Re: ID "theft" -- so what?

[Perry E. Metzger]

Dan Kaminsky <[EMAIL PROTECTED]> writes:
>>This is yet more reason why I propose that you authorize transactions
>>with public keys and not with the use of identity information. The
>>identity information is widely available and passes through too many
>>hands to be considered "secret" in any way, but a key on a token never
>>will pass through anyone's hands under ordinary circumstances.
>
> It's 2005, PKI doesn't work, the horse is dead.

Who said PK_I_? I only mentioned P_K_. There is no need for an _I_
here -- a public key stored at the bank in a database is sufficient,
without any certificates at all. The token can store the bank's key
without any need for a cert, either. Neither needs to check the
"certification" of such keys -- the mere presence of the key in the
correct part of storage indicates it is valid, the same way that a
.ssh key file needs no certification, only existence.


-- 
Perry E. Metzger[EMAIL PROTECTED]

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: ID "theft" -- so what?

[Dan Kaminsky]

This is yet more reason why I propose that you authorize transactions
with public keys and not with the use of identity information. The
identity information is widely available and passes through too many
hands to be considered "secret" in any way, but a key on a token never
will pass through anyone's hands under ordinary circumstances.

 

It's 2005, PKI doesn't work, the horse is dead.  The credit-card sized 
number dispensers under development are likely to be what comes next.


Amusingly, your face is an asymmetric authenticator -- easy to 
recognize, hard to spoof.


--Dan


-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: ID "theft" -- so what?

[John Denker]

On 07/13/05 12:15, Perry E. Metzger wrote:

However, I would like to make one small subtle point. 
... the use of widely known pieces of information about
someone to identify them. 


Yes, there are annoying terminology issues here.

In the _Handbook of Applied Cryptography_ (_HAC_)
 -- on page 386 they say "The terms _identification_
  and _entity authentication_ are used synonymously
  throughout this book"  (which in fact they are :-)
 -- on page 24 they say the term _authentication_ is
  often abused.

It seems to me that the term _identification_ is even more
ambiguous and open to misunderstanding than "authentication"
is.  Overall, it's a quagmire.

In some circles, the notion of _identifying information_
is quite a weak notion, meaning sufficient information
to pick the desired entity out of a crowd.  More-or-less
synonymous notions include
 *) characterization
 *) description (sufficiently detailed to be unique)
 *) unverified _claim_ of identity
 *) pointer, indicator, index
 *) name, call-sign, handle
 *) record-locator, database-key
-- used as an index into the database,
-- *not* a key in the sense of lock-and-key
-- example: LOGNAME i.e. the first field in each
   record in the /etc/passwd database

In other circles, _identification_ refers to a much stronger
notion.  When the military speaks of IFF (identification,
friend or foe) they don't consider it sufficient for you
to be able to _describe_ a friend, they actually want you
to _be_ a friend.

As to whether the word _identity_ should refer to full-blown
entity authentication, or to a mere characterization or
call-sign ... that seems like an unanswerable question.

==> My recommendation:  Avoid using terms like "identity"
and "identification" entirely.
-- If you mean "entity authentication", use that term
 in preference to "indentification".
-- If you mean a mere description, handle, record-locator,
 etc. use those terms.

It would be nice to have a convenient catch-all term for
the whole category of notions like description, handle,
record-locator, et cetera.  I don't recommend calling them
"weak" identification, because the term "weak authentication"
has already been taken, and means something else, namely
passwords and the like (_HAC_ page 388).

The only time that you can even dream of using a detailed
description as a means of entity authentication is when
meeting face to face.  Somebody who fits my description
in full detail "probably" is me, although even that isn't
entirely certain.

On the other side of that coin, in a typical e-commerce
situation, allowing a description or a call-sign to serve
in place of entity authentication is ludicrous.  It means
that anybody who can describe me can impersonate me.  The
vulerability to replay attacks and MITM attacks is unlimited.

Typically a full-blown entity authentication starts with one
party making a _claim_ of identity which the other party
then _verifies_.   Unix login is a familiar example:  first
I give my LOGNAME and then I give the corresponding password.

