Interactions - March/April 2009

Rough Definitions from the Rogue’s Gallery of False Identities

Identity Theft: Stealing someone else’s personal information or impersonating them for purposes ranging from financial theft to obtaining services to concealment of other criminal activities.

Social Engineering: Using various forms of deception and psychological manipulation to acquire confidential information and/or gain unauthorized access to data or systems or to get unwitting sources to perform or assist in illicit activities.

Pretexting: A type of social engineering in which a perpetrator creates a scenario, frequently using a false identity, to extract information or for other illegal activities.

Spoofing: Impersonating a person or organization in a faked email, IP address or other communication source for fraudulent purposes.

More resources:

Prevent Identity Theft in Your Business and also Identity Fraud Investigations both by Judith Collins, Ph.D., adjunct associate professor, School of Criminal Justice, Michigan State University (both published by John Wiley & Sons, Inc.)

The Truth About Identity Theft by Jim Stickley (published by FT Press)

Stealing Your Life The Ultimate Identity Theft Prevention Plan by Frank W. Abagnale (published by Broaway Books)

• Be imaginative. We are becoming increasingly aware of protecting our identities, but should start thinking more imaginatively about how to safeguard them. Can we imagine scenarios for how our identities and autobiographies may be used and misused in the future?

• Include irrationality. For some of us, it can be difficult to understand or accept that people will do bad things for no practical or rational reason.

• Find strength in community. There is no substitute for strengthening ties online and in the real world to people we know and trust.

• Create anti-counterfeiting measures. What are the possibilities of “watermarking” our Web presences?

• Balance risk and reward. How can we strengthen and protect our online identities without stifling self-expression? Can online identity protection be taken too far and be overly engineered?

• Pursue justice 2.0. Our legal system is behind our technology. What can be done to update legislation to prevent abuse?

• Don’t be complacent. We need to pay attention to our online identities and those of the people we care about.

March + April 2009

Schneier On Security by Bruce Schneier (published by Wiley Publishing)

Googling Security by Greg Conti (published by Addison-Wesley)

http://www.idtheftcenter.org http://www.idtheft.gov http://www.ic3.gov/default.aspx http://www.ftc.gov/bcp/edu/microsites/idtheft

context of privacy, paradoxically, privacy may also be part of the problem. Consider a jammed road in a large city center. Drivers converge in close proximity in a fluid public space. The sense of privacy in interacting with others, give some license, so to speak, to act in ways they would not if they knew the other individuals involved or were more exposed themselves. On the whole, the system works. But as we all know, the semi-anonymous interactions bring out problematic behaviors in a small percentage, although it may often seem small enough to not present a serious problem. That may be the case, but if you bear the brunt of someone’s road rage, it suddenly can be very significant. On the Internet, we mingle with some people known to us and many more who are not. We are visible, but only partially so. This environment makes it easier for others to mimic traces of our identity, and gives them the ability to hide the sources of the information.

Perhaps a key to identity protection is not just about increasing privacy, but also about building real community. The case I was involved in was solved by a range of people with different skills and interests who came together. It was also about good friends and colleagues watching out for each other in this environment.

Here are some of the other lessons I learned in my exploration

of identity theft.

• Look closely. A cheap imitation of an expensive watch, at a distance, may look like the real thing. Setting up a false, but superficially plausible, identity online requires very little time and effort.

ABOUT THE AUTHOR

Hunter Whitney is an interaction designer who has worked for clients ranging from Microsoft, Intel, and Yahoo to the Monterey Bay

Aquarium and National Cancer Institute. He is also a journalist, who has covered topics ranging from health and medicine to adventure travel for publications including Time, the Los Angeles Times, the San Jose Mercury News, Variety, and Omni. He is principal of Hunter Whitney & Associates, Inc. Visit him at www.hunterwhitney.com.