Who Stole Santa's Pants?
The growing secure-identity problem.
The growing secure-identity problem.
I love the secular trappings of Christmas: Christmas trees, lights, decorations, and, of course, Santa Claus and his North Pole crew. And I actually love advertising that does something clever (and not too commercial) with the whole North Pole cast of characters.
Over the years, we’ve seen some amazingly creative, charming, and appropriate ads. What I don’t like are ads that really cheapen the holiday spirit. They’re low, annoying, and certainly don’t motivate me to buy.
But when I get spam containing images of a pant-less Santa beckoning in a come-hither manner, I get pissed. It hasn’t actually happened yet. But it will. I know it will because the email I get on a daily basis is absolutely over the top. I’m talking about the explicit sexual content blasted to my desktop every day (beyond just naked people and straightforward imagery). I can’t afford to filter any more than I already do. I’ve missed important messages as it is.
Legislation won’t help fix this problem. It’s far more pervasive than simple spam issues. If spammers can work anonymously, how’s the government going to catch them?
Significant privacy issues most of us haven’t even considered are looming beneath the Internet’s surface. Identity theft will be one of the biggest crime issues of the next few years. If you don’t yet know anyone personally whose identity has been stolen, you will during the coming year. Within the next couple of years, there’s a good chance it will happen to you.
The half-informed think online privacy issues are about cookies and spyware. They spend an inordinate amount of time deleting cookies or installing spyware removal programs from developers they know nothing about!
Cookies aren’t the problem. They aren’t even a big deal, for the most part. At least they’re segregated. And spyware can certainly be a problem, but that’s not what this column is about. The problems I’m getting at are more fundamental. Not the sort of thing individual users can do anything about.
In the past two months, I’ve had the following significant events take place: I sold my house and bought a new one; my primary credit card was locked up because we were a day late on a payment; my daughter broke her leg; I hired a contractor who started work on our new house; I bought a new car; my pregnant wife had a level 2 ultrasound; and I decided to stop taking a medication I’ve been on for six months.
Does that sound like I’m concerned about privacy? I just told you a lot of very personal things involving major life changes and talked about them in a very public forum. But I told you only the most superficial parts about these life events.
Each event was preceded or followed by an amazing amount of research on my part. If I listed the URLs and search queries I’ve been using for the past months related to these issues, you’d know a lot more about my life than I’d be comfortable with. That’s where my privacy concerns get cranked up. Who’s watching what I’m doing? Who’s building a personal profile on me that can be exploited?
Law-abiding, moral people shouldn’t have to worry about someone looking over their shoulders whenever they do something. I’m not talking about government here. I’m talking about creepy, law-breaking, immoral criminals.
As it turns out, most of the problems we face online today are tied to a root solution. And it isn’t legislation — it’s secure identity technology.
If you haven’t yet learned much about secure identity technology, spend a little time reading up on it. A great resource for starting this journey is Digital ID World. This stuff might sound very unsexy, but it’s truly what will save the world, or at least our ability to use the Internet the way we want to.
Most Internet protocols aren’t secure by default. The chaos bubbling out of this anonymous ooze is what allows spammers to act with impunity and allows identity thieves to operate with little chance of being caught.
No system verifies you, the Web surfer, are a real person or blocks you from accessing data because you haven’t identified yourself. Sure, there are private corporate Web sites that require registration, user name, password, and so on. I’m talking about the fundamental fabric of the Internet, the protocols that make it run. These expect to see you as an anonymous user.
SMTP is how almost all email is sent across the Internet. It’s the protocol that allows email servers to communicate with each other. And it works quite well at sending messages. But by default, it’s an anonymous system. There’s no basic secure identity function to require a message sender to be a real, known, contactable, liable individual.
The problem with SMTP (and other protocols as well) is there’s very little user accountability. Therefore, we have rampant spam and looming security problems.
Most secure-identity work being done right now is for large corporate customers. I’m fairly confident we’re going to see this technology applied to core Internet protocols in the future. And when every person sending an email across the Internet and around the world can be held accountable for what they’ve done, I have a feeling we won’t be seeing Santa without his pants.