Tuesday, September 16, 2008

Microsoft Seeks End To Identity Theft

I couldn't have thought this up on my own. And thanks to Microsoft and Mr. Claburn, the author of the article, my point has been driven home with no effort on my part. That point being of course that they couldn't care less about your identity theft issues, and furthermore if they actually believe this stuff then they also don't know anything about identity theft. Read this. Honestly I'm not making it up.
This was in yesterdays' InformationWeek magazine.

Microsoft is calling for the adoption of an Information Card system that provides end users with direct control of their digital identities.
By Thomas Claburn,
InformationWeek Sept. 15, 2008

"In a bid to curtail online identity-theft fraud and to broaden adoption of its digital identity system, Microsoft is urging individuals, companies, and governments to work together to implement technology, initiatives, and policy that support the secure management of online identities.
In
a white paper to be released on Monday, Microsoft calls for the adoption of an Information Card system that uses an interoperable vendor-neutral framework for identity management and provides end users with direct control of their digital identities.
"Personal information is becoming the new currency of crime," said Brendon Lynch, director of
privacy strategy for Microsoft's Trustworthy Computing Group. "We need to look at the root causes of identity theft and see what we can do to change the game."
Key to this vision is the
Information Card Foundation (ICF), an industry group that includes Equifax, Google, Deutsche Telecom, Intel, Microsoft, Novell, Oracle, and PayPal. The ICF, which debuted in June, aims to promote the adoption of Information Cards, a form of digital identification designed for secure, real-time e-commerce transactions. Information Cards bring a third-party ID provider into two-party transactions. This allows authentication to be done without the transmission of user names and passwords, and it allows the ID provider to present only the necessary personal information.
The group's goal is to develop open, trusted, vendor-neutral identity
infrastructure for the Internet. "Information Cards are designed to prevent data that is shared in one context from being reused in a different context," the paper explains. "This is accomplished through creating a unique set of keys for each combination of Information Card and relaying party." Microsoft already has already implemented its version of Information Cards, CardSpace, in its Windows Vista operating system. CardSpace can also be downloaded for Windows XP. Lynch estimates that there are already about 200 million CardSpace clients installed ."

Does anyone need any more proof that the corporations responsible for safekeeping your personal information are so not interested in your identity theft issues? This consortium of companies has found yet another way to create a product to trade in identity theft without ever addressing the issue of identity theft itself.

While it is important to look at the future of database security one cannot ignore the existing tens of thousands of such bases that are vulnerable to theft and misuse. One cannot ignore the current and potential victims of identity theft resulting from theft from these existing databases.

Making a broad statement like "Microsoft Seeks To End Identity Theft" is a bit over the top. Microsoft cannot end identity theft. When we see that a lawyer in Texas has tossed into a dumpster dozens of bankers boxes containing hundreds of files of personal client information, reading about Microsofts' latest security product loses something in the reading. It is up to the public to protect itself from the ravages of identity theft.