1 / 87

Identity Management: Dealing with Disclosure

Identity Management: Dealing with Disclosure. “constructing identity management solutions that are provably appropriate for a particular context". Latanya Sweeney, PhD. privacy.cs.cmu.edu latanya@privacy.cs.cmu.edu. Privacy Technology. Privacy is here to stay.

tala
Download Presentation

Identity Management: Dealing with Disclosure

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Identity Management: Dealing with Disclosure “constructing identity management solutions that are provably appropriate for a particular context" Latanya Sweeney, PhD privacy.cs.cmu.edu latanya@privacy.cs.cmu.edu

  2. Privacy Technology • Privacy is here to stay. • Computer scientist must help solve this problem. • Selective Revelation • Example: video surveillance • Example: bio-terrorism surveillance • Example: identity theft • Example: distributed surveillance • Example: privacy-preserving surveillance • Example: DNA privacy • Example: Identity theft protections • Example: k-Anonymity • Example: Webcam surveillance • Example: Text de-identification • Example: Policy specification and enforcement • Example: Scam Spam privacy.cs.cmu.edu

  3. Privacy Technology • Privacy is here to stay. • Computer scientist must help solve this problem. • Selective Revelation • Example: video surveillance • Example: bio-terrorism surveillance • Example: identity theft • Example: distributed surveillance • Example: privacy-preserving surveillance • Example: DNA privacy • Example: Identity theft protections • Example: k-Anonymity • Example: Webcam surveillance • Example: Text de-identification • Example: Policy specification and enforcement • Example: Scam Spam 6. Example: Identity theft 10. Example: Identity theft protections privacy.cs.cmu.edu

  4. HandShot ID A Fast 3-D Imaging System for Capturing Fingerprints, Palm Prints and Hand Geometry new Victor Weedn, MD, JD Forensic Science Program Duquesne University weednv@duq.edu Latanya Sweeney, PhD School of Computer Science Carnegie Mellon University latanya@cs.cmu.edu Very Grateful to the U.S. Department of Justice for the opportunity to build HandShot and study the science of fingerprint matching. privacy.cs.cmu.edu/dataprivacy/projects/handshot/index.html

  5. new Testimony European Union Commission How should policy makers think about drafting policy for RFID technologies? 1. Cornerstones of privacy protection can be incorporated within many ubiquitous technology applications to provide privacy protection. 2. Focus policy at the general nature of ubiquitous technology and not on specific instances or uses of specific technologies. privacy.cs.cmu.edu

  6. Acknowledgements Special thanks to Mike Gurski Richard Owens Pasha Peroff for inviting me to this outstanding conference. I am always extremely honored to be here.

  7. Addressed in This Talk This talk will examine the nature of identity management problems and examine roles biometrics can play along with accompanying policy or additional technology. An integrated solution (“identity phone”) will be presented as a working example. privacy.cs.cmu.edu/dataprivacy/talks/CACR-05-11.html

  8. This Talk • Identity Management Problems • 2. Biometric Technologies • 3. Applying Biometrics to Problems • 4 Identity Phone Example privacy.cs.cmu.edu

  9. This Talk • Identity Management Problems • Examine identity theft in terms of the acquisition of fraudulent credit cards and related issues to the U.S. Social Security number. [Identity Angel* & SSNwatch Projects] • 2. Biometric Technologies • 3. Applying Biometrics to Problems • 4. Identity Phone Example * Recently on CBS News

  10. Historical Highlights of the SSN • 1935 Social Security Act SSNs only to be used for the social security program. • 1943 Executive Order 9397 Required federal agencies to use SSNs in new record systems • 1961 IRS began using SSN As taxpayer identification number • 1974 Privacy Act Government agencies use of SSN required authorization and disclosures (exempt agencies already using SSN) • 1976 Tax Reform Act Granted authority to State and local governments to use SSNs: state and local taxes, motor vehicle agencies • Over 400 million different numbers have been issued. Source: Social Security Administration, http://www.ssa.gov/history/hfaq.html

