- We are complaining about Choicepoint making publicly available that which was already publicly available (or should have been treated as such).
- There are malicious employees of legitimate companies right now stealing identities from credit bureaus.
- To the extent that any institution considers the information that was divulged secret (including ourselves), we need to start thinking otherwise and creating new models of trust.
- Validating identity of individuals or other entities without an existing trust model to rely on is extremely hard.
- Today’s ‘physical world’ trust models are not good enough for the virtual world, primarily because of the accelerant nature of the potential impact. If I forged a driver’s license in the past I could get into a club while being underage. Today, I can create a fictitious company, register with a credit agency, and steal many identities around the world before I am through.
- One way to force a rethink of trust models is for all identifiers to be made explicitly public. So, the Social Security Agency should publish a list on the web of all social security numbers. In this way, any entity that is treating that like a secret must create a new model.
- That new trust model is almost certainly rooted in cryptography.