Security through obscurity

Old and new passports

Recently I’ve become a victim of identity fraud.

I travel a lot. Many places I’ve stayed in, especially Russia (been there 10+ times!) take your passport away from you when you are staying in a hotel. They need to register it with the police and take photo-copies.

Guest houses all over the world have my name, birth date and passport number.

This information according to an agent at the passport office is enough for you to become a victim of identity fraud. The funny thing is that there doesn’t seem to be a secure hash to the passport number. Perhaps it doesn’t matter as the passport number can’t easily be checked. The passport office themselves weren’t able to to verify my passport number. Only an office at the Home Office can access that “password number” data.

So I called the passport agency up and they said I should cancel my passport and get a new one. Why I asked? So you can generate another meaningless passport number? For nearly 80GBP? I am not changing my name or birthday.

The passport agency didn’t really know what to do. They recommended I contacted the embassy of the country where the fraud (using a copy of my passport) was happening. This fraud crosses many a border…

The security is so weak, that it’s only defence is obscurity (which is really bad). Official guidelines seem to encourage people not to share any ‘sensitive’ details.

So I am opening a can of worms here. There are some really difficult identity problems right now in our digital world. I don’t think the UK Government’s costly ID scheme is going to help (or stop terrorism). I don’t really want the government to control my identity and movements.

Many of these identity theft solutions, seem to be about insurance (which I despise) and taking some sort of retrospective action, not protection. Paying companies for “credit reports” to see if someone is using your name to get credit and using it. Please. Or “identify theft protection” insurance policies to perhaps pay the cost of getting a new passport in my case. It just strikes me as all being very poor.

I’ve long known about hideous security problems in our digital world. People have been able for years and practically still able to make very quick copies of VISAs to run riot on your bank account. People still seem to buy into these services, as they are so convenient.

Since I am now a victim of identity fraud, I’m a little fed up. I think I want to be able to pro-actively protect my identity without hiding myself in obscurity. I want relay my concerns to the right parties… who are they?

One good thing about having a prominent homepage is that potential fraud victims have been able to search for “Kai Hendry”. Contact me (call or email). Ask me if I am really selling that car for which an immediate deposit is required from Germany.

Then I can say “no” that’s not me.

Advertisement

If you like this, you might like the stateless Web kiosk software I develop. Webconverger typically replaces Windows on PCs and is deployed in public and business environments for ease of deployment and privacy. Once installed it auto-updates making it painless to maintain. Try it where you exclusively use the only viable open platform... the Web!