Trust in God; but lock your car!
29 July, 2009
Prashanth Kumar, Director, Digital Strategies, WundermanIf you happily go about distributing personal information on the internet, you could be setting yourself up for identity theft! -- Prashanth Kumar
When India’s poster-boy for IT entrepreneurship – Nandan Nilekani – quit his position as co-chairman and board member of Infosys Technologies to take over as chairman of Unique Identification Authority of India (UIAI) it sent shockwaves throughout corporate India. While one section lauded the move and sighed in relief about how the ambitious project of providing every Indian with a unique identity number would finally see the light of day, other sections were frankly surprised at his decision. Of course, Nilekani hinted at something similar in his successful book ‘Imagining India’ but few believed that he could actually walk the talk and become a part of the system. All things considered, it is a laudable decision.
However, a smaller section of people (myself included) were also a tad wary. Wary about how such a scheme could change the dynamics of our individual security. Allow me to explain. UIAI is not a new initiative. Several previous attempts to provide over a billion Indians with unique Ids on the lines of the US Social Security Number have failed miserably. The no-longer-acknowledged Voter Identity Card was one such prominent failure. Nobody undermines the spectacularly ambitious nature of the project. To millions of Indians currently groaning under the weight of multiple proofs of identity, the unique identity will be a godsend.
It will also be a godsend for another fringe section of society – scamsters! Now, all they require is a single identity card and your entire life is theirs to mine for all it is worth. And mining they are – with gay abandon. According to a report by the Internet Crimes Complaint Centre, internet rip-offs increased to 33 per cent last year, causing a loss of $265 million to the victims. India comes fifth in the list of countries where these crimes were reported. Mind you, the statistics only account for reported crimes – there are still so many which are not reported.
Identity theft is not new. It has been around as long as identities themselves have been. But considering the social media powered society we currently live in, the implications, and risks, are enormous. Take a simple scenario. You have an email Id that you have been using for some length of time. Maybe this is your primary Id. This is the Id you use to log-in and access a wide variety of social networking sites. Profiles you link to can view this Id when they peruse your information. Your Picasa or Flickr albums are probably tagged with the Id. So, anyone looking for information about you already has your personal Id, a good idea of what you look like and maybe even photos of your friends and family. If your blog is linked (as it probably is) they know even more about the kind of person you are, your likes, dislikes, raves and rants. And, if you are foolish enough to gleefully distribute snippets of personal information across social networking sites, they probably even have your mother’s maiden name and other relevant details. From there, it is a simple step to acquire (illegally of course) credit card numbers from any of the hundreds of touts peddling it on the net, run a quick query to match your details with your account number and start making the most of your line of credit. Not a difficult thing at all! And at times, the social networking sites themselves go the extra mile to expose you to identity theft!
So far only thing making such access difficult – a sort of an in-built safety mechanism – is that we Indians have had a plethora of numbers criss-crossing our lives. Our birth certificate number is different from our school leaving certificate; which in turn is different from our passport number which has no connection whatsoever with our PAN number. Bring them all under a common umbrella where these disparate databases start communicating with each other and you have an efficient, organized system of linking various aspects of your life. By the same logic, identity thieves have a lot of work reduced in their quest for your information. Information that could prove valuable to them and could result in real losses to you. And for those of you, who conveniently presumed that this was a purely developed-world phenomenon, think again. Indian instances of identity theft, especially credit card fraud, are only increasing.
Not all cases of identity theft are linked to money. But there are a few things which can prove to be more expensive and can cause quite a bit of a headache. Imagine, if your email Id were hacked and you no longer had access to it? All those personal mails from friends and family being read through by some online stranger? Even your bank statements are in there right? Of your bank account? Your PayPal Id? Any of the scores of accounts you have with online e-tailers like shopping sites or Amazon? Think of the time and effort it would take to sift through all the information, stop/initiate credit cards and debit accounts and the hours wasted in changing/editing login and password details. The very thought is enough to make one paranoid about going online at all! The objection of all this information is not to induce you to stay away from the online world. Rather, it is an exhortation, in the immortal words of Intel’s former CEO Andy Grove, that only the paranoid survive!
