Keeping Identity and Privacy Safe
Proving your identity whether in person or online has become a normal part of everyday life. The security industry however has a vision of replacing long lists of codes and passwords and stacks of documents with a single, common identification that can be used whether checking in at the airport or buying a teapot online.
If you are like most people in this technological society you have a long list of usernames and corresponding passwords authorizing you to access your work/home computer, online banking services, multiple email accounts etc. Perhaps you even have a document on your computer or in your desk listing these multiple identities. Today’s online environment requires that your identity be managed with encumbering and redundant methods. Additionally, we must all carry one or several government issued ID’s depending on whether we plan to drive a car, apply for a job or leave the country.
The government has always had an inherent involvement in identity management. Few know this better than Guy Van Keer of Belgium who according to the 2005 Guinness Book of World Records owns 7,637 passports and documents issued from over 130 countries and dating from 1615 to the present. His most valued item is a Chinese passport dated 1898 and valued at $52,830, however, that figure is insignificant when compared to the value of one’s individual identity and the ability to manage it securely.
One single identity
The ultimate goal of identity management has been suggested to be: having one identity for each user and a single infrastructure for verification. As can be inferred from our current situation, we are a long ways away from such a ubiquitous solution. Perhaps the largest hurdle to overtake on the road to the ideal solution is one of selecting the group or organization that will bear the responsibility. The government has the experience, funding and motivation to accomplish the goal and as such is a seemingly obvious choice. The problem is one of trust; people are reluctant to place such complete trust in any government or private organization for that matter. People are ever demanding increased security but do not want to compromise the freedom that they value above so many other things.
In 2001 Malaysia instituted its Government Multi Purpose Card (GMPC or MyKad), requiring that all new ID’s be issued in a dual interface contact/contactless smart card format capable of storing driver license, passport, and medical information. Recent reports have reflected a lack of interest on the part of Malaysian citizens to adopt this program; those who have been forced to change over because they need a new ID or have applied for their first ID do not use the ATM features or the online government applications. In addition very few people have volunteered to change over from the traditional document. The most popular theories on this problem arise from security. The average citizens are not familiar with the technology and fear that the government will track them and their activities while criminals are offered an easier way to steal from them.
Securing that one ID
With only one identity, the question of identity theft becomes an important issue. If every person has only one identity document or card and this is to be trusted implicitly then what happens when a criminal is able to gain access to this ID? The Federal Trade Commission developed and maintains a complaint database titled The Consumer Sentinel1. Between January 1 and December 31 of 2004 there were 653,173 complaints filed through this resource and related to identity theft of some kind; reported losses totaled over $547 million. Technology is continually being consolidated into fewer devices and the future may hold a time when your phone, day planner, driver’s license, medical information, passport, contactless key to your home/car, and financial transaction capabilities are all integrated into one electronic device.
Indeed added levels of security will be required. Two primary levels of protection are suggested: new legislation to control the flow of personal information, and a personal identifier or attribute that only the proper owner possesses. In many European countries where identity theft is hardly a concern there are laws prohibiting the production and sale of personal information databases2, and people use smart card versions of their credit cards that also require a PIN for authorization. In the future extremely reliable biometrics may emerge and be used in place of the PIN to verify that the user is the correct one.
It is clear that a consolidated version of identity management is needed, but people are reluctant to support a system that could compromise their freedom and certainly reluctant to accept it when they are forced to change. Exactly how security, trust, privacy, and functionality will be integrated into a single ID is as of yet unclear; no country has successfully accomplished this, but those who have come close use a combination of legislation to protect the personal information of its citizens and government initiative to implement a program.
ASSA ABLOY ITG works continually to develop more secure methods and products for identity management, while at the same time maintaining involvement in legislative activities to ensure that the privacy of citizens is protected without hindering the development of new technology.
Testar ytterligare en gång