Some people eat, sleep and chew gum, I do genealogy and write...

Sunday, September 23, 2018

Your Grandmother's Name is not Private nor Secure

Do the terms private and secure and personal have anything in common? Yes, they are all used to describe things that are not private, not secure and not personal. For example, one common "security question" used by financial institutions is "What is your grandmother's (or grandfather's) first name?"
Anyone with a modicum of genealogical research experience realizes that finding a person's grandparents in public, online records is relatively easy for almost anyone in a developed country.

What else? Is your social security number personal, private, or secure? Hardly. It is a government issued number used mainly for government purposes and co-opted by numerous other agencies and business for identification. It is by definition public information. It is an outstandingly poor method of identification and having such a limited and archaic method of personal identification makes obtaining someone's Social Security Number essentially trivial.  Notwithstanding this unfortunate consequence, Social Security Numbers are so frequently "stolen" that they have become essentially meaningless. For example, at one point, my own Social Security Number was used as my student number in school and my ID number in the military. How private is that?

If anyone, including the United States government, really cared about identity theft and personal security, they would use a "secure" method of identifying people that relied on encryption and/or biometrics. We are stuck with 17th Century security methods in the 21st Century.

What about credit cards? Is your credit card number private, personal, or secure? Again, hardly. When was the last time you used your credit card to make a purchase? What happened to the information on your credit card when you gave it to the clerk in the store or pushed your card into an electronic slot? Do you really know? Where did you get your credit card? In the mail? From a bank or other financial institution? Do they have a record of your credit card number? Once again, that number is plainly public.

Can you really be secure, private, or have personal information? Not when we have to provide much of that same information for routine business, social, and other transactions. How long did it take you to fill out the form presented to you at the time of your last doctor's visit? Did you pay for the doctor's services with your credit card?

Identity theft is a crime only because of the way we ignore technology when we transact business in our world today. Can identity theft be prevented? Not as long as we continue to use outmoded and primitive methods for our business transactions.

Here is an example of a secure transaction.

Let's suppose I wanted to buy gas at a local service station. Today, all I would have to do is drive in, put my card and a "pin" number in the machine, usually my zip code (a very public number) and fill my tank with gas. How could this be made more secure? Hmm. How about two part ID? When I insert my credit card into the machine, it sends me a long randomly encrypted code number that triggers an app on my smartphone that requires me to use my thumbprint to proceed with the transaction. My phone then has to send another randomly encrypted number to the machine that then proceeds with the sale. What if any other sale, online or in person, required the same procedure.

This method might take a few seconds longer than what we do now. It might not be 100% effective, but it might stop a high percentage of the use of unauthorized credit cards. We have the technology to be secure, personal, and to some extent, private. But we do not use these methods because they might add an additional few seconds to a transaction or a few cents to the cost of transactions.

Do we really want to be secure or private? Good questions to ask. 

No comments:

Post a Comment