  11. Non-Government Uses of SSN • Corporate use of the SSN is not bound by the laws. • You can request an alternative number. You can refuse to provide, they can refuse service. • Most common non-government use relates to credit bureaus and credit granting companies: • Recognition – to locate your credit history for sharing it with you or with others with whom you sought credit. • Linkage – to make sure new entries are added to your credit report. • Common uses until recently are for corporate identification Example: medical and school identification cards

  12. Quality of the SSN Assignment Ability to acquire the number and use it falsely grows as more copies of the number are stored for different purposes. A Social Security number is almost always specific to one person and one person typically has a unique SSN. There are exceptions.

  13. Unusual case of SSN 078-05-1120 Used by thousands of People! In 1938, a wallet manufacturer provided a sample SSN card, inserted in each new wallet. The company’s Vice President used the actual SSN of his secretary, Mrs. Hilda Schrader Whitcher. The wallet was sold by Woolworth and other stores. It had "specimen" written across the face, but many purchasers of the wallet adopted the SSN as their own. SSA voided the number. (Mrs. Whitcher was given a new number.) In total, over 40,000 people reported this as their SSN. As late as 1977, 12 people were still using it. Source: Social Security Administration, http://www.ssa.gov/history/ssn/misused.html

  14. Social Security Number Summary SSNs are used to represent a person:easy to replicate, easy to provide in-person and remotelyeasy to store and match BUT not verifiable when presentedeasily forgedencoded, thereby leaking information

  15. SSNwatch On-line SSN validation system. Given the first 3 or 5 digits of an SSN, returns the state in which the SSN was issued along with an estimated age range of the person. Sample uses: Job Applications Apartment Rentals Insurance Claims Student Applications privacy.cs.cmu.edu/dataprivacy/projects/ssnwatch/index.html

  16. SSNwatch Results for SSN 078-05- If the person presenting the SSN is about age 20, then it is extremely unlikely that the provided SSN was issued to that person.

  17. SSNwatch Results for SSN 078-05- If the person presenting the SSN fails to list or acknowledge New York as a prior residence, then it is extremely unlikely that the provided SSN was issued to that person.

  18. What is Identity Theft? Identity theft Identity theft occurs when a person uses another person’s personally-identifying information such as name, Social Security number, credit card number or other explicitly identifying information, without permission to commit fraud or other crimes. Source: Federal Trade Commission, http://www.consumer.gov/idtheft/

  19. Problems Posed by Identity Theft Identity theft is a serious crime. People whose identities have been stolen can spend months or years - and their hard-earned money - cleaning up the mess thieves have made of their good name and credit record. Victims may lose job opportunities, be refused loans, education, housing or cars, or even get arrested for crimes they didn't commit. Source: Federal Trade Commission, http://www.consumer.gov/idtheft/

  20. Federal Trade Commission Report: Overview of the Identity Theft Program, Oct 1998 – Sep 2003

  21. Federal Trade Commission Report: Victim Complaint Data

  22. Federal Trade Commission Report: Victim Complaint Data More than 40% involve credit card fraud!

  23. Federal Trade Commission Report: Victim Complaint Data

  24. Federal Trade Commission Report: Victim Complaint Data More than half are young adults, who are mobile and active on the web!

  25. Identity Angel Project Is there sufficient information freely available on-line to obtain fraudulent credit cards? Thousands of Americans are at risk to identity theft immediately! Can be done with little technical knowledge!

  26. Student applicationBasic information and School Information

  27. Basic Information Necessary For a Credit Card Application • Name • Social Security number • Address • Date of birth • Mother’s maiden name Strategy: if one can identify these fields for a person, they have the basic information needed to acquire a credit card in that person’s name.

  28. Basic Information Necessary For a Credit Card Application Do these first. • Name • Social Security number • Address • Date of birth • Mother’s maiden name Strategy: if one can identify these fields for a person, they have the basic information needed to acquire a credit card in that person’s name. Therefore, we need only demonstrate how this information can be obtained on-line.