The notion of "theft" of my LOGNAME is vacuuous.  My LOGNAME
(jsd) is known to everybody, good guys and bad guys alike.
As Spike said, so what?  My LOGNAME is nothing more than a
handle, a call-sign, a record-locator, used to look up the
appropriate record in places like /etc/passwd.

If you want to impersonate me, my computer requires you to
know not just my LOGNAME but also my password.  The way we
should treat passwords is verrry different from the way we
should treat call-signs.

Using this refined terminology, I can clarify what I was
trying to say yesterday:
 1) Being able to _describe_ me (height, weight, date of birth,
SSN, LOGNAME, and great-great-grandmother's maiden name) does
not mean you _are_ me.
 2) Even fully identifying and authenticating me as me doesn't
suffice to prove that wish to authorize this-or-that financial
transaction.  Who I *am* and what I wish to *happen* are
dramatically different notions.  Authenticating me as an entity
is not a proper substitute for authenticating the transaction
itself.  These notions are not unrelated, but they are not
identical, either.

In present-day practice, SSNs, credit card numbers, and
various bits of personal description are suspended in some
weird limbo: they are not nearly as secret as passwords
should be, yet they are still treated by some parties as
if they had magical entity-authenticating power and even
transaction-authenticating power.

So where do we go from here?  In general:
 -- When we think and when we speak, always distinguish
  handle versus entity authentication versus transaction
  authentication.
 -- Don't entrust our money to institutions that can't
  reliably make that distinction.
 -- Obtain legislation so that Muggles are protected, not
  just us.

Also:  A critical step that phishers must take in order to
exploit phished information is to check its validity.  Therefore
banks *must* be required to perform entity-

Re: mother's maiden names...

[Mike Owen]

On 7/13/05, Perry E. Metzger <[EMAIL PROTECTED]> wrote:
> 
> A quick question to anyone who might be in the banking industry.
> 
> Why do banks not collect simple biometric information like photographs
> of their customers yet?
> 

Back in 2000, I opened an account with BofA, and they took a photo of
me, and added it to my debit/check card. Around that same time,
American Express was doing the same with their Costco branded cards.
I'm sure others are doing it, those are just the ones I have
experience with.


> --
> Perry E. Metzger[EMAIL PROTECTED]


Mike

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Attack on Brands blind signature

[Christian Paquin]

cypherpunk wrote:

eprint.iacr.org/2005/186 is an attack by Xuesheng Zhong on several
blind signature schemes, including one widely discussed on the
Cypherpunks mailing list back in the 1990s by Stefan Brands.  The paper
seems to show that it is possible for the bank/mint to recognize blind
signatures (i.e. untraceable electronic cash tokens) when they are
re-submitted for deposit, which is exactly what the blind signature is
supposed to prevent. The math looks right although I haven't tried to
look back at Brands' old work to see if it is correctly described in
the new paper.


The claim that Brands' signature scheme is linkable is incorrect (I 
haven't checked the other claims in the paper). The attack checks that 
a^{c'c^{-1}}.g^{s'-c'c^{-1}s} = a' for a signature {m', z', c', s'} and 
a view {m, r, z, a, b, c, s}.


The above equation reduces to

 = g^s' a^{c'c^{-1}} g^{-c'c^{-1}s}
 = g^s' (a g^{-s})^{c'c^{-1}}
 = g^s' (g^s y^{-c} g^-s)^{c'c^{-1}}
 = g^s' y^{-c'}

which is the normal signature validation term. If fact, you can see that 
the attack will match _any_ signature with _any_ view. Therefore, it 
provides no information to the attacker.


