For around four years, alongside my design, technical and project management role at Herald & Times, I did a fair bit of writing for the papers. All of my columns were about gadgets or software: I wrote around 200 gadget reviews and occasionally did some comment pieces around product launches like the iPhone and iPad.
Last week I broadened my writing horizon a bit, branching out into general opinion. My first column appeared in The Herald on Saturday in the main Opinion section. The topic was Identity Theft, or more specifically the fact that we’re being encouraged by big business to keep our identities secret simply so they can corrupt our histories – like the date on which we were born – into convenient passwords.
My column is available on HeraldScotland here and pasted below for reference.
My family tree isn’t my password
AS the internet grows, both in breadth of content and global ease of access, so identity theft, the practice of using someone else’s identity to get credit or other benefits, becomes an increasingly hot topic.
A certain level of paranoia in the digital realm is definitely a good thing. But today we run the risk of shutting down useful parts of the internet, scrambling for the unattainable notion of a private identity.
The most recent example of this was last month in Ireland, where the Data Protection Commissioner ordered the closure of a national genealogy database over fears it would be “a treasure trove for people of evil intent”. The treasure trove in question may seem innocuous: a search that returned, among other things, citizens’ dates of birth and their mothers’ maiden names. Yet these details, it is argued, could be used by online criminals to commit fraud.
So it has come to this; a useful service, built for the public good and paid for by the state, has been closed down simply because it exposes the inherent weaknesses in how big businesses, especially financial institutions, identify their customers.
Of course, this problem isn’t unique to Ireland, nor is it the first time privacy fears have trumped utility in the digital age.
Every week we’re bombarded with tips from security experts suggesting we increase our privacy settings on Facebook and hide our first primary school on LinkedIn, lest evil-doers use that information to steal our souls.
The idea that we need to closely guard our personal details is accepted wisdom that ignores an obvious fact: if the banks have a problem identifying their customers from afar, that is their problem, not ours.
Now is the time to step back, take stock and reclaim our personal details – they are our lives, our rich family histories, and we must resist any attempt to corrupt them into a convenient banking password.
The first step on the road to recovery is to stop talking about identity theft. That term is loaded with negative meaning and implications. For a start, it suggests that a person’s identity is a possession that can be stolen, which it clearly is not.
Worse, since an identity can used without the owner’s knowledge, identity theft implies that we must keep our identities private and hidden so that they can’t possibly be abused by criminals.
But if we change our language from identity theft to identity impersonation – a term that more accurately reflects the fraudulent act – then the suggestion of fault moves from the impersonated individual to the institution that has been duped.
Instead of citizens being made to feel guilty for exposing their private bits – like their birthday or family tree – they’d be free to share and explore their histories without worrying about what a criminal might try to do with that information.
The implications of this change in mindset would be vast. If financial behemoths could no longer claim to verify identity based on facts drawn from public records, then they may no longer be able to offer a bank loan to a customer in Kirkwall from a call centre in Cardiff.
Perhaps we’d see a return to high street banking, with bank managers who really know their customers. Or, more likely, financial institutions would have to work with governments to provide some more secure way of remotely verifying identity, perhaps using national ID cards.
A national ID card scheme may seem Orwellian to some, but in an age when we’re all anonymous, tapping away on an iPad that could just as easily be in Newton Mearns or New Delhi, we must accept that old methods of personal verification are broken and that we need a new system.
If the government doesn’t provide such a system then the private sector will surely step in. Personally, I’d be more comfortable with my public records being tied to a national ID card than to my Google account.
But that’s a question for another day. The principle at stake right now is ownership of our personal details and history, and our right to share that knowledge with others. Ultimately, that information must belong to us, to do with as we see fit.