  29. One Approach is to Buy an SSN There are websites that advertise SSNs for sale. The California-based Foundation for Taxpayer and Consumer Rights said for $26 each it was able to purchase the Social Security numbers and home addresses for Tenet, Ashcroft and other top Bush administration officials, including Karl Rove, the president's chief political adviser. [Associated Press, “Social Security numbers sold on Web” 8/28/2003]

  30. Google: resume ssn site:.edu 1 [DOC]RESUME File Format: Microsoft Word 2000 - View as HTML RESUME. RICHARD ALLEN BROWN. Richard Allen Brown. PO Box 782. Kayenta, AZ 86033. Home Telephone-520-697-3513. NAU Telephone-520-523-4099. DOB: 03-10-77. SSN: 527-71 ... dana.ucc.nau.edu/~rab39/RAB%20Resume.doc Many found. One is shown above. But the actual resumes are amidst lots of non-resume pages!

  31. Google: resume ssn site:.edu 2 resume ... 2843. DOB: 10-10-48 New Britain, CT 06050-4010. F: (860) 832-3753. SSN: 461-84-8245 H: (203) 740-7255 C: (203) 561-8674. Education. Ph. ... www.math.ccsu.edu/vaden-goad/resume.htm A second example.

  32. Google: resume ssn site:.edu 3 Scot Lytle's Resume Scot Patrick Lytle. Home: (301)-249-5330 2116 Blaz Court School: (410)-455-1662 Upper Marlboro, MD 20772 SSN: 578-90-8915 OBJECTIVE. ... userpages.umbc.edu/~slytle1/resume.html We emailed warnings to these people that this is not a good practice! One claimed to have been the victim of a identity theft recently.

  33. Job Banks are On-line with Resumes Listing {SSN, name, address} ... Welcome to Maryland's Job Bank! ... Are You Looking For Dream Job. ... Search for jobs nationwide, and by creating a resume, thousands of employers across the nation ... www.ajb.dni.us/md/ - 29k NationalJobBank.com - Post your jobs or resume for FREE! ... The National Job Bank is a web-site developed specifically for job seekers, employers ... We encourage you to post your resume, post a job listing or contact ... www.nationaljobbank.com/ - 16k - Sep 9, 2003

  34. Basic Information Necessary For a Credit Card Application Done. • Name • Social Security number • Address • Date of birth • Mother’s maiden name Next... Strategy: if one can identify these fields for a person, they have the basic information needed to acquire a credit card in that person’s name. Therefore, we need only demonstrate how this information can be obtained on-line.

  35. Google: resume ssn site:.edu 1 [DOC]RESUME File Format: Microsoft Word 2000 - View as HTML RESUME. RICHARD ALLEN BROWN. Richard Allen Brown. PO Box 782. Kayenta, AZ 86033. Home Telephone-520-697-3513. NAU Telephone-520-523-4099. DOB: 03-10-77. SSN: 527-71 ... dana.ucc.nau.edu/~rab39/RAB%20Resume.doc This on-line resume, located earlier, actually listed date of birth too!

  36. Google: resume ssn site:.edu 2 resume ... 2843. DOB: 10-10-48 New Britain, CT 06050-4010. F: (860) 832-3753. SSN: 461-84-8245 H: (203) 740-7255 C: (203) 561-8674. Education. Ph. ... www.math.ccsu.edu/vaden-goad/resume.htm This on-line resume, found earlier, also listed date of birth!

  37. Google: resume ssn site:.edu 3 Scot Lytle's Resume Scot Patrick Lytle. Home: (301)-249-5330 2116 Blaz Court School: (410)-455-1662 Upper Marlboro, MD 20772 SSN: 578-90-8915 OBJECTIVE. ... userpages.umbc.edu/~slytle1/resume.html The third resume did not have his DOB listed.

  38. anybirthday.com given a name, provides a birthday Had several hits matching name, but only one in his ZIP.