Cheers,

 - Christian

--

Christian Paquin
Security Architect
Credentica

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

[Clips] As Identity Theft Moves Online, Crime Rings Mimic Big Business

[R.A. Hettinga]

--- begin forwarded text


 Delivered-To: [EMAIL PROTECTED]
 Date: Wed, 13 Jul 2005 12:54:49 -0400
 To: Philodox Clips List <[EMAIL PROTECTED]>
 From: "R.A. Hettinga" <[EMAIL PROTECTED]>
 Subject: [Clips] As Identity Theft Moves Online,
Crime Rings Mimic Big Business
 Reply-To: [EMAIL PROTECTED]
 Sender: [EMAIL PROTECTED]

 

 The Wall Street Journal

  July 13, 2005
  U.S. BUSINESS NEWS


 Fraud Inc.
  As Identity Theft Moves Online,
  Crime Rings Mimic Big Business
 Russian-Led Carderplanet
  Steals Account Numbers;
  Mr. Havard Hits ATMs
 'Common Punk' to 'Capo'

 By CASSELL BRYAN-LOW
 Staff Reporter of THE WALL STREET JOURNAL
 July 13, 2005; Page A1


 At 19 years old, Douglas Cade Havard was honing counterfeiting skills he
 learned in online chat rooms, making fake IDs in Texas for underage college
 students who wanted to drink alcohol.

 By the age of 21, Mr. Havard had moved to England and parlayed those skills
 to a lucrative position at Carderplanet.com, one of the biggest
 multinational online networks trafficking in stolen personal data. Having
 reached a senior rank in the largely Russian and Eastern European
 organization, he was driving a $57,000 Mercedes and spending hundreds of
 dollars on champagne at clubs and casinos.

 Now 22, Mr. Havard is in a Leeds prison cell, having pleaded guilty to
 charges of fraud and money laundering. The Carderplanet network has been
 shut down.

 As other similar groups thrive and proliferate, Mr. Havard's case provides
 a rare insight into the underground marketplace for stolen information, a
 surging white-collar crime of the 21st century. It affects as many as 10
 million Americans at a price tag of $55 billion to American business and
 individuals, according to industry and government studies.

 While banks typically compensate customers for fraudulent losses, victims
 can spend hundreds of hours repairing the havoc wreaked on their personal
 records and finances and often end up paying legal fees to do so.
 Sometimes, ID-theft victims are forced to pay off the debt racked up in
 their name by fraudsters. In the most insidious cases, they are arrested
 for crimes committed by the person who stole their identity.

 Most identity theft still occurs offline, through stolen cards or rings of
 rogue waiters and shop clerks in cahoots with credit-card forgers. But as
 Carderplanet shows, the Web offers criminals more efficient tools to
 harvest personal data and to communicate easily with large groups on
 multiple continents. The big change behind the expansion of identity theft,
 law-enforcement agencies say, is the growth of online scams.

 Police are finding well-run, hierarchical groups that are structured like
 businesses. With names such as Carderplanet, Darkprofits and Shadowcrew,
 these sites act as online bazaars for stolen personal information. The
 sites are often password-protected and ask new members to prove their
 criminal credentials by offering samples of stolen data.

 Shadowcrew members stole more than $4 million between August 2002 and
 October 2004, according to an indictment of 19 of the site's members
 returned last October by a federal grand jury in Newark, N.J. The
 organization comprised some 4,000 members who traded at least 1.5 million
 stolen credit-card numbers, the indictment says.

 The organizations often are dominated by Eastern European and Russian
 members. With their abundance of technical skills and dearth of jobs,
 police say, those countries provide a rich breeding ground for identity
 thieves. One of Carderplanet's founders was an accomplished Ukrainian
 hacker who went by the online alias "Script," a law-enforcement official
 says. As with many of its peers, the Carderplanet site was mainly in
 Russian but had a dedicated forum for English speakers.

 One English speaker was Mr. Havard. He was arrested in Leeds in June 2004
 after allegedly stealing millions of dollars from bank accounts in the
 United Kingdom and the U.S. The charges against him have been detailed in
 hearings in the Leeds Crown Court, where Mr. Havard recently pleaded
 guilty. Last month, he was sentenced by a British judge to six years in
 prison. His U.K. lawyer, Graham Parkin, says Mr. Havard "accepts his role."

 Mr. Havard grew up in an upper-middle-class neighborhood in north Dallas.
 The son of a well-off entrepreneur who founded a local
 health-care-technology company, he attended a private high school and then
 Southern Methodist University before dropping out in the summer of 2002
 after his freshman year.

