Blackbird
Built for Speed
Premium
join:2005-01-14
Fort Wayne, IN
 ·Verizon Online DSL
| reply to Link Logger
Re: One Trillion Dollars and then some
There once was an era when most point-of-sales transactions were concluded using "bearer" assets - currency, coins, bearer-notes, etc. The only "security" issue was establishing whether the payment offered was legitimate (not counterfeit) and trustworthy. Bearer identity never entered into securing the transaction. Personal identity did bear at the limited numbers of sites where accumulated assets were kept in 3rd-party storage, when the owner wished to withdraw them for use. Originally, asset withdrawal required personal recognition of the withdrawing person by a clerk, presentation of proper physical certification (passbook or certificate), signature, and perhaps fingerprint. Multi-day withdrawal delays were used at times when needed to allow further verification of withdrawer identity. Later, especially in large cities, forms of "official" and independent ID came to replace personal recognition.
When point-of-sales transactions came to be dominated by a promise to instantly assign assets (or credit rights) held in a buyer's account over to the seller, personal identity and credit-worthiness entered the point-of-sale transaction picture and replaced asset trustworthiness as the main "security" concern of the day. This moved the personal ID problem from the limited number of asset-holding sites and multiplied it to a limitless number of point-of-sale sites. Later, everything went "online" and an already very difficult security situation got seriously more complex.
Identification is merely authentication. In olden days, a seller could bite the edge of a proffered coin, weigh it, inspect it, etc. in an attempt to establish its authenticity... but he cared little about who the point-of-sale buyer might be. Today, the seller cares little about the form of the proffered payment (as long as it's "name-brand"-linked)... but he cares immensely about who the buyer actually is, since that's the only thing ultimately securing the payment proffered. So the point-of-sale transaction dilemma became: how do you safely authenticate a particular human being? With the advent of online transactions, the even greater dilemma has become: how do you safely authenticate a numerical/password representation of a particular human? And that question is now posed equally for point-of-sale and asset-holding sites alike. Added to all of this is the security dilemma all this poses for the targets of all this identification data... you and I.
How well does all this people-authentication currently work? Not all that well, if crime statistics are to be believed. Access numbers are lost, stolen or hijacked. Faked numbers are proffered at points-of-sale and access-holding organizations, and accounts are raided. Whole personal identities are hijacked and misused. An entire sub-culture blackmarket in stolen access-data exists. Perhaps the only reason this has not all exploded into public consciousness as the #1 crisis of our day is that most of the fraud costs are buried. Companies "write them off" (read: pass them on to all customers via higher fees/rates), because they see little alternative. But such costs now are themselves exploding. Bottom line: the system is in seriously deep do-do, and rapidly sinking further!
The bedrock questions are whether there are any air-tight secure ways to remotely authenticate a person, and whether there are any air-tight secure ways to preserve such identity-proving data during its usage, transmission, and storage (including long-term)? Then a further basic question arises: how would such ways be emplaced as 'standards' and compliance meaningfully enforced? All without violating personal privacy and while avoiding a Constitutionally-questionable 'national identity card'. Ultimately, all touted ID methodology boils down to inherent accuracy and, more importantly, to the security of the entire data-transmission/usage/storage chain. That chain, regardless of particular methodology, involves lots of machinery, software programs, backups, and most risky of all - people.
Methinks something of a pervasive monster has been created... I'm less than confident that further technological tweaking of the monster will provide the desired outcome. 
--
If God wanted us to work with electrons, He'd make them big enough to see... |
