Feeds

BOFH: Identity theft

Name, number, biometric

  • alert
  • submit to reddit

The essential guide to IT transformation

Episode 11 So the PFY and I have bowled up to a half-day presentation on identity theft which I'd been invited to after the recent security conference. (Well, technically, the boss had been invited to, but the invite was just sitting in his inbox.)

After a little spade work, a phone call and some briefcase enhancements we're all set to go.

As usual it's absolute hell to get a car park around any major hotel for these sort of presentations so I'm almost bound to be given a ticket, have my car clamped or towed. (Well, technically the boss's car – but it was just sitting in the basement unused.)

We get there fairly late as parking on the roundabout wasn't as easy as I'd thought and as bad luck would have it the presentation's already underway. We slink in quietly and go to the registration desk.

"Your name?" the woman behind the desk whispers.

I quickly scan the list, skip my name and just pick one at random.

"Steve Curtis."

"The security advisor for the American Embassy?" she asks dubiously.

YOU LITTLE BLOODY DANCER!!!

"Yes Mam!" I respond, cranking the Texan Accent knob around to 11.

She passes the badge over, not wanting to make a fuss.

The PFY rocks in, checks the name tag and greets me like an old mate.

"Steve!" he blurts. "What the hell are you doing here?!"

"I work in this country, old bean!" I cry, doing the typically shocking American impersonation of a Briton while shaking his hand.

"Still in computing then?" he asks, reinforcing the lie.

"Hell Yeah, Security adviser at them Embassy now, and you?"

"IT Manager at a company in town," he responds giving his name at the desk. (Well, technically the boss's name, but he's just sitting in his office not using it.)

We grab seats at the back of the audience where the PFY fires up his cellular network connection, downloads some appropriate graphics from a US website and prints me some "business cards" on his portable card printer.

SORTED!

As expected, the presentation is as contradictory, confusing and uninformative as a Microsoft Security warning which leaves everyone a little fidgety at morning tea.

"Does anyone else wonder what the hell that was all about?" I drawl loudly. "I mean, it was a little content free."

"What do you mean?" one of the presenters asks, offended at the implication that his life's work is up there significance-wise with the guy who eats bicycles.

"Well, it was interesting to watch, but not all useful. You basically said 'Protect your credit cards, shred your rubbish, don't say anything over the web that you don't have to and never allow companies to share your information.' I mean it's HARDLY rocket science – and I should know, I worked at NASA for five years!"

The PFY leaps in on schedule and takes the fore.

"Which is why we've been so interested in your progress," he comments.

"We?" I ask.

"The Campaign for.. Information Validation and Protection."

"You're from CIVP!" I adlib, realizing the prerehearsed Amnesty International cover story has been ditched for something better.

"Yes, and we're well aware of your operation!"

"Operation?" a crusty from a banking company next to me asks.

"Yes, operation. They submit the biometric data of leaders of business to various agencies, labeling them people who might present security threats so that they'll be stopped at airports, etc."

"You're joking," the crusty gasps. "Why?"

"To introduce an identity vacuum which can be used by secret service operatives as cover."

"Sorry?" the crusty asks.

"It's simple. Say you bowl into a country and someone questions your identity. How can you prove who you say you are?"

"I…"

"Exactly, you can't. So you might be who you say you are, or you might have an endless holiday in Guantanamo Bay to look forward to while some operative lives it up at your expense in southern Hungary. Which is why MY company has decided to provide all this information on a simple card that you carry with you."

"Really. What sort of information?"

"Biometrics, thumbprint, Iris Scan, Passport, bankcard, personal details – all electronically recorded on a chip in one card."

"And that would be safe?"

"Safer than your current passport which is so bulky it ends up in a hotel safe half the time."

I see PFY's tack and jump in with corroborating evidence...

"Yes, yes, well maybe we have done that in the past, but there's no reason to think that we might do that in the future. Third party IDs like this will only confuse matters!" I bluster. "We'll take legal action!"

After an endorsement like that the PFY is instantly inundated with people wanting to pay the 20 quid to get their personal information 'secured' onto a plastic card and corresponding database.

It's like shooting fish, honestly. It's not even sporting!

I mull over the dire legal consequences that'll inevitably befall someone who uses the information the PFY's obtaining for their own personal gain. No to mention the quasi-legal consequences of undermining the security of biometric information.

He could end up in prison for years!

Well, technically the boss will be in prison for years, but he's just sitting in his office... ®

BOFH is copyright © 1995-2005, Simon Travaglia. Don't mess with his rights.

Boost IT visibility and business value

More from The Register

next story
Pay to play: The hidden cost of software defined everything
Enter credit card details if you want that system you bought to actually be useful
HP busts out new ProLiant Gen9 servers
Think those are cool? Wait till you get a load of our racks
Shoot-em-up: Sony Online Entertainment hit by 'large scale DDoS attack'
Games disrupted as firm struggles to control network
Silicon Valley jolted by magnitude 6.1 quake – its biggest in 25 years
Did the earth move for you at VMworld – oh, OK. It just did. A lot
VMware's high-wire balancing act: EVO might drag us ALL down
Get it right, EMC, or there'll be STORAGE CIVIL WAR. Mark my words
Forrester says it's time to give up on physical storage arrays
The physical/virtual storage tipping point may just have arrived
prev story

Whitepapers

Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up distributed data
Eliminating the redundant use of bandwidth and storage capacity and application consolidation in the modern data center.
The essential guide to IT transformation
ServiceNow discusses three IT transformations that can help CIOs automate IT services to transform IT and the enterprise
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.