I have a colleague \u2013 and this not me myself \u2013 who has recently become victim of several identity thefts in a row. The goal of the thefts was to severely damage his life and to get into his footsteps, assignments, and contracts in business. According to popular assumptions the whole case is impossible: Money or other direct benefits were not the goal of the thief. Real world communities and activities were involved but this did not protect the victim. There is also no evidence that some unusually careless behavior took place. Following the German poet Christian Morgenstern, we could conclude that there were no identity thefts:<\/p>\n
Und er kommt zu dem Ergebnis:
\n\u00bbNur ein Traum war das Erlebnis.
\nWeil\u00ab, so schlie\u00dft er messerscharf,
\n\u00bbnicht sein kann, was nicht sein darf.\u00ab<\/p>\n
Still the impact of the identity thefts is very real. So why could it happen? The key problem was that out of very little evidence (coming from the thief owning a copy of the victim\u2019s passport) a convincing chain of trust could emerge, because in the online world identity is usually not scrutinized. If for the involved transactions a legal electronic identity (eID) \u2013 that is an online equivalent to a passport in the physical world, whose data a guaranteed by a national state \u2013 would be mandatory, the thief would have needed significantly more criminal energy and higher technical skills to pursue his goals. In addition, he would face now a significantly higher likelihood for a significantly higher punishment by Justice. Therefore, it is fair to assume that the enforcement to use legal eIDs and other trust services for critical online transactions and the enforcement to validate identities in critical organizational processes would have saved my colleague from becoming a victim \u2013 and it would help in many similar scenarios for identity theft, too.<\/p>\n
Two types of problems<\/strong><\/p>\n The sketched case is one where things went wrong because in many settings people do not care about the evidence for another\u2019s identity. The more real and digital worlds become inseparably entangled the more such cases we shall see. On the contrary, many transactions do not take place on the Internet and services are either not offered or hardly used when they are offered just because people and the lawmakers are aware of the risks. Both, the misuse and the non-use, hinder the digital transformation of economy and society significantly.<\/p>\n Trust services are must-haves<\/strong><\/p>\n Relying on insurances for payments is not enough to make the Internet a trustworthy place. If we want to establish a sustainable digital transformation then we urgently need<\/p>\n The role of government<\/strong><\/p>\n Like in the physical world in case of passports, at least authentication and the certification of basic attributes should be provided by the government. Outsourcing this to private industry or NGOs puts up the question whether we need a state in the future at all. In this context, countries like Denmark and Austria have decided to re-nationalize their so far half-private legal eIDs.<\/p>\n Also the cross-border usability requires government involvement. The EU has paved the way through its Large Scale Pilots from the STORK family and the eIDAS regulation, which is based on mutual recognition of notified national legal eIDs through an interoperability infrastructure.<\/p>\n Self-managed privacy<\/strong><\/p>\n T<\/strong>rust services like those depicted above also contribute to the protection of privacy. On the one hand trustworthy attributes reduce the amount of information needed for trust management. On the other hand the ultimate goal of privacy protection is to give concerned citizens control over how others store data about them. Practically feasible and user-friendly solutions are much easier to design and implement, when the concerned citizens own universally usable legal eIDs.<\/p>\n <\/p>\n <\/p>\n","protected":false},"excerpt":{"rendered":" I have a colleague \u2013 and this not me myself \u2013 who has recently become victim of several identity thefts in a row. The goal of the thefts was to severely damage his life and to get into his footsteps, assignments, and contracts in business. According to popular assumptions the whole case is impossible: Money […]<\/p>\n","protected":false},"author":1516,"featured_media":10563,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1246,460],"tags":[],"yoast_head":"\n\n