  39. Finding Dates of Birth Anybirthday.com tends to have information on people over the age of 30. Younger people are often not included. Many other population registers can be used, such as voter lists. Anybirthday.com is not he only source!

  40. Basic Information Necessary For a Credit Card Application Done. • Name • Social Security number • Address • Date of birth • Mother’s maiden name Done. Next... Strategy: if one can identify these fields for a person, they have the basic information needed to acquire a credit card in that person’s name. Therefore, we need only demonstrate how this information can be obtained on-line.

  41. Publicly Available Birth Records Not all states, but many consider birth records, the kind of information included on a person’s birth certificate in the United States, as publicly available information. A few states have gone further to provide this information on-line. In the United States, birth certificate information tends to include the mother’s maiden name!

  42. California on-line Birth Records Results of search on ‘Jones’ Source: http://www.vitalsearch-ca.com/gen/_nonmembers/ca/_vitals/cabirths-nopsm.htm

  43. Basic Information Necessary For a Credit Card Application Done. • Name • Social Security number • Address • Date of birth • Mother’s maiden name Done. Done. Strategy: if one can identify these fields for a person, they have the basic information needed to acquire a credit card in that person’s name. Therefore, we need only demonstrate how this information can be obtained on-line.

  44. Resulting Concern Done. • Name • Social Security number • Address • Date of birth • Mother’s maiden name Done. Done. Thousands of people are at risk! Even if this is not the current means accounting for the bulk of fraud related to new credit card accounts, this is clearly a very serious and growing threat!

  45. Identity Angel –resumes • Locate on-line resumes (using Filtered Searching) • Extract sensitive values (using regular expressions) • Email subjects about their risks L. Sweeney. AI Technologies to Defeat Identity Theft Vulnerabilities. AAAI Spring Symposium on AI Technologies for Homeland Security, 2005. (Updated version appearing in IEEE journal next month.) http://privacy.cs.cmu.edu/dataprivacy/projects/idangel/index.html

  46. Identity Angel –resume findings 1000 resume hits on Google using fliteredSearch, revealed 150 resumes, of which 140 (or 93%) had complete 9-digit SSNs. 10 resumes had partial, invalid, or some other country’s SSN. L. Sweeney. AI Technologies to Defeat Identity Theft Vulnerabilities. AAAI Spring Symposium on AI Technologies for Homeland Security, 2005. http://privacy.cs.cmu.edu/dataprivacy/projects/idangel/index.html

  47. Identity Angel –resume findings In terms of combinations: 104 (or 69%) resumes had {SSN, DOB}; 105 (or 70%) had {SSN, email}, 76 (or 51%) had {SSN, DOB, email}. L. Sweeney. AI Technologies to Defeat Identity Theft Vulnerabilities. AAAI Spring Symposium on AI Technologies for Homeland Security, 2005. http://privacy.cs.cmu.edu/dataprivacy/projects/idangel/index.html

  48. Identity Angel –resume findings A single email message was sent to each of the 105 people having {SSN, email} alerting them to the risk. Within a month, 42 (or 55% of all of DBB) no longer had the information publicly available. A year later, 102 (or 68% of all of DBA) no longer had the information available. `` L. Sweeney. AI Technologies to Defeat Identity Theft Vulnerabilities. AAAI Spring Symposium on AI Technologies for Homeland Security, 2005. http://privacy.cs.cmu.edu/dataprivacy/projects/idangel/index.html

  49. Credit Card Transactions At issuance, credentials not verifiable During use,not verifiable with remote useinadvertent copies of information Person-specific criteria weak:signature (picture or other) matching card possession

  50. Credit Card Transactions At issuance, credentials not verifiable During use,not verifiable with remote useinadvertent copies of information Person-specific criteria weak:signature (picture or other) matching card possession Traditional: credit card application is issued, but the recipient may not be the correct person. The model assumes the recipient is the only person with knowledge of {name, address, SSN, DOB}

More Related