Anyway, to come back to Nandan Nilekani, looks like our Minister for Unique Ids has himself been a victim of identity theft. The Twitter account Twitter.com/NandanNilekani was neither created nor maintained by the real Nandan Nilekani. The account is currently suspended, but makes you wonder that if this can happen to one of the most famous personalities of Indian business, what is the fate of common Joe’s like you and me? On the other hand, maybe we are totally safe! After all, who in their right mind is going to take the time or effort to steal the identity of a non-entity, right?
Keeping less personal information online is definitely possible for everybody. Critical data such as birth date, personal contact email ids, parent names and any such information that acts as security answer for our important online facilities, should not be exposed in Social Places.
This is a valuable post for all those who neglect external people accessing important data through online spaces. I don't have any views on Unique Identity. Please let me know how will it work online.
Well, one identity sounds normal, but in a normal society. In one like ours, maybe it's not so good. To many people trying to steal from others.
Well said and well explained. I have always heard about identity thefts in US and other western countries but my knowledge was limited to documentaries and what I saw in some fictional movies. The fact that, we did nt really had too many identity theft cases yet India is on 5th in the list is kind of surprising. Hope, new UID thing is going to be secure for Indians.
Fake profiles on Twitter & other social media networks are a continuing problem. Just like domain squatting, Twitter's introduction of verified users will help celebrities and their fans/followers be certain that the profile indeed belongs to the person in question.
Yes you are right. In the present era, technology has become so advanced that computer hacking has become a common issue that paves path for online stealing and even identity theft. But who in this world can stay completely away from the internet or the web. every single person access the web for some or the other needs of his or her daily life. When technology has made so many advancements i guess it should also work out to resolve these issues that is gradually becoming a serious crime.
I know it can be very scary but we can't just let the negative sides dictate whether the technology should be used. The positive sides of unique identities are enormous. Take for example, automobiles. They can kill in the wrong hand but should we stop using them because of that? If the production of cars were stopped when the first accident happened, imagine what the world will be.
The Internet has changed the way we live and I can safely say for the better but of course, like everything else, there's always a negative side to everything. We just have to be smart and get educated about it.
If internet is giving us so much, we will have to take the risk of identity theft. If my writeups are being stolen up, higher chance is, that I must be known enough for someone to come to my site and steal it.
quite an informative article and very interesting as well but the whole saga on identity theft gets me a bit apprehensive now...
I believe "no gains, no pains". If internet is giving us so much, we will have to take the risk of identity theft. If my writeups are being stolen up, higher chance is, that I must be known enough for someone to come to my site and steal it.
If you happily go about distributing personal information on the internet, you could be setting yourself up for identity theft! loved the start! though the rest of the article seems a little dragged////
title is very interesting and that is what attracted me to read your article. Nicely written....
quite an informative article and very interesting as well but the whole saga on identity theft gets me a bit apprehensive now...
One more good one - Keep going man :) Cheers
i work with one of the Indian Startups who are working in this niche area of identity theft @ www.crederity.com . In case any of you are interested in claiming your online identity , you can also visit http://www.crederity.com/india/verify-your-twitter-identity.html and sign up for their free beta identity verification for twitter accounts
At the start of para 4, I think you mean "Identity theft is NOT new".
Disregarding the possible typo, I think you've written well. However, there are a few points that I'd like to take up:
1. Remaining secure online is an entirely different aspect from the dangers of data mining associated with the physical loss / scanning of the citizen's ID card. If one wishes to use the online world to network and connect to other people, there will almost certainly be some leakage of personal details. Ideally, one would never share personal details, images, relationships etc. online but in a practical world, that's a distant dream. Reminds me of the old tech story of the only secure PC being one without ANY access to the outside world (either via media or networking).
2. Fake profiles on Twitter & other social media networks are a continuing problem. Just like domain squatting, Twitter's introduction of verified users will help celebrities and their fans/followers be reasonably (not entirely) certain that the profile indeed belongs to the person in question.
3. Security via obscurity isn't real security. I'm sorry, but to even think so, is flawed. If one wishes his/her online presence to be secure, one needs to take proactive measures to ensure that. Merely sitting back and hoping no one will notice a small fry is just begging for trouble.
Cheers!
Sparx
Post new comment