spread the dot jenett.radio.randomizer - click to visit a random Radio weblog - for information, contact randomizer@coolstop.com

Security

 Friday, June 13, 2003

Public Information, Publicly Accessible

Our governments collect a lot of information that is public: the sales of lands, boundaries between properties, birth records, and so on. Most of this information is not public knowledge, because, while it has been collected, it is virtually inaccessible. While it is available to all who ask, asking takes some effort. Go down to town hall, find the clerk, ask for it, pay any duplicating fees, and there you have it.

The Internet has changed this. Now finding public information is easy.

We are not used to public information being public knowledge, and so we act as if it were private.

We even build systems that assume that information is private. The clearest examples of which are systems which use your birth date, mother's maiden name, and Social Security number to validate your identity. My birth date is public information. My mother's maiden name is public information. My Social Security number is not, but it may as well be since it's used by almost everybody.

Now there's a problem with identity theft, because the systems are using non-privileged information in order to assume a certain identity. And that assumption is false. The problem — though your perspective may be different if your identify has been used fraudulently — is not that the identities have been stolen, but that the systems are flawed.

These systems were built to avoid the difficult scalability problem of knowing everybody. Given some thought this can be more effectively addressed without assuming that public information is not public knowledge.

3:43:07 PM # Google It!
categories: Identity, Security