 Mr. Havard began honing his criminal skills as a tall, heavy-set teenager.
 He started using computers at a young age because of writing difficulties,
 his lawyers say. He learned about making fake IDs in online discussion
 forums.

 In February 2002, Dallas police arrested the blue-eyed, brown-haired youth
 selling 10 gallons of an ecstasy-like party drug to 

Re: mother's maiden names...

[Dan Kaminsky]

A quick question to anyone who might be in the banking industry.

Why do banks not collect simple biometric information like photographs
of their customers yet?

 

Bank Of America put my photo on my ATM card back in '97.  They're 
shipping me a new one right now, so I assume they kept it in the DB.


--Dan


-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: ID "theft" -- so what?

[Matthew Byng-Maddick]

On Wed, Jul 13, 2005 at 12:15:48PM -0400, Perry E. Metzger wrote:
> John Denker <[EMAIL PROTECTED]> writes:
>> My point here is that knowing who I am shouldn't be a
>> crime, nor should it contribute to enabling any crime.
>> Suppose you know who I am.  Suppose you know my date of
>> birth, social security number, and great-great-grandmother's
>> maiden name.  As Spike said, so what?
> I tend to agree. It is equally ridiculous to use a credit card account
> number as the "secret" to authorize a transaction, since that "secret"
> has to be given out several times a day.

I went to pay my credit card bill today via a transfer out of my current
account. The amount was 714 quid or so. When I do this, I normally have
to sign a piece of paper to authorise the transaction - I'm happy with
this. In addition, I was also asked to confirm my date of birth and my
home postcode. (Just as a simple challenge, these are two data about me
that everyone on this list should quite trivially be able to find out).
Given the discussion, I commented that they weren't particularly secure
questions, so why bother asking them.  Apparently it's because my name
wasn't printed on the credit card bill. (HSBC have started printing it
in two sheets).

It didn't occur to her that she could quite easily have asked to see the
piece of plastic which is my credit card, which has the same numbers as
on the sheets, and my name. When I showed her that, she said "well, we
don't take credit cards as identification", and I pointed to the numbers
on the bill. I then got told that this only happened because the transaction
was between 500 and 1000 pounds. If it had been more, I would have needed
to show them a driving licence or passport (I don't drive, and I do now
have a passport, but there were several weeks where I was getting it
replaced recently - what if I'd needed to pay a large amount in, or if I'd
forgotten about it).

They also only bothered to tell me about this when I went there. I don't
routinely carry photo-ID and given the speed with which they processed the
queue, and the questions they asked. I suspect I'd have had a fairly major
strop.

>> And that is precisely where the problem lies.  Any
>> system that lets _identification_ serve as _authorization_
>> is so incredibly broken that it is hard to even discuss
>> it.  I don't know whether to laugh or cry.
> Again, yes.

I'm not so sure about this.

> However, I would like to make one small subtle point. In fact, what
> you are complaining about is not the use of identification for
> authorization -- that is a totally separate and equally sad discussion
> -- but the use of widely known pieces of information about
> someone to identify them. The issue is that the bank pretends only you

Very much so!

Cheers

MBM

-- 
Matthew Byng-Maddick  <[EMAIL PROTECTED]>   http://colondot.net/
  (Please use this address to reply)

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: ID "theft" -- so what?

[Anne & Lynn Wheeler]

there are a couple issues

1) using any widely known information for authentication.

2) standard security kindergarten 101 requires that every unique
security domain requires a unique shared secret (if shared secret is
used for authentication)

3) any information that is used for authentication should be dedicated
for authentication and not widely used in large number of other business
processes (like account numbers)

4) static data authentication (whether unique or not) is subject to
skimming for various kinds of replay and impersonation attacks.

=

the issue with digital signatures and private keys ... is that the
digital signature can be unique per transaction ... and that the
mechanism which is used to originate the transaction (private key) is
never divulged ... countermeasure against the skimming attacks on
transaction origin.

note that there have been some poorly designed digital signature schemes
that separate the authentication from the transaction ... such that they
are subject to MITM-attacks

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: ID "theft" -- so what?

