Category Archives: security

RSA Conference Recap

I’m back from the RSA conference and how exhausting. Understandable considering there were 17,000 people at the show—all focused on the security industry.

In case you didn’t see it, we made an announcement during RSA about our partnership with Upek, a biometrics company based in the Bay area. What I find exciting about this partnership is that it shows just how complimentary our solutions are with other authentication technologies. In a whitepaper we published over a year ago we showed a diagram of where identity verification fits in the puzzle and how it is central to other verification tools.

Verification Tools

Biometrics in an online environment falls into this sphere and requires a proofing solution because what good does it do to enroll someone’s fingerprints if the fingerprints aren’t those of the person he/she is claiming to be? This is why we decided to show the power of our two technologies working together through a joint demonstration.

Another observation from RSA is that there continues to be a lot of interest and discussion about age verification and social networks. If you recall, last year there was a panel session called Pandora’s Box discussing child safety and the Internet. Admittedly this year I didn’t attend the sessions as much since we were an exhibitor, but based on the questions and discussions on the show floor, it is clear people are concerned and also aware of the Internet Safety Technical Task Force.

Advertisements

Leave a comment

Filed under Age Verification, authentication, child safety, identity, identity proofing, Identity verification, Internet Security, security, social networking

A Good Perspective on Social Networking Identity Verification Issues

Zach Martin, editor of CR80 News recently published an article about the identity and age verification issues we are facing in social networks. You definitely should check it out but in case you don’t have time here are some important highlights:

When trying to get into a bar or club there is typically someone at the door checking IDs. But on social networking sites there is no bouncer, which means there’s no way to tell whether you’re corresponding with a 15-year-old girl or a 32-year-old man.

It’s the same no matter where you go. MySpace, Facebook, and professional networking site LinkedIn, do little to make sure people are who they claim to be. “There is a general feeling that social networking is the wild west of identity management and a lot of bad things happen because proper controls haven’t been put in place,” says Roger K. Sullivan, president of the Liberty Alliance Project management board.

The stories range from the tame to the tragic.

A student not happy with an administrator at school creates a profile on a social networking site. Even though the student is a woman she creates a profile that is a man and then flirts with the administrator in order to cause her embarrassment later.

At a Catholic school in the Chicago suburbs, an administrator monitors the popular social sites on a regular basis just to make sure nothing out of the ordinary is happening. She has run into instances where students create accounts in other peoples’ names – people who actually exist – and then make false statements. For example, one student set up an account as a real person from another school and made statements about the student’s sexual proclivities while giving out her real phone number.

In 2006, a fake profile led to the suicide of a 13-year-old Missouri girl. A classmate’s mother originally created the profile to find out if Megan Meier was saying anything bad about her daughter. But then it was used to gain Meier’s confidence and then to tear her down. Angry messages went back and forth, and it ended with Meier hanging herself.

There’s also the need to prevent pedophiles from contacting children online. MySpace has agreed with different states’ attorney generals to adopt better technologies that will help identify underage users so they can be protected from predators, but the social networking site hasn’t figured out how it’s going to do it.

The vast majority of sites don’t do anything to try to confirm the identities of members. The sites also don’t want to absorb the cost of trying to prove the identity of their members. Also, identifying minors is almost impossible because there isn’t enough information out there to authenticate their identity.

But this may all change. As sites become more scrutinized they will have to take steps to make sure people are who they say. “There will be a trend to use a third party that leverages database information that will be able to vouch for you and provide a more certain level of identification,” says Eric Skinner, chief technology officer at Entrust, an Addison, Texas-based digital identification vendor.

There are a handful of vendors that are offering online identity vetting. Most are working with financial institutions, but they see business opportunities with the social networking sites.

The article goes on to describe some social networks and their use of identity verification including one of our clients FunkySexyCool and their use of our system. It also discusses the privacy concerns related to age verification of minors and provides a possible solution the Liberty Alliance is discussing essentially related to ID 2.0

Liberty Alliance’s Sullivan, who is also vice president of Oracle Identity Management, says it’s only a matter of time before social networking sites offer tiers of identification assurance, which could be used to confirm a minor’s identity. For example, if a 14 year old wanted to sign up on MySpace without a parents’ permission they would be placed on the lowest ID tier. “They would be put into a question mark bucket,” Sullivan says.

But if one parent went online and confirmed his child’s identity they would be raised up a tier. If both parents did it they would go up two tiers. The parents would be authenticated through public records and online databases.

Eventually there would be a fourth tier as well. A minor would physically go to a trusted source with documents that prove their age and identity. These identity assurance sources don’t exist, but it’s something the Liberty Alliance is working toward, Sullivan says.

The next task force meeting will be later this month and I’m looking forward to seeing how the conversation progresses. I firmly believe we can find several ways to combat the issues at hand including both an educational approach and technological approach.

On another note, I’m off to the RSA Conference next week. IDology has a booth this year so if you are in San Fran, stop by and see us.


2 Comments

Filed under Age Verification, Identity 2.0, Identity verification, Internet Safety, MySpace, protecting kids online, security, social networking

Marketing Mayday!

Have you heard about the latest scam from the bad guys? It appears they too have learned how much impact marketing has on a “business” and purchased some keywords for Google and Yahoo ads. This article by Byron Acohido and Jon Swartz of USA Today explains it well and will bring you up to speed.

I doubt this scheme will impact the $19.5 billion (and growing) online advertising business too much but it certainly does show you how hackers and fraudsters are always evolving.

Leave a comment

Filed under fraud, identity, identity theft, Internet Safety, Internet Security, marketing, security

RSA Recap

So sunny San Fran turned out to be not so sunny this week. But the outlook for identity is definitely very bright!

There were definitely some significant events at the show. First, Symantec’s announcement at DEMO the week before to provide an Identity Service and their demonstration (with our technology supporting it I might add) at RSA definitely made the Symantec booth a place to visit. Symantec’s approach to being an identity provider is fairly comprehensive in terms of helping consumers and businesses tackle the identity problem. And they certainly have the distribution to get consumers behind it approaching the much debated chicken and egg scenario from the analyst community.

The biggest buzz of course was from Microsoft’s announcement to support OpenID. There is much being written about this announcement and the significance it has for Identity 2.0. This definitely indicates that the collaboration of technologies is being embraced by all to create a more open management system for public identities. If you want to read more about this announcement check out this article from the Seattle Post Intelligencer which explains the significance in great non-technical terms for any non-techie readers. You should also check out Kim Cameron’s blog for a more behind the scenes view from Microsoft and technical discussions.

Perhaps one of the most significant things to me was the General Session Panel Discussion on “Pandora’s Box: Youth on the Internet”. Clearly with this high profile focus, the security industry is starting to see the importance age plays in our online world and how we need to provide better ways to protect our children. I think anyone with kids gets this quickly but impressing on the huge dangers the Internet presents to children to those without kids is still very much needed based on a few personal discussions I had at the event.

No matter how good a parent is, the danger is still present. In fact, before the panel discussion began, we learned that 70% of kids ages 10-17 have received sexual solicitation over the Internet and only 27% have told a parent or guardian about it. There were other scary things discussed which you can read about here in the recap article from CNET. But one thing I was a bit disappointed about is the lack of discussion on age verification in social networks. However, I was very encouraged by a comment from Facebook’s Chris Kelly who referred to the fact that we need to develop technology solutions that help provide the same protection standards online as in our bricks and mortar world. I couldn’t have said it better myself.

So, my bottom line on the show? Eventful and worthwhile.

2 Comments

Filed under Age Verification, Digital identity, identity, Identity 2.0, Identity verification, kim cameron, security, social networking, symantec