Though we say to ourselves "I know who I am", this scenario illustrates that identity and a person are not the same things. This separateness is what leads to misidentification and to identity theft.
There is a great deal of information on identity theft. Although this is one of the great scourges of our time, we pay little attention to what identity actually is. Philosophers, sociologists, and psychologists have studied many of the intangible aspects of identity. Some of these are the origin of the conscious experience, group affiliation, and self-image. In this article, I focus on the question, "What are the concrete and practical aspects of identity that we use every day to facilitate transactions?"
What is Identity?
It is a fact or set of facts that is associated with a particular person. These facts may be standardized, assigned, stored, and regulated by an official body. For example, one of the first forms of identity a baby gets is a name bracelet. This is how hospital staffs can tell one baby from another. In some places, babies are also foot printed. The print is associated with a name. Therefore, if a baby's bracelet fell off the hospital staff can compare the footprint of the baby to the prints in their records and recover the name. Eventually, the baby gets a birth certificate and a social security number. In the United States, these two things are the basis for almost all other forms of identity.
The facts of identity fall into four broad categories: biometrics, assigned numbers, credentials, and relationships. There are biological characteristics that are unique to each individual. Fingerprints and DNA are two common types of physical traits that are different in each person. Biometrics is the name of the methods for measuring these traits. Law enforcement often uses these methods to determine who was at a crime scene or to exclude people as suspects.
The most common type of identity fact is an assigned number. We use these all the time: social security numbers, credit card numbers, account numbers, and usernames and passwords. To get our email we enter our username/password combination. To buy books from Amazon.com we enter our credit card number. To apply for a job or to get credit we provide our social security numbers.
Another very common form of identity fact is the credential. When we buy liquor at the supermarket, the checker asks us to show our driver's licenses. They are state issued credentials. They have our photos, signatures, and dates of birth. A driver's license authorizes us to drive cars. It is a frequently used fact of identity. Other examples of credentials are passports, student ID cards, employee ID cards, supermarket cards, credit cards, insurance ID cards, club affiliation cards, and library cards. We distinguish credentials from assigned numbers by their physicality. They may have watermarks, holograms, lamination, special printing, and other features that allow one to determine their authenticity.
Relationships comprise the fourth category of identity facts. When we call our banks to get our balance the bankers ask us to provide our mother's maiden name, the name of our best friend, or the first school we attended. We only get the balance if we provide the correct answers. The idea behind this type of fact is that only the person with that identity knows those facts because they actually have the relationship indicated.
ID Fundamentals
For a form of identity to work, it must be unique (point to only one person). We cannot use a person's eye color as a form of ID because millions if not billions of people may have that same eye color. In contrast, Social Security numbers are unique. Each number points to only a single person. It is possible, though, that a particular person may have more than one particular form of ID. Some people have two credit card numbers issued by the same company. They may do this to keep their personal and business expenses separated. In this example, one-person points to two ID numbers yet both ID numbers point to the same person. Some forms of ID must be unique in both directions. For example, a person may only have one Social Security number and a Social Security number may only point to one person.
Uniqueness is not enough to insure that an ID points to the correct person. The initial identification of a person must be accurate. For example, hospitals in the US have developed a number of procedures (such as foot printing) to insure accuracy. In addition, entities that issue forms of ID have procedures that limit misidentification. It is a common practice to base one form of ID on another. For example, to get a passport one must provide a birth certificate and a social security number.
The most basic use of ID is to prove that a person is who they claim to be. For example, while on vacation you go to a hotel and claim to be a person who has a reservation. To be sure they provide the room to the correct person the hotel clerk asks to see forms of ID (usually these are confirmation number, credit card, and driver's license). If the credential and the numbers are consistent, the hotel will let you have the room. For this to work, the hotel must trust the issuing authorities (the state that issued the driver's license and the company that issued the credit card). They must have confidence that their processes for identification are accurate, that their credentials are difficult to counterfeit, and that the underlying data in their computer systems are not easily modified or stolen.
Another use of ID is to authorize the use of or access to resources. For example, a bankcard and your password will enable you to withdraw cash from your account using an ATM machine. A gym ID card and driver's license will enable you to use the facilities of your gym. Clearly, the integrity of your ID and the issuer of the identity and its associated processes are essential to protecting one's person and resources.
Areas of Concern
The biggest area of concern with identity is ID theft. What makes this so insidious are that there are many ways to do it and we are not usually aware of when it happens. Until we experience a loss of our resources, we do not recognize that someone else now has one of our forms of ID. A very common example of ID theft is unauthorized use of our credit card numbers. Since this form of ID is a number, a thief can simply memorize or copy it. In practice, we usually use credit card numbers without the support of other forms of ID. However, the support of other forms of ID does not necessarily prevent ID theft. For example, if a thief obtains an official copy of your birth certificate, your social security number, and some other easily obtainable facts about you they can probably obtain just about any other form of your identity.
It would seem like biometric information would be the most secure. However, a very sophisticated ID thief does not have to steal your fingerprints. She can hack into the computer system that stores the relationships between the prints and names and switch the names between the prints. This is similar to what happened in the scenario I gave at the beginning of this article where hospital personnel gave ID name bracelets to the wrong babies.
The issuers of identity make special efforts to protect the information they store. They have experts and special facilities. Since it is easier for ID thieves to steal from us than our credit card companies they usually attack us as the weakest link. This means that the management and security of our identity is in our hands.
Protecting Identity
Although the issuers of ID use a great deal of technology to protect your identity, protecting yourself from ID theft is more a matter of behavior. However, you should have high quality anti-virus, firewall, and security software installed and kept up-to-date on all of your computers. The following behavioral recommendations will help you limit your risk to and help you recover from ID theft.
- Periodically check on the usage of each ID. For example, check your credit card statements for usage of your credit card numbers.
- For each ID know the contact information of the issuer and their procedure for notifying them in the event of ID theft.
- Know how to contact the three major credit information agencies so that you may check your credits reports, fix mistakes, and report ID theft. The agencies are Experian (www.experian.com), Equifax (www.equifax.com), and TransUnion (www. transunion.com).
- Know all the places where you store your IDs. This may include your wallet, computer, websites, and businesses. Ask yourself if you really want to keep that information in all those places. Develop a policy on how and where you store and dispose of documents that have your ID information.
- Only give your ID to entities that are reputable. This is especially true for the Internet.
- Only apply for IDs from reputable companies.
Conclusion
Identity is a collection of facts that point to a particular person. It helps us prove we are who we claim to be and to get access to our resources. ID facts come in a variety of forms and sometimes we use several at a time. Birth certificates and Social Security numbers are our most fundamental forms of ID since other forms of ID rely on them. The issuers of ID have experts and special facilities to protect them. However, we must be responsible for protecting our own identities.
Copyright 2009 All Rights Reserved Rob Dorfman
No comments:
Post a Comment