By now, everyone has probably heard of the identity theft ring that the FBI broke up yesterday with the arrest of this man and two others. Philip Cummings worked as a help desk technician at a company called Teledata Corp. He allegedly stole passwords for downloading credit reports on people and sold them on the street for $60 a pop.
I couldn't help but put this news story in the context of my recent trip to the Digital ID World conference. One of the things that became very clear to me was that almost no one was interested or concerned about linking identity in the digital world to a real person. They were much more concerned about what properties that identity carried with it. For example, an online bookseller only cares that the identity being presented has a valid address and a valid credit card. The credit car company cares on that the card gets paid on time and is used in a consistent manner. And so on.
Identity theft is exacerbated when we cannot tie identity to a real person. In fact, identity theft depends on this inability in our current system. Governments almost always care about identity being linked to a real person (usually so that that real person can be sued or go to jail if they fail to meet their obligations such as paying their taxes or not honoring a contract). I think the rest of the world should care too. I want my identity to be linked to me, not to be some disembodied collection of properties.