- Government Technology News Articles
- Digital Communities
- e-Government
- Economic Stimulus
- Emergency Management
- Emerging Technologies
- Enterprise Technology
- Green Initiatives
- Products
- Public CIO
- Public Safety
- Transportation
- Wireless
- View All News Topics…
- Get News Via Email
- Industry Perspectives
- Case Studies
- White Papers
- Partner Sites
- Government Technology Magazine
- Current Issue
- Subscribe
- Contact
-
Get Govtech's
Daily Newsletter
On the Record
Jul 27, 2005, By Jim McKay, Justice and Public Safety Editor
An internationally renowned security technologist, Bruce Schneier is a frequent lecturer on cryptography, computer security and privacy.
He designed the Blowfish encryption algorithm, and has served on the board of directors of the International Association for Cryptologic Research and as an advisory board member for the Electronic Privacy Information Center.
Schneier is the author of eight books, including his latest, Beyond Fear: Thinking Sensibly About Security in an Uncertain World, which covers personal safety, crime, corporate security and national security. His book Secrets & Lies: Digital Security in a Networked World sold more than 80,000 copies; and Applied Cryptography sold more than 150,000 copies and is translated in five different languages.
His free e-newsletter, Crypto-Gram, has more than 100,000 readers.
As founder and chief technical officer of Counterpane Internet Security Inc., which provides managed security-monitoring services to public and private organizations worldwide, Schneier leads the company in maintaining its world-class status in security technology.
He possesses a master's degree in computer science from American University and a bachelor's degree in physics from the University of Rochester.
You call "identity theft" a misnomer, saying that the fight against fraud might be more effective if we thought of it as impersonation rather than ID theft. Could you elaborate on why?
"Identity theft" doesn't make sense as a term. Your identity is the only thing about you that cannot be stolen. The real crime is fraud due to impersonation. Even worse, by calling it "identity theft," we naturally focus on the wrong solution: making personal information harder to steal.
We need to make personal information less valuable, harder to use. By calling the crime what it really is, it's more obvious where the solutions lie.
How should we go about doing that?
It's simply too easy to use identity information to commit fraud. Someone shouldn't be able to complete a form in a magazine and open a credit card in my name. Someone shouldn't be able to guess my password and make large monetary transfers in my name. Financial services needs to slow down and take security more seriously. Europe is a good model here -- identity theft is less of a problem because it's harder to use personal information to commit fraud.
Of course, banks and credit card companies are going to oppose any limits on their business. They like the fact that it's trivially easy to get a credit card. But they're not bearing the full costs of identity theft.
Why is personally identifying information easy to sell? Who should be protecting it, and who isn't protecting it properly?
Personally identifying information is easy to sell because there are no laws against selling it. If we're serious about making it harder to sell, we need to make it illegal to sell. It really is that simple.
The Europeans have comprehensive data protection laws. Information collected for one purpose can only be used for that purpose. It cannot be used for other purposes without going back to the individual and asking permission. That kind of personal privacy regime will make it very hard to sell personally identifying information. Businesses won't like it, though, so it's unlikely to happen in the United States.
Of course, personal information is also easy to steal. So making the information illegal to sell is only part of the solution -- we need to also make organizations responsible for the security of the data they're entrusted with.
What's the role of the federal government in this? What about the role of state governments? Is it a matter of passing different or better laws?
He designed the Blowfish encryption algorithm, and has served on the board of directors of the International Association for Cryptologic Research and as an advisory board member for the Electronic Privacy Information Center.
Schneier is the author of eight books, including his latest, Beyond Fear: Thinking Sensibly About Security in an Uncertain World, which covers personal safety, crime, corporate security and national security. His book Secrets & Lies: Digital Security in a Networked World sold more than 80,000 copies; and Applied Cryptography sold more than 150,000 copies and is translated in five different languages.
His free e-newsletter, Crypto-Gram, has more than 100,000 readers.
As founder and chief technical officer of Counterpane Internet Security Inc., which provides managed security-monitoring services to public and private organizations worldwide, Schneier leads the company in maintaining its world-class status in security technology.
He possesses a master's degree in computer science from American University and a bachelor's degree in physics from the University of Rochester.