[Derek Atkins]

Quoting "Perry E. Metzger" <[EMAIL PROTECTED]>:


> So, rephrasing, the problem is not that secret information isn't a
> fine way to establish trust -- it is the pretense that SSNs, your
> mom's birth name or even credit card numbers can be kept secret.
>
> > Identifying information cannot be kept secret.
> 
> I'd amend that to "things like your name, your SSN or your account
> numbers cannot be kept secret..."

I think it's worse than that -- in reality it is any static piece of
information.  It doesn't matter WHAT that piece of information is.  You really
want a challenge-response system to prove both knowledge and liveness of the
information.
 
-derek

-- 
   Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
   Member, MIT Student Information Processing Board  (SIPB)
   URL: http://web.mit.edu/warlord/PP-ASEL-IA N1NWH
   [EMAIL PROTECTED]PGP key available


-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: mother's maiden names...

[R.A. Hettinga]

At 12:26 PM -0400 7/13/05, Perry E. Metzger wrote:
>Why do banks not collect simple biometric information like photographs
>of their customers yet?

Some do.

Cambridge Trust puts your picture on the back of your VISA card, for
instance. They have for more than a decade, maybe even two.

Cheers,
RAH

-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

UK EU presidency aims for Europe-wide biometric ID card

[Anne & Lynn Wheeler]

http://www.theregister.com/2005/07/13/uk_eu_id_proposal/

UK EU presidency aims for Europe-wide biometric ID card

The UK is using its Presidency of the Council of the European Union to
push for the adoption of biometric ID cards and associated standards
across the whole of the EU. In a proposal issued on Monday (11th July),
the UK calls for the drafting of "common standards for national identity
cards taking into account the achievements in relation to the EU
passport and in the ICAO framework."

,,, snip ...

note that some EU govs. are trying to have legislation that has an x.509
identity certificate appended to every digital signature. this
effectively turns even the most lightweight digital signature
authentication even into a heavyweight identification event.

when we were called into help word-smith the cal. state and later the
fed. electronic signature law ... a lot of effort went into making the
wording technology agnostic as well as trying to avoid confusing
authentication and identification. the other force that was somewhat at
work was moving things in the direction that a digital signature could
take on the attributes of a human signature (possibly because of
semantic confusion over both terms; *digital signature* and *human
signature* containing the word *signature*) ... including that if a
digital signature was discovered ... that human intent, read,
understanding, agrees, approves, and/or authorizes was somehow implicit
in the existance of a digital signature.

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Stuart Baker, ex NSA general counsel, gets Homeland Security post

[Perry E. Metzger]

Many of you may remember Stuart Baker from the crypto export policy
wars. I still remember him telling me in a conversation after a New
York Bar Association debate on the subject that the Internet would
never be of any economic importance. Anyway, without further comment:

http://www.whitehouse.gov/news/releases/2005/07/20050713-8.html

   The President intends to nominate Stewart A. Baker, of Virginia, to be
   an Assistant Secretary of Homeland Security (Policy). Mr. Baker is
   currently a Partner with Steptoe & Johnson, LLP in Washington, D.C. He
   previously served as General Counsel for the Commission on the
   Intelligence Capabilities of the United States Regarding Weapons of
   Mass Destruction. Prior to that, Mr. Baker served as General Counsel
   for the National Security Agency. Earlier in his career, he was a law
   clerk for Justice John Paul Stevens, U.S. Supreme Court. Mr. Baker
   received his bachelor's degree from Brown University and his J.D. from
   the University of California, Los Angeles.


Perry

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

mother's maiden names...

[Perry E. Metzger]

A quick question to anyone who might be in the banking industry.

Why do banks not collect simple biometric information like photographs
of their customers yet?

If I walk into a branch complaining that I've been robbed and that I
don't have my bank card any more, the branch manager will look at some
externally generated credential (like a driver's license) and ask me
something like my mother's maiden name. Of course, my mother's maiden
name is widely available in public records, and bank clerks aren't
well trained in identifying forged licenses (though presumably they
are rare).

