Name: margalit
Location: Massachusetts, United States Professional writer, educational advocate, opinionated ultra liberal mother of 18 year old twins, living life in the slow lane due to hypertrophic cardiomyopathy, congestive heart failure, and diabetes.

email: margalitc at yahoo dot com

View My Complete Profile

My Amazon.com Wish List

Rate this Blog at Blogged

Photo Sharing and Video Hosting at Photobucket



Alltop, confirmation that we kick ass

Powered by FeedBlitz

Subscribe with Bloglines

Blog Search: The Source for Blogs

Add to Technorati Favorites


Powered by Blogger

Wednesday, March 22, 2006


One of the things I'm looking at for work is the issue of authentication. Ok, don't all yawn at once, because this little word affects all of us every day.

How are you represented online? How does any company you deal with online know who you are? What proof do you offer them, or what proof does a company demand in order for you to trade with them. And the question that I've most been thinking about, how are your children, or mine for that matter, representing themselves online.

Which brings us to Friendster, MySpace, and some of the other online 'communities' where children congregate. MySpace does no authentification whatsoever when someone creates an account on their servers. They ask for no proof of who you are, nor do they care who a prospective user is. They ask the small question about age, but kids are experts at lying.

While perusing my kid's MySpace accounts last night, as I do nightly just to make sure everything is up to my approval, I saw that the Girl had accepted a Friend I didn't recognize. On going to that person's site, I noted that this was a kid in my daughter's 8th grade class that was representing himself as a 19 year old boy from California. Because of how he represented himself, he had a lot of soft core porn on his site. I deleted him immediately as my daughter's friend, and reported him to MySpace for fraud. His page is still up today.

My children and their friends are experts on Ebay. They know how to buy buy buy, but they're not all that astute about how sellers work. They don't always notice things adults would, yet they are liable for shopping, even when the seller is less than honest. Had ebay used an authentication methodology, they would know that someone under the age of 18 was entering into a binding contract without parental consent, which isn't legal. But ebay doesn't authenticate once a userID and password has been attached to an account.

Some of the ways to authenticate who is using an account are by using passwords, but we've all learned that controlling passwords is fairly pathetic to ensure secure transactions online. What about those ecommerce companies that promise secure transactions by placing that little SSL padlock on the bottom of a page? Is that any safer? Nope, it's not. That padlock guarantees pretty much nothing except that you have been told to trust it. But it's not trustworthy.

What about pin numbers? Same as passwords, they're too easy to break and again don't promise security. Biometrics is exciting and new, but there are way too many things that don't work about it. Fingerprints aren't like on CSI, where you run them through a computer and get a perfect match in 5 seconds. It's much more complicated than that, and hardly foolproof. Iris scannings? Are you planning to stick your eyeball into an ATM machine? Not me. DNA... yeah, right. Maybe in 200 years but certainly not now.

So what does that leave? One thing is to change the way we authenticate who we are in this country. Some think that a national identity card is the way to go, with an embedded PK1 chip that would contain all the information as to who you are. It would not be linked to a driving license...or maybe it would be a national driving license. It would not be linked to a passport. But still, how do you prove who you are in the first place?

One idea that has been kicking around is to have a digital birth certificate of sorts. This would be similar to an identity card, but could be international in nature, and goverened by an agency outside the control of any government or nationality. I like this idea. a lot. As you may have grasped, I don't trust business to authenticate, but I also don't truse. governments, especially our government here in the USA to be responsible for identity authentification. Can you imagine the disaster that would be, since HomeLand Security can't even pass their own security tests. Nope, they're not to be trusted at all.

I don't mind having some kind of international identity card that authenticates who I am, but I do want it to be based on some legal premise. Right now in the US, we don't have any legal way of proving who we are. Birth Certs are easy to obtain, social security numbers are as well. And yet those are the two methods we use to say who we are. That's kind of sad.

I'm going to continue this in a series of posts. But I'd like to know what you think about this topic. So please comment.
Digg! Stumble It! JBlog Me add to kirtsy


Anonymous Nancy said...

Interesting post. We studied this for one of my graduate classes related to online business. I agree that there's so much potential for fraud online, which is particularly scary when it comes to children and people who are particularly gullible or susceptible to being taken advantage of.

We did also talk about the potential for some sort of online identity card -- but as you said, it would be a huge undertaking for any government (federal or international) and it would be difficult to establish the appropriate level of trust within private industry. I do work in my job with organizations such as VeriSign who help to ensure that connectivity in online environments (shopping and business applications) is secure -- they have to meet certain physical requirements that can be technically verified -- maybe a company like that could expand into online identification in the future?

22/3/06 8:43 PM  
Anonymous nita said...

unfortunately, i don't trust anyone with that kind of information. not one soul. well, not one soul that's in power...

and! it would be pretty easy for ebay to at least keep the same offenders from creating identities through IP addresses. even just the lazy ones. but no....loss of $$. i'm going to put my head under my pillow and wait til it's better ...

23/3/06 12:45 AM  
Blogger Meg said...

Your post was so interesting. I had heard rumors that my 17-year-old cousin was representing herself rather provocatively on MySpace. I joined up in order to check out what she was up to. I was shocked! Not only does she show half-naked pictures of herself, she lists her hometown, her school, and has a picture of her next to her car with the license plate clearly showing. She was friends with all kinds of sketchy guys, too. I finally called her mother (who had no idea about any of this) and she is no longer on MySpace. I'm glad to know someone else distrusts the system as much as I!

23/3/06 10:37 PM  
Blogger Christine said...

I had a MySpace profile at one point. I deleted it. Too much HS crap going on. I worry about kids on there, as there have been rapes and drug deals and who knows what else.

One of my cousins was molested by someone she met online, and a few of her friends were raped. The prize-winning human being who did it killed himself before he went to trial. It's a heavy load to hang on a 16-year-old.

Be careful out there.

24/3/06 11:30 AM  

Post a Comment

Links to this post:

Create a Link

<< Home

Copyright, 2003-2011 by Animzmirot Design Group. All rights reserved. No part of this blog may be reproduced in any form or by any electronic or mechanical means, including information storage and retrieval without written permission from Margalit, the publisher, except by a reviewer who may quote brief passages in a review. In other words, stealing is bad, and if you take what doesn't belong to you, it's YOUR karma.