ID theft a growing problem, survey finds - Computerworld

More than 13 million Americans have fallen victim to identity theft or fraud since January 2001, according to the survey. Although 62% of the victims didn't incur any cost, 38% did have out-of-pocket expenses. The average cost for such victims since 2001 was $740, the survey showed.

DNS is busting out all over

DNS is being used to support two hot emerging technologies, radio frequency identification (RFID), which is expected to slash costs and streamline corporate supply chains, and the proposed IETF standard called Electronic Numbering (Enum), which promises to marry the PSTN to IP networks. DNS also is being adopted for IPv6 and could provide a foundation for a new-fangled public-key infrastructure (PKI) system and to help combat Internet-based identity theft.

This is all quite interesting, especially if you're in the crowd that maintains that the current state of the internet is good enough (hint: I'm not). Of particular interest is that Mockapetris, the creator of DNS, is now part of the push to add some pretty serious identity extensions to DNS. He (rightfully) equates DNS to air and water (i.e., infrastructure), but goes on to talk about the need for that infrastructure to support "trusted" relationships.

We outlined the importance of ENUM here at Digital ID World months ago -- and, frankly, not many people noticed or cared. I would maintain, however, that ENUM could become one of the most important developments to come out of a standards group in a long time. Along those lines, Neustar (the real force behind ENUM) is both on the Digital ID World Industry Advisory Board (their CTO and resident genius, Mark Foster) and planning to be present at the Digital ID World conference......

....and you should be too.

Biometric passports coming soon

By October of next year, new U.S. passports will contain a regular photograph, and also a hidden photograph on a chip inside. Other countries are scrambling as well, since the U.S. says that by that same month, October 2004, anyone entering the U.S. who doesn’t need a visa — just a passport — will have to have a biometric chip inside.

Security / When three-factor security isn't enough - Tech Update - ZDNet

First, virtually every security scheme, is based on a trusted authority that verifies identity before issuing the credentials needed to gain access to secure information or facilities. Two, a security implementation is only as good as the trust in that authority. Regardless of how many security factors are deployed, there's always a risk that an imposter can get his or her hands on someone else's security credentials.

The privacy debates have activated even the Defense Department it appears. Next week they will begin testing a CD-ROM designed to outline the guidelines that govern data collection and dissemination and teach intelligence personnel how to comply with privacy statutes.

The Total Information Awareness project has made people aware alright, I wonder if this is what they thought they would have to become aware of?

Apple founder Steve "Woz" Wozniak is reving up "Wheels of Zeus" his new company focused on personal identity from an interesting angle. Wheels of Zeus orignally received VC funding January, 2002 with $6 million from Draper Fisher Jurvetson, Palo Alto Investors and Mobius Venture Capital with the objective "to make wireless devices that will help everyday people track everyday things." Wozniak said then that his new offerring would become "as ubiquitous and useful as the personal computer."

This week Rich Rifredi (formerly of Pixo, recently acquired by Sun) was named COO, and other managment team members were named. According to this Infoworld article the first batch of WoZ products will be location-monitoring technology designed to help users track children, animals and property using a combination of radio signals and global positioning satellite (GPS) technology, to keep track of things within a one or two-mile radius of a home base station.

RFID, GPS, identity. Woz saw (and helped drive into being) the first major personal computing trend with the Apple. Now he sees the next one and wants to play...

This lengthy article from Reason Magazine is actually one of the better expositions of the issues and tendencies involved in the privacy debates. It doesn 't look promising at the start, but stick with it and it provides one of the better overviews around of both the issues and outlooks involved. It even frames pretty well the various political philosophies that are in conflict in this discussion, and what they point to.

The privacy discussion has been evolving of late. While it is still essentially driven by the clash of "what do we have to do?" (as regulations force the issue) vs. "What are we about to lose?" (as awareness of the network effects on information sinks in), the issues are finally starting to be looked at in a bit more nuanced fashion which is a critical pre-cursor of a truly productive debate.

When finding workable solutions becomes more important than "being right" we'll know this debate has become mature. Will we ever see that?

InfoWorld: FTC settles with young ID thief: July 21, 2003: By : Security

Known as "phishing," the fake Web site scam victimized both AOL and its customers, noted Timothy J. Muris, chairman of the FTC, in a statement. The case represents the FTC's first law enforcement action targeting phishing, but it won't be the last, Muris promised.