Why is it, then, that banks are not taking digital photographs of
customers when they open their accounts so that the manager's computer
can pop up a picture for him, which the bank has had in possession the
entire time and which I could not have forged? Heck, that would also
provide a secondary check for a teller when processing an in-person
transaction -- the customer's picture could just come up as soon as
you open their account and you could eyeball them. Digital cameras are
also pretty cheap, and opening an account is a sufficiently tedious
manual process that another few seconds would make no practical
difference to the customer or bank employee.

My guess is that the reason is a) they've never done things this way
before and b) fraud rates are low enough that they haven't had the
stimulus.

However, I think it is something people might want to consider in
designing security systems for institutions like this. Photographs,
iris scans, fingerprints, etc. are all awful ways of handling
identification over the internet, but they work very nicely if they
can be checked in person by someone. If you need to have a good sense
that you are in fact talking (in person) to the real customer, a
picture and/or digitally stored fingerprints collected when the
account was opened seem like a simple and cheap way of improving
security.


-- 
Perry E. Metzger[EMAIL PROTECTED]

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: ID "theft" -- so what?

[Perry E. Metzger]

John Denker <[EMAIL PROTECTED]> writes:
> My point here is that knowing who I am shouldn't be a
> crime, nor should it contribute to enabling any crime.
> Suppose you know who I am.  Suppose you know my date of
> birth, social security number, and great-great-grandmother's
> maiden name.  As Spike said, so what?

I tend to agree. It is equally ridiculous to use a credit card account
number as the "secret" to authorize a transaction, since that "secret"
has to be given out several times a day.

> It's only a problem if somebody uses that _identifying_
> information to spoof the _authorization_ for some
> transaction.

Yes.

> And that is precisely where the problem lies.  Any
> system that lets _identification_ serve as _authorization_
> is so incredibly broken that it is hard to even discuss
> it.  I don't know whether to laugh or cry.

Again, yes.

However, I would like to make one small subtle point. In fact, what
you are complaining about is not the use of identification for
authorization -- that is a totally separate and equally sad discussion
-- but the use of widely known pieces of information about
someone to identify them. The issue is that the bank pretends only you
would know your mother's maiden name, not that the bank would only let
you withdraw funds. A piece of information that is not widely known
but which can be used to establish your identity -- such as a private
key only you should know -- is probably fine.

So, rephrasing, the problem is not that secret information isn't a
fine way to establish trust -- it is the pretense that SSNs, your
mom's birth name or even credit card numbers can be kept secret.

> Identifying information cannot be kept secret.

I'd amend that to "things like your name, your SSN or your account
numbers cannot be kept secret..."

> There's no point in trying to keep it secret.  Getting a new SSN
> because the old one is no longer secret is like bleeding with
> leeches to cure scurvy ... it's completely the wrong approach.  The
> only thing that makes any sense is to make sure that all relevant
> systems recognize the difference between identification and
> authorization.

I have to agree yet again (with my caveats about the terminology you
are using).

This is yet more reason why I propose that you authorize transactions
with public keys and not with the use of identity information. The
identity information is widely available and passes through too many
hands to be considered "secret" in any way, but a key on a token never
will pass through anyone's hands under ordinary circumstances.


Perry

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: ID "theft" -- so what?

[J]

--- John Denker <[EMAIL PROTECTED]> wrote:

[...]
> It's only a problem if somebody uses that _identifying_
> information to spoof the _authorization_ for some
> transaction. [...]
> 
> Identifying information cannot be kept secret.  There's
> no point in trying to keep it secret.  Getting a new
> SSN because the old one is no longer secret is like
> bleeding with leeches to cure scurvy ... it's completely
> the wrong approach.  The only thing that makes any sense
> is to make sure that all relevant systems recognize the
> difference between identification and authorization.

See, that's precisely where the problems lies: I could not agree more
with you but the fact that you are completely, 100% right doesn't help
me one bit if T-Mobile's computer system requires that I give them my
SSN (which, by the way, may no longer be the case). 

