A couple of weeks ago, as I sat waiting for a work-funded eye test, I witnessed a serious violation of personal privacy. I barely know anything about diabetes, but I understand that it has a fairly serious bearing on eyes and the condition thereof, so it makes sense that the reception staff of this facility would need to transfer data regarding their diabetic patients over to some sort of centralised body.
Apparently, this transfer occurs over the telephone. The process involved the receptionist ringing said centralised body and reading every patient’s full name, full address, doctor’s details, date of birth and various relevant parts of their medical history. This happened for something like ten patients. That’s ten identities that could have been stolen by anybody who, like I, was just sitting there being forced to listen to people’s personal details.
Like most people, I bear witness to violations such as these the whole time, and I was barely surprised. The only reason those people still have their identities to themselves is cos I’m not a fraudster, and I didn’t take them down. Forget encryption, PINs, data protection law and general common sense – these people still enjoy fraud-free lives only because I chose not to steal from them. Comforting!
Co-incidentally, this occurred in the same week as the revelations started to fly in about the data protection issues that now seem to dominate the news. Of course, a lot of this is about selling newspapers – now the idea that the government’s data protection is distinctly colander-esque has taken hold, it’s gripping the media. But the real issue is that which we’ve known all along but tried to hide: data protection is currently flimsy, and identity theft is very, very easy.
It is so easy that the only explanation for any of us having not had our identity stolen is that the would-be thieves are busy stealing other identities. In other words: the only safety net we have at the moment is the limit in capacity in fraudsters. That’s it. Screw your ‘Internet security’ software, forget your stupid software firewall and ditch the shredder. If we all published our full names, security passwords, mother’s maiden names, places of birth, bank account numbers and date of births on our front doors identity theft would barely increase.
This may sound ridiculous, but in fact almost all other crimes are similarly without limit – there’s nothing to stop physical crimes from occurring, nothing to stop me hitting somebody in the street – apart from the fear of punishment or reprisal. The problem with technology is that people expect more of it – mostly because of promises made by people who work with it – and so the idea that we could prevent fraud with technology is rampant and erroneous.
In fact, technology makes all manner of fraud a lot easier. Think of the multitude of people who use plain-text storage for their passwords on their PC; and think of the long limit cookies that many websites set on login – only the other day I visited digg for the first time in months, to find myself instantly logged in. Crazy cookie durations. Gtalk means that I am pretty much permanently logged in to all of my Google applications, and Firefox’s immortal sessions mean that chances are I’ll be logged into a whole manner of sites most of the time as well. Security is compromised in the name of convenience.
So the plugged-in age in which we live makes fraud easy and puts the ball in the fraudsters’ court; we give them as much opportunity to defraud us as they can cope with. Is this, simply put, the price we have to pay for convenience, easy access and progress?
I’d say no, and I’d say that biometrics would win the day. But that’s hardly the lesson that we have learnt from history.