Analyst: Crime pays for identity thieves | CNET News.com

The research firm estimates that 3.4 percent of U.S. consumers--about 7 million adults--have been victims of identity theft of some form in the past year. Moreover, arrests in identity theft cases are extremely rare, only catching the perpetrator in one out of every 700 cases, said Avivah Litan, vice president of financial service for Gartner.

InfoWorld: Feds, industry warn of spike in ID theft scams: July 21, 2003: By : Security

A lackadaisical response to the problem by the financial services industry is at least partly to blame for the problem, Gartner said.

Banks, credit card issuers and other companies that extend credit to their customers often fail to make a connection between delinquent accounts, and identity theft, attributing the problem to "credit losses" due to irresponsible borrowers, Gartner said.

The result is that criminals face only a 1 in 700 chance of getting caught by federal authorities, the company said.

Gartner called on legislators and industry associations to pressure financial services companies to address the problem.

The comeback of the mobile Internet | CNET News.com
There's often a lot of question in the mainstream press as to why "federated identity" will ever gain traction....here's the simple story:

Since the fourth quarter of 2002, U.S.-based carriers have begun to see a measurable increase in the usage of revenue-generating interactive services. In early June, Verizon Wireless announced that its interactive service, Get It Now, had achieved close to 12 million downloads of entertainment content since its launch in September of last year. Its phenomenal growth is accelerating. May downloads averaged 2.3 million, which equates to an annual run rate of more than 27 million applications.

More importantly, in April, Verizon announced that active Get It Now customers showed a $7.50 increase in Average Revenue Per User (ARPU). With ARPU declining steadily across the industry, any product or service that can increase ARPU is the nirvana of the cellular business model. Sprint and AT&T Wireless have announced increased download and ARPU traction as well.

As telecom carriers increase the services offered by them (and their affiliates), what's the most painful thing about usage? Typing in a username and password on a cellphone keyboard.

Welcome to federated identity, my friends.

Apple Co-Founder Creates Electronic ID Tags
Does it mean anything when one of the co-founders of Apple starts a Digital Identity company? It must, right?! It is almost like we're back in the garage innovation days -- except none of these guys are in garages, and they're all getting customers and money and products out a lot faster.

Like a bad slasher movie villain, TIA has risen from the dead several times. Now the Senate has unanimously voted to axe its funding.

I've predicted for many months now that the fear of TIA was overblown and the project wouldn't really happen, but I've worried I might have to eat those words a couple of times. It now looks like the end is truly near, although it is almost certain that some of the underlying technologies will continue to be developed under DARPA's research umbrella. What most people don't know, is that most of those technologies already exist and are deployed in places like casinos to detect the "bad guys" there.

At this year's Digital ID World Conference you will be able to hear from several folks who develop these indentity inference techniques (such as SRD, ID Analytics, etc.) and learn what is not only already possible, but actively being deployed. And the EFF will be there to register the appropriate shocked reaction.

Maybe not as much fun as the Liberty Alliance vs. WS-* Paintball fight, but much more informative...

Jon Udell: Publishing, permanence, and transparency
Jon is writing about transparency (an area closely related to identity), and saying:

The current debate about depublishing (1, 2) also reminds me, yet again, of David Brin's seminal book The Transparent Society. Brin argues that we'll be unable to prevent what happens in public spaces -- physical or virtual -- from being recorded, and that the best we can do is to assure equality of access to that data.

Maybe Brin's wrong. Maybe we will find a technological substitute for the veil of practical obscurity that historically protected us from undue scrutiny. But while that may be possible in some cases, I suspect that in general Brin is right. We can still enjoy realms of privacy -- both physical and virtual -- but public acts will become part of an increasingly detailed and indelible public record. That will cause problems that have no technological solutions, only human ones. I can think of two. First, as with email, we're going to have to accept that what goes to the Web tends to stay there. Second, since we are all going to make mistakes, say things we wish we hadn't, and suffer the effects of software glitches, we're all going to have to learn to cut one another a lot more slack.

All of that reminds me of the maxim I posited a while back:

The Internet inexorably moves everything it touches toward the public domain.

corollary: Hence, what started as a network of anonymity will become a network of identity.

Proof: Google on anyone's name. There isn't real anonymity on the 'Net.

The TWIC program is one government identity program that will be happening for certain, and early testing began last week. This is officially the technology evaluation phase, but the success of the CAC program makes it likely similar technology will end up being the choice unless it just won't meet the need.

