What is identity?

Filed Under: Privacy

"Guest blogger Michael Argast: SSN 627-44-3942, DOB July 17th, 1971"

Ricky Argast


I generally consider myself pretty truthy, but increasingly these days I find myself lying. A website needs my date of birth? Make something up. Mother's maiden name: Jones. Favorite pet: a boa constrictor named Squeeze. Place of birth, Dakron, Ohio. High school attended: Douglas Adams High.

The criminals make money acquiring your identity through phishes, and then using that for identity theft. Rates vary from 50 cents to $40 a record, whether it is a credit card number (Visa: 4502 5643 4335 9443, Expiry 06/12) or SSN number (see above) or favorite colour (Turquoise).

There's a famous quote attributed to Willie Sutton, the bank robber, on why he robbed banks: "That's where the money is.". Right now there is lots of money being made by criminals in identity theft. What if, every time they stole an identity, or piece of information, it had a good chance of being false, or wrong, or landing them in jail.

What if, in all those databases that hold our records, 90% of the records were fake, false, contained information designed to trigger an alarm for having been stolen. The value of those records would fall. Crime would pay less.

Anti-spam advocates have been championing the idea of throw-away, single use email addresses for a while as a way to prevent spam. Facebook, Twitter, Myspace - do they really need your birthday? The right one? They're just trying to validate you're not a minor (and if you were, you'd probably lie anyway).

Now, I'm not suggesting that someone build a tool that automatically fills out phishing campaigns with millions of fake records, or purchase billions of dollars of Canadian pharmaceuticals with non-existent credit card numbers, or that banks and retailers create fake trigger credit card records so they know if someone has stolen or intercepted their customer data, or credit card terminals send a dozen fake transactions for every legit one. But if they did...

Michael Argast, writing from Paraguay.

, ,

You might like

One Response to What is identity?

  1. Nigel · 1077 days ago

    Hi "Michael":

    "My name is Boovney Padoonxt. I was born on July 1, 1950. My social security number is 111-22-3333. My mother’s maiden name is Enema Squee. I live at 12 Aulsdich Lane, Throes-on-Pompany, Hogwhistle 12, Nottingshire. My first pet’s name was Cher…or possibly Chewbacca. I raise goats and do some quantum physics on the side. On weekends I play in a Lebanese surf band. We get a lot of work playing for bar mitzvahs in Beverly Hills."

    Your point is well taken. The number of websites that want my real date of birth and other personal information they absolutely do not need is staggering. So, like you, I make up stuff like the phony personal information above. I've been doing it for years...ever since some ne'er-do-well got an oil company credit card using only my name, address, and date of birth. It took eight years to clean up that mess.

    I've had arguments with so many of these stupid websites that it has now become comedy (to me, anyway). For example, when I explain to them that they can't possibly "need" my date of birth for any reasonable purpose, they reply "We have to verify that you're old enough to view all the content on our site, some of which might be objectionable to minors." I reply, "Then ask me to verify that I meet your minimum age requirement. Don't ask me for my date of birth". Sheesh.

    Not only is it none of their business, but what guarantee do they offer that they can keep my information secure? (None, of course.) They won’t listen to reason, and they won’t back down. Their stupidity encourages lying. (Perhaps “stupidity erodes ethics” is a general principle...I dunno.)

    Anyhow, if they insist on acting like jerks, then they can have “Boovney Padoonxt” as a user.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.