Digital Identity
Over the last year or so there has been a lot of discussion surrounding digital identity. Most of the points that have brought to light center around standards and "how do we do it?" types of questions. This being the case, I largely have paid little attention as I am on the other side of the cycle in that I implement solutions, I don't develop them.
That being said, this last week, I experienced a situation where the concept of identity hit home for me, and it has brought the issue to the forefront. The situation was quite small in nature, but it showed me just a glimpse of what the bright minds are having to deal with. Let me paint the picture: I was working away at my desk when I noticed that my daughter's AOL IM id came online. A little later, the IM window popped up and the line read "How are you?". I of course answered, and then went back to work. A little later, another line popped up saying "When are you going to be home?". Simple question, and so I answered while forming the thought that it was my wife I was speaking with due to 1) the correct spelling and 2) these are the kinds of questions that my wife usually asks me.
Under the belief that I was indeed speaking to my wife, who I theorized was using my daughter's AOL ID which she has done in the past, I began to tell her my plans for the upcoming week and other "parent" type stuff. After I was done loading her up with my schedule, I was shocked when I got the message, "who do think this is?". At this point it hit me that I had absolutely no idea who I was taking to, and I started to panic a little, wondering if I had said something that I should not have. Luckily, I had not, and I told them (who I now knew to be my thirteen year old daughter) that I was under the assumption that this was a case of mistaken identity.
Online communication is a very interesting animal. When I am speaking to someone on the phone or in person I can trust my senses for the most part to identify the other party by their either their face or voice. When I am talking to someone on a IM system or email, I have to trust (there is the key word) that who I am speaking to is actually who I believe it to be. In the computing world, I can employ username/password types of challenges and/or other more secure methods (ID fobs, BioMetrics etc) to reduce the potential for impersonation. In this particular situation, all I had was an IM id and a assumption of trust that I was speaking to an "authorized" party.
The challenge to the security world, as I see it, is how are they (we) going to ensure that a person is who they say they are? I know that there are many ideas around this, but none seem to solve the problem completely. In this case, I could have asked the person on the other end of the IM a question that I know only my wife would know, but that becomes tiresome and is not a infailible solution.
As I stated before, luckily in this case it was a harmless occurrence, but what if I was telling my wife something very private? What happens if my daughter thinks she is talking to a trusted friend, but in reality she is talking to an online predator?
All I can say is that from now on, I will be paying much closer attention to online security and digital id discussions, as I can now understand the issue and the impact.
5:08:15 PM 
|
|
