Interactions - March/April 2009

the major dangers of credit is the expense associated with security measures that might mistakenly reject legitimate purchases. Hence, while championing a host of individualized responsibilization measures against identity theft, the credit industry has opposed proposals to conduct basic fact checking for credit transactions—a policy that would reduce the number of frauds, but that would also slightly slow down the credit-granting process.

The fact that institutions have knowingly created many of the necessary conditions for identity theft, refused to rectify glaring problems, and established the bureaucratic structures that give identity theft victimization its characteristic form all suggests that the recommended individual responsibilization measures are themselves part of a political strategy whereby institutions are divesting themselves of responsibility for the full social and economic costs of the risks they have produced. These costs are effectively externalized through policies that champion an individualized project of care of the virtual self, as individual victims are expected to pay the price for institutional policy decisions. And although such responsibilization measures are unlikely to prove immediately effective in reducing the prospect or pains of victimization, they do signal a step change in an ongoing historical attempt to foster bureaucratically rational capacities in citizens and help reveal emergent heightened expectations about the role that individual citizens are to play in caring for their virtual selves.

The lessons here for HCI practitioners are apparent. Given the increasing media accounts of large-scale information breaches, ensuring the security of data flows from individuals to institutions should be a priority. But an even larger priority is improving the data-handling practices within corporations. While technological security solutions may help decrease data leaks, increased attention must be paid to the humans that handle this information. Along with examining how these physical—rather than digital— practices can be better secured.

The case of the credit card industry highlights how corporations as well as consumers commonly prioritize ease-of-use and convenience over security. The challenge for HCI professionals is to avoid thinking of these traits as mutually exclusive. New technologies can be convenient, but also more secure. For example, consumers are warned never to leave their debit and credit cards out of their sight when paying for purchases, but this is often impossible to avoid, especially in restaurants where the terminals are kept in the back. New technology has helped address this risk while simultaneously increasing convenience. Wireless credit and debit machines in restaurants allow payments to be securely processed at clients’ tables where the cards can remain in their owners’ sight at all times. This example demonstrates that although security practices are often weighed against other interests, innovative design and conscious

attention to how users interact with technology can help shore up gaps through which users’ information is leaked

Beyond helping to design products expressly geared at protecting clients’ information, there lies a much larger challenge. Data mining and profiling practices undergird the information economy and employ many HCI practitioners. But they also create numerous risks, including large-scale identity theft. While practitioners have a role to play in improving the security of these large databases and tightening up information handling practices, they should not only ask themselves, “Should we collect this data, just because we can?”, but measure the benefits of collecting and storing data against the risk of it falling into the wrong hands.

For more information on how to protect yourself from identity theft, read the Federal Trade Commission’s 2005 report “Take Charge: Fighting Back Against Identity Theft;” http://www.ftc.gov/bcp/edu/pubs/ consumer/idtheft/ idt04.shtm.

ABOUT THE AUTHOR
Jennifer R. Whitson is a
sociology Ph.D. student at
Carleton University in
Ottawa, Canada. Her cur-
rent research interests
include digital identity management, gover-
nance in online domains (especially
MMOs), and social influences on software
development processes. Her recent work
includes a chapter, coauthored with Aaron
Doyle, on virtual world governance in
Stéphane Leman-Langlois’ edited collec-
tion, Technocrime, and an article on identity
theft, coauthored with Kevin Haggerty, in
the November 2008 issue of Economy &
Society.