: Digital ID World | Conference 2003 :
For those that are interested, there will be a paintball game taking place on the Monday *before* the Digital ID World conference starts (October 13th). We've got some committments from Microsoft guys, and we're working on getting a bunch of other industry folks out there.....so, if you've got some pent up aggression to let out -- drop me an email and we'll get you signed up.

The agenda for the conference then looks like this:

Monday - DIDW paintball

Tuesday - DIDW golf tournament

Tues Night - Opening Reception

Wednesday thru Friday - Down to Business at the Digital ID World conference

come join the fun!

Users seek to overcome ID mgmt. issues
As this article illustrates, SAML has become the clear early winner in company's quest for Identity Management. The truly interesting thing, though, is that companies (some anyway) appear to be focusing on "federating" accounts even *before* the usual provisioning and access control of large enterprise identity management systems.

Microsoft revives TrustBridge for Web services role

Microsoft is dusting off its year-old and mostly forgotten TrustBridge technology and recasting it as middleware to support federation of identities across disparate platforms...

P2P's little secret | CNET News.com
This article got missed last week in the midst of the Perfect Storm that was Catalyst. Nonetheless, it raises very interesting points about P2P networks and anonymity.

I only have one question: is "anonymize" really a word?

The word of the day at Catalyst is simple: federation. Falling out of Phil's "oh, what a difference a year makes" category, the movement of thought leadership at Catalyst from last year -- where the focus was "getting your enterprise house in order with identity management" -- to this year -- where the focus is begin thinking about the hurdles of federation, is stunning.

It seems that nearly every announcement centers around the "cross-boundary" and "inter-domain" space. That is to say that federation is clearly where the market is heading.

Of course, we've been saying so for quite some time -- but hearing it in this forum means that *enterprises* are on the edge of really understanding that as well.

Another interesting observation (from Jamie Lewis): The next 12 months will see tectonic shifts in the identity landscape.....he means acquisitions, folks.

Prepare yourself - the identity rollercoaster is just beginning to roll.

An unbelievable deluge of press releases is arriving today. While I'm sure it isn't true, it looks like nearly every human being on earth works for a company that has just solved some aspect of the identity equation in some fashion, and has sent out a press release about it. They cover the gamit from federated identity (the hot topic at catalyst with the announcement of WS-Federation and a bunch of other IdM stuff) to smart card middleware and HIPAA compliance software.

Most exciting for those of us watching an industry form and grow is that these announcements come not only from large companies, but also those with a small team working on big ideas. The momentum in identity is apparently fueling a lot of smaller companies who are doing some exciting stuff it seems, and the identity conversation is becoming richer and more varied by the day...

We'll sort it all out for you over the next few days, but for now it's off to the airport to head for Catalyst where a lot of it is happening. Stay tuned...

Be sure to watch this space closely beginning on Wednesday, as Digital ID World goes to Catalyst to unearth new stories and cover emerging themes. It promises to be a busy week with many announcements and goings-on in the world of Digital Identity.

If you see us walking around, be sure to say hello.

Piracy vs. peer-to-peer: What's next? | CNET News.com

We are not aware of any technology that can provide a user with complete "anonymity." At the end of the day, we believe we can find infringers regardless of what network they use to try to cloak their illegal activity.

InfoWorld: Microsoft patches Passport: July 01, 2003: By : Security

Microsoft patched a hole in its .Net Passport identity management service last night after a security researcher disclosed a potentially serious flaw that could enable attackers to hijack Passport accounts.

The Shibboleth project of Internet2 has announced the release of version 1.0, the first production release of their identity management software. Shibboleth is standards-based and open source, and incorporates unique active privacy management while enabling inter-institutional sharing of Web resources subject to access controls.

We wrote about Shibboleth last August as it was being piloted, and today it is now available for download. According to Internet2, Blackboard, WebCT and WebAssign, course management software providers, and EBSCO, JSTOR and SFX, online information companies, have already begun to incorporate Shibboleth technology into their products and services.

Shibboleth has been widely tested with over 20 leading universities and research institutions participating in pilot deployments. SWITCH, the Swiss national research and education networking organization has selected Shibboleth as their official authentication and authorization architecture and the National Science Digital Library (NSDL), a major educational initiative by the National Science Foundation, will use Shibboleth to allow access to customized or restricted content and services.