Identity overload: complacency breeding fraudster paradise

The next time you relinquish your personal identity to simply enter a venue or purchase something, spare a thought for how the information might be stored, transmitted and used in the future. Such an overload of identity information may lead to a dramatic escalation in fraud, claims one legal eye.

Victorian barrister and writer Elizabeth Wentworth uses the term "ID overload" to describe the growing requirement for -- and how willing we are to provide -- personal information for increasingly menial tasks.

For 10 years Wentworth was an in-house lawyer and dealt with many cases involving electronic commerce.

"In the process I got to see an extraordinary lack of understanding of what online fraud is," Wentworth said. "Now there is a growing anger of ID theft and fraud and this is good news."

Speaking at this year's AusCERT information security conference, Wentworth is raising awareness about ID overload because "if there is a war on I would like the good guys to win".

"In southern NSW my partner's drivers licence was cheerfully scanned by the receptionist at a local sports club," she said. "What surprised me is how it was all done in silence.

"Until recently, the increase in scanning of drivers licences and passports seems to have slipped under the radar. A lot of these organizations are exempt from privacy legislation and it is appealing to venues trying to control troublemakers."

According to Wentworth, having to supply so much identity information so frequently has made people desensitized to providing personal information. ID overload also includes the proliferation of "required fields" in online interactions and "share it with the world" features of social networking Web sites.

Wentworth said the hotels and clubs are amassing a pool of important identity documents and, depending on the storage security, it could be accessible for theft and misuse.

A flow on effect might be people in the "club generation" risks devaluation and misuse of their identities.

"In my opinion, there is a low level of privacy awareness and enforcement. Maybe people have given up worrying."

To remedy the ID overload trend, Wentworth recommends developing a "workable and sustainable" policy around identity harvesting.

"How do you make policy that will address security and privacy issues?" she said. "Will it achieve what you want it to achieve? Criminals don't suffer from compliance exhaustion, but they do suffer from stupidity and that is our only hope."

Other challenges include whether the policy is sustainable, how much will it "weigh", and is it wasting time as there may already be an under-utilized or under-enforced law that can be reused.

"There are also global policy issues like security and privacy education," Wentworth said. "Are we succeeding in educating citizens, customers, and employees. For example, bank fraud against senior citizens is likely to increase."

To reverse the ID overload trend, the main problems to solve are the indiscriminant use of identity scanners, and to "keep our guard up online" by transferring on-land skills and experience to the online environment.