And there's no point in arguing with the store manager because he
likely doesn't have the power to do anything about it anyway and
probably just doesn't care.

The fact of the matter is that you're making entirely too much sense.
;)

SSNs were never intended to be used for authorization. That's why it
explicitly said "For Social Security Purposes. Not for Identification"
on the bottom of old social security cards. 

These days, federal law says quite the opposite. USC 405 [C] and
subsequent sections state that it's okay for any state or government
agency to require an individual to provider their SSN  "[...] for the
purpose of establishing the identification of individuals affected by
such law [...]". In the Greate State of California, you can, for
instance, not even get a driver's license without telling the DMV your
SSN. Since I don't see a connection between said (semi-)randomly
assigned number and my ability to operate a motor vehicle, I'd have to
wager a guess and say that the CA DMV does indeed use social security
numbers for identification purposes. Fortunately, they don't just go
ahead and use your SSN as your driver's license number, too (IL, I
believe, used to do that). 

And the fact that many private businesses and schools still use SSNs as
unique identifiers and often display them quite prominently for the
world to see (eg. to people working in call centers half-way around the
world) makes matters even worse. 

Because you will often find that people treat you like you're going out
of your way to be a PITA if you refuse to give them your SSN. And
that's all fine and well as long as we're talking about the likes of
T-Mobile. Just use a different carrier, right? Well, they all (used to)
require that you give them your SNN. And so do most telcos, utility
companies, landlords, banks, public schools, community colleges, DMVs,
credit card companies, car dealerships (financing, etc.), cable
companies and pretty much any government agency (state and federal)
that issues any kind of license.

The answer to this dilemma? I'm afraid this time it really is
legislation. Frankly, I'm not even sure if that would work but, at this
time, it's our best shot. Congress won't do anything about this unless
a few representatives have their identities stolen and experience
first-hand what a PITA it is to have to deal with the fallout.

   -Jörn

__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: EMV

[Anne & Lynn Wheeler]

 ... the original introduction of HK octopus transit card used the
"sony" flavor of iso 14443 with 10cm and transit requirements of
transaction in 100ms. having it in the bottom of a bag and bringing the
bag within 10cm of the reader does the trick.

there was a transit meeting where the mondex people attended ... they
claimed that they could also be used for transit ... just get a wireless
sleave for the mondex card ... and build 14' long tunnels leading up to
the transit gates ... and have the people walk slowly thru the tunnels.

Gabriel Haythornthwaite wrote:
> In Hong Kong a lot of people do little more than wave their bags at the
> turnstile.  Removing the wallet and revealing its size is unnecessary. 

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: the limits of crypto and authentication

[R.A. Hettinga]

At 2:48 PM -0700 7/12/05, Bill Stewart wrote:
>It'd be nice if good crypto and authentication methods
>could create a market for improved products

It can, it does, and it's called significantly reduced risk-adjusted
transaction cost in financial econ-speak. Maybe the marketing droids need
to come up with a 50's-era "secret" ingredient, a cryptographic
"Floristan(tm)", but frankly, I don't think they're going to have to.

Frankly, however, I think that reduced transaction costs creates
*dis*economies of scale by reducing barriers to market entry and thus
firm-size, and reducing proprietary anything to fungible graded commodities
traded in so-called (see your Econ 51 textbook) perfectly competitive
markets, instead of monopolistic competition (brands, trademarks, patents
and other artifacts of batch-driven industrial production), which is what
we have today. Think of it as the financial equivalent of grey-goo, or,
better, blood-music, or whatever.

Linux vs Novel/MS-DOS/Unix(tm) for instance, or, again better, IETF-esque
protocols replacing various proprietary secret-sauce bit-slinging methods.

BTW, Perry, I think that as we get to online instantaneity for every
transaction, we eventually converge to pre-underwritten pre-encrypted
pre-authenticated quasi-anonymous unique value-bits circulating on public
networks: internet bearer financial cryptography protocols, in other words.

Cheers,
RAH
"But you *knew* I was gonna say *that*, right?"
-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]