure of our social systems, and this should be reflected in our technical systems. A technology proposal that aims to eliminate compartmentalization rejects one of the fundamental protective mechanisms society has evolved. The resulting central database, where everything is connected and visible to everything else, is as vulnerable as a steel ship with no compartments – one perforation, and the whole thing goes down.

It’s a tremendously important point. Our lives are naturally, usefully, and importantly segmented. In 1959, Erving Goffman discussed this in the (still important) “Presentation of Self In Everyday Life.” (Wikipedia article, or some excerpts…I know. Books. Get over it, there’s some useful stuff stored that way.)

His basic thesis is that we play roles: “school principal” or “mother” or “doctor” or “bribe-accepting Congressman,” and that each of these roles has its own quirks and presentations, and it is useful and important to separate them. An identity system that doesn’t support that in powerful ways is far less likely to be adopted.

Jangl, Private Phone Numbers

jangl-logo.jpgSiliconBeat has a story, “Jangl’s new angle on phone calling:”

Jangl is a new phone service that, initially anyway, will allow people to anonymize their phone numbers the same way they can their email addresses when posting on places such as craigslist. When you sign up with Jangl, you get access to disposable phone numbers that you can share with friends or strangers with whom you transact business. The phone numbers forward to your real number and anonymize in both directions.

Seems like a very cool idea. There’s lots of devils in the details, but I generated a one-shot email address to sign up for some one-shot phone numbers.

Sign Design


I came across this sign while I was attending a software design methodology course at an IBM building in London.

After wondering several times why each time I tried to go to the toilets I ended up in the restaurant, I looked carefully at the sign.

Which way would you go at a glance? Which way do you go, knowing that problem exists? The answer may be grokked from the picture, or, read “To Restaurant/Toilets Sign” at This is Broken. (Via Sivacracy.)