In the news yesterday: A mystery impostor has posted false details about Miss England on a social networking site which she claims makes her sound “thick” and “tarty”….She said: “It is scary to think someone has stolen my ID.”
MySpace, Facebook etc are going to be short lived phenomenom in their present forms. Personal and business ID fraud are already rife on the social networks and it wont be long before trust is completely gone. Until we come up with a reliable, simple, and standard way of proving identity there will continue to be beauty queen imposters and 45 year old men posing online as 15 year old girls.
I wrote on this very subject recently in Computer Weekly, stating that “a fundamental flaw of all social networks is the lack of identity validation. Anyone can pretend to be anyone.” Is it really a flaw? How many of you can claim to have a unique name – and what can you really do to prove that an online identity was created by and belongs to you? There are plenty of other references to Stuart King online but few of them are me and can anyone prove which one is the real me? The politician, the carpenter, or the policeman? You can’t even prove that it’s really me writing this blog – authentication into the blog software only requires a password, and it would take a forensic analysis of my PC to prove that I really wrote this.
There’s a catch 22 in that we want to share information, but in doing so we also give the information to people we wouldn’t usually want to associate with. If you’re in the pub and want to tell your friend a secret then you whisper in their ear. On the Internet, we can end up inadvertently publishing our secrets in a place to which 3 billion other people can potentially gain access. Ironically, there was another beauty queen who recently found this one out when “private” photographs that she uploaded to Facebook ended up in the public domain. Read all about it here: http://www.msnbc.msn.com/id/19666279/.
Corporate identity fraud is clearly within scope of an information security program (see my previous blog entry). Smallbusiness.co.uk remarks that corporate identity theft involves “stealing the identity of a company and fraudulently trading under that name without the knowledge of the legitimate company. The consequences can be catastrophic, particularly if the fraud goes undetected.” The BBC reported on the risk a couple of years ago but I wonder how many businesses – except those affected – took much note? More to the point though is what controls are there that mitigate the risk?
Companies like Mark Monitor are one company offering a solution that provides “corporations intellectual property and trademark protection to quickly and easily combat brand abuse across the entire Internet, including Web sites, domain name registrations, search engines, major email systems, domain name systems, registries, message boards, and blogs.” They seem to be one company in a very small pile and there surely must be scope for more to set up in this function. The only real alternative is for businesses to do the legwork for themselves and deal with the issues when they stumble upon them.
So, no good solutions for now, and as for Miss England, well, I don’t believe for a minute that you’re really “thick” or “tarty”… 🙂