akale

Alexander Gelfand wrote this article regarding a company in Montreal, called Credentica whose goal is to improve consumer's security of their private information during transactions, so that their identities can be protected from those who aggregate data to rebuild identities for a variety of illegitimate uses. The technique they use is called Multi-Party computation.

Basically, it provides a mechanism so that two subjects, who want to know a bit of information about each other without revealing the same information about themselves. The example given in the Wikipedia entry is from the paper where the technique was proposed in 1982, of how Alice and Bob, who are both millionaires, and want to know who is richer without having to divulge the value of their wealth.

In this day and age, solutions like this could be leveraged in a variety of cases, where a user would benefit from having their own personal information released into the wild through each and every transaction they make. For example, last night, I checked into a hotel in Bangalore, India. The representative at the front desk asked for my full name, my credit card, and passport for the check-in process. My assumption is that this data is required by the country (for identification purposes), and obviously, for payment to the hotel. What if, using the technology provided by Credentica, the hotel could verify my identity, and trust my method of payment, without ever having to know more than my name. Sounds like a cure all to me.

Companies like LifeLock have been guaranteeing against identity theft, by working with the credit bureaus to set up fraud alerts, and to make sure that you stay up to date with your own credit report. However, recently, I heard that Todd Davis, CEO of LifeLock, who advertises using his own social security number was a victim of identity theft himself, even though his identity was protected by his own technology. RSA, the Security Division of EMC bought a company by the name of Verid in June of last year, to add a service based identity verification product to their growing portfolio of consumer identity solutions. Verid uses data that's aggregated through public record to verify a user's identity during a transaction. Security companies worldwide certainly have their ears to the consumer security grindstone, and are doing everything in their power, organically, and through the acquisition of technology to make it available to everyone.

With state, and federal governments worldwide working toward a national identification program, it will be interesting to see what technologies private security companies provide to protect personal information.

I suppose that even in the world of technology, locks are still only for the honest people. Thieves will always find a way to get around what has been put in place to prevent them from what they want...