Fingerprint by Davide Guglielmo http://www.broken-arts.com/
Who made my birth date a secret? Who said you can assume anybody who knows it is me?
I am angry. Furious actually. I spent 2 hours on the phone to Telstra today sorting some things out. And while that was boring and frustrating, the real kick in the pants, take no prisoners, scorched earth rage was reserved for institutions using personal data such as my birth date to identify me.
Governments and institutions have appropriated my personal data as a proxy for my identity. By putting the onus on personal information they have ducked responsibility for correctly identifying me and you. They have made it risky to disclose my birthday and age to anyone who didn’t know it at my birth.
In this case my Telstra account has a password on it, but that was unacceptable to the residential side of Telstra, staff demanded my date of birth five times. Five people who did not previously know my birth date today have it. I hope they all send me a birthday card. It is easy to find my date of birth online and in the real world. It is a poor tool to determine my identity. Fewer people know the password on that account which is sufficient for the corporate side of Telstra. All of them asked for my birthdate but accepted my password only after I insisted (two checked with their supervisor).
How am I to change my date of birth if I determine too many people know this most sensitive of information? Should I only exchange birthdays and never surrender mine without sufficient personal information in return? When did my personal information become my private information? If my wife and I divorce, how do I make her forget that information?
The police, institutions, the government, and security consultants warn people of the dangers of identity theft through the sharing of personal information on social networks and genealogy research. This muddy thinking leads to an arms race that consumers cannot win. The more personal information used for identity purposes, the less sure we can be of identity.
Even before the internet, personal information was available, just harder to come by. Movies have made a cliche of hackers guessing passwords by knowing enough about the target. Passwords are birthday’s; pet’s, spouse’s and kid’s names; inspirational characters; project names or anything lying around the office.
Surely Telstra (and others) can look at our relationship and find information that I would know? When did I pay my last bill? By what payment method? What amount? What was the last service I added/deleted? What calls did I make today? What have I told you is sufficient identity to authorise account discussion? What is sufficient to add/remove a service? Change a postal address?
You and I must take back our personal information and deny it as proxy for identity. Once we stop using a fundamentally flawed system, resources will emerge to deal with the problem. Institutions create identity theft by stealing our identity in the first place.
Write to government representatives. Link, tweet, digg and share this article. Leave a comment or write a better article and mention it in the comments below. But act today because the identity you save will be your own.
Permission is granted to reproduce this article in full with a link to the original post at http://www.zagz.com/institutions-cause-identity-theft and identifying Paul Zagoridis as the author.
Popularity: 13% [?]
3 Responses
Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.
Something that really bugs me is when a company calls me at my house on my phone number to talk to me about my account … and then insists on asking me some security questions to verify my identity.
Hangon – how do I know that you are who you say you are? How about we verify YOUR identity first, and then I’ll give you my personal details.
Wow, what a tirade- Telstra really pissed you off but why blame the government? It is most probably Telstra’s fault. Most companies who use personal info for identification give you a few choices (mother’s maiden name, pet name, your first school or place of birth etc.) so if Telstra chose to use your DOB without your permission why not dump then and move to another supplier?
Amos
Hi Amos
Yes it was a tirade. Thanks for responding.
In Australia, New Zealand, UK, Canada and USA (so far possibly others), the use of personal data is becoming the default identification method for telephone conversations. This is not about Telstra or any one company, they all do it. These governments have passed “privacy laws” to regulate how companies deal with our personal data and government departments use the same personal information as an identity check..
I see two fundamental problems.
Firstly the assumption is that personal data is private and if someone knows it they must be legitimate. This is the basis of identity theft. Personal data is not private. So disclosing my personal information is now as bad as disclosing my bank account PIN. Nobody knows my PIN, lots of people know my birth date.
Secondly personal data can’t be changed. You cannot change your birth date if too many people know it. If a database leak occurs from one institution, that data is common to all institutions. Once personal information is out you cannot put the genie back in the bottle.