The Real McCoy

For example, we usually tell each other apart by personality characteristics: faces at meetings, voices over the telephone, signatures on checks. Consciously or unconsciously, we test each other's identity through something that only one specific person could possess: a face, a mannerism, a laugh, a voice, a walk, a signature, a memory, a fact.

But except for the last, tests like these are irrelevant when our communications are electronic, because they can all be forged electronically. Computers make impersonation easier, particularly when our only communications are electronic. Today, as more and more information is becoming electronic, how can we prove that we are who we say we are electronically?

The obvious answer is to issue everyone identification numbers or passwords. But although the practice is widespread today, it's a very bad idea. Most of us can't easily remember a random string of letters or digits; so either we choose one that's easy to remember (a birthday, say), or we carry the number with the thing it controls (credit card, bank card, phone card, door card---whatever). The problem is that if something is easy to remember, it's usually also easy to guess. If something is hard to remember, usually we write it down and carry it around, risking its loss.

All of which brings us to a sad truth: We are the weakest link in every security system. We're both predictable and careless. We put door keys under doormats, carry our identification numbers with our credit cards, write down our passwords near our computers, and use easy-to-guess keys. We think ourselves clever when we use computer passwords like genius, password, and logon, or our names, friends' names, other common names, birthdays, license plate numbers, and other obvious keys. Ideally, we should use passwords or authorization numbers like toothbrushes: never lend them out and change them every few months.

But even if we really do memorize an unguessable number, we still aren't safe. Unscrupulous employees in the number-issuing organization could use their knowledge of the number to raid our assets. American, Canadian, Mexican, and British cash cards for example, only have a four- to six-digit ``secret'' identifier. That's easy to break by anyone who works in the bank's computer center. Even fraud artists who don't work for a bank can raid accounts by ``dumpster diving''---going through trash bins looking for discarded statements and receipts---or ``shoulder surfing''---using a hidden camera or loitering near cash machines to learn identifiers.

Cheats who only want to make free telephone calls (perhaps to complete untraceable drug deals) and who can't be bothered mucking around in our garbage, can buy an electronic scanner and listen for nearby cellular phone calls. Every cellular phone in a certain area has a ``secret'' four-digit identifier the company uses to determine whether a call is valid; electronic scanners can pick out those digits when a call is initiated. Once they get this identifier, impostors can make calls billable to us by modifying their own cellular phones.

Finally, anyone who can use a computer competently can commit fraud from home or office just by obtaining certain common identifiers. For example, many American companies routinely (and illegally) ask for social security numbers as proofs of identity. And anyone who knows your social security number can control your life.

Moreover, it's easy for the computer-literate among us to generate credit card numbers, because they are constructed by using a fixed mathematical procedure. Having generated, say, a hundred numbers, I can call a credit bureau and ask to verify a number. Having found a number in actual service---let's say yours---I could then call your bank and, giving your social security number (or address details, or mother's maiden name, or whatever else the bank uses to check identity), ask for a billing address change. Using the changed address, I could then charge purchases against your credit card, issue myself new credit cards or checkbooks and withdraw cash from your account.

American Express estimates that by 1993 worldwide credit card fraud alone exceeded a thousand million dollars a year, and it's increasing at 20 percent a year. Further, no defrauded company is keen to let the public know it's been defrauded. Our loss of confidence in the company would cost it far more than the stolen income. (Would you keep your money in a bank that you know has lost millions every year?) So companies often keep the figures to themselves, passing on the losses to the valid users of the system in the form of higher rates. Reported losses might be merely the tip of the fraud iceberg.

But fraud is only part of the problem. Issuing everyone a unique identifier would mean the end of personal privacy and, perhaps, the beginning of the thought police. For example, there's a growing movement today to replace paper cash with electronic cash because, with today's cheap full-color copiers, it's becoming far too easy to electronically scan and copy paper money. But cash has an advantage that credit cards don't---it is effectively untraceable.

If your bank (or the government) keeps tabs on the things you buy and when you buy them, it can learn a lot about your habits, and perhaps sell or otherwise exploit that information. To buy something, it should be enough for you to prove to your bank that you're a valid customer and that you have enough money in the bank to cover your purchases. Banks don't really need to know which of its customers buy which things.

We appear to be completely boxed in. There seems to be no way to prove that we are who we say we are without giving away enough information to let someone impersonate us later. Or is there?

Out of the Box