You call "identity theft" a misnomer, saying that the fight against fraud might be more effective if we thought of it as impersonation rather than ID theft. Could you elaborate on why?
"Identity theft" doesn't make sense as a term. Your identity is the only thing about you that cannot be stolen. The real crime is fraud due to impersonation. Even worse, by calling it "identity theft," we naturally focus on the wrong solution: making personal information harder to steal.
We need to make personal information less valuable, harder to use. By calling the crime what it really is, it's more obvious where the solutions lie.
How should we go about doing that?
It's simply too easy to use identity information to commit fraud. Someone shouldn't be able to complete a form in a magazine and open a credit card in my name. Someone shouldn't be able to guess my password and make large monetary transfers in my name. Financial services needs to slow down and take security more seriously. Europe is a good model here -- identity theft is less of a problem because it's harder to use personal information to commit fraud.
Of course, banks and credit card companies are going to oppose any limits on their business. They like the fact that it's trivially easy to get a credit card. But they're not bearing the full costs of identity theft.
Why is personally identifying information easy to sell? Who should be protecting it, and who isn't protecting it properly?
Personally identifying information is easy to sell because there are no laws against selling it. If we're serious about making it harder to sell, we need to make it illegal to sell. It really is that simple.
The Europeans have comprehensive data protection laws. Information collected for one purpose can only be used for that purpose. It cannot be used for other purposes without going back to the individual and asking permission. That kind of personal privacy regime will make it very hard to sell personally identifying information. Businesses won't like it, though, so it's unlikely to happen in the United States.
Of course, personal information is also easy to steal. So making the information illegal to sell is only part of the solution -- we need to also make organizations responsible for the security of the data they're entrusted with.
What's the role of the federal government in this? What about the role of state governments? Is it a matter of passing different or better laws?
Industry Solutions for Government
Read real world deployments of technology in government from our sponsors.
View All Industry SolutionsRelated Products and Services
Marketplace
Get Govtech's Daily Newsletter
Video
-
Virtual Beverly Hills 1
Spanning earthquakes to water meters, Beverly Hills has rolled out an interactive and interoperable web based GIS portal for emergency operations and public information. -
Virtual Beverly Hills 2
Virtual Beverly Hills was recently challenged when a crowd of over 20,000 ran through town. -
New Kind of Vending Machine
Agencies in Sacramento, Calif. distribute industrial equipment through vending machines, improving inventory management and simplifying equipment dispersal.
Government Jobs
Browse hundreds of public sector career opportunities in GovTech's new jobs section. Popular job searches: government IT, public safety, GIS, transportation, CIO, security, health
Magazines:
Magazine Sites,
Government Technology,
Digital Communities,
Public CIO,
Emergency Management,
Advertise
Resources:
Site Map,
Search,
Events,
Video, Government Articles, Slide Shows, Case Studies, Privacy Policy, News Feeds (RSS), MyGT
Video, Government Articles, Slide Shows, Case Studies, Privacy Policy, News Feeds (RSS), MyGT
Email Newsletters to Stay Informed:
Executive News,
Digital Communities,
Emergency Management,
Public CIO,
Security,
Justice and Public Safety,
Webinars.
twitter
Site owned by e.Republic, Inc.
100 Blue Ravine Rd. Folsom, CA 95630.
916-932-1300 Copyright © 1995-2008. All rights reserved.
100 Blue Ravine Rd. Folsom, CA 95630.
916-932-1300 Copyright © 1995-2008. All rights reserved.
Government Technology Magazine
Government Technology Magazine provides information technology (IT) case studies, applications, news and best practices for state, city and county government.
Get FREE SubscriptionEmergency Management Magazine
Emergency Management Magazine provides technology news and solutions to the local government authorities that help protect our communities.
Get FREE SubscriptionPublic CIO Magazine
Public CIO Magazine provides technology news and solutions to public sector C-level technology executives.
Get FREE SubscriptionDigital Communities Magazine
Digital Communities Magazine is the premier information source for cities, counties and regions to explore and share experiences and best practices beyond just infrastructure and mobile innovations.
Get FREE Subscription
Latest Government Technology News