Chertoff is pushing his "Three D’s"
Chertoff offered this suggestion during remarks he delivered on Aug. 13 at the University of Southern California, where he emphasized the importance of securing one’s identity.
"In the 21st Century, the most important asset that we have to protect as individuals, and as part of our nation, is the control of our identity, who we are, how we identify ourselves, whether other people are permitted to masquerade and pretend to be us, and thereby damage our livelihood, damage our assets, damage our reputation, damage our standing in our community," Chertoff declared.
To guard against identity theft, Chertoff said, Americans are accustomed to using two traditional approaches, either separately or in tandem: an official card or document (such as a passport or a driver’s license) or a specific piece of unique identifying information (such as an individual’s social security number). Unfortunately, he argued, both of these approaches are far from perfect.
Documents can be forged, false IDs can be acquired illegally, and "sometimes we allow people to identify themselves using documents that are even unofficial," he observed.
Specific identifying data, such as social security numbers, pose their own risks. True, a social security number, in and of itself, doesn’t reveal anything personal about its holder; it’s simply an identity authenticator. "Yet, if you think about it," Chertoff told his audience at USC’s National Center for Risk and Economic Analysis of Terrorism Events, "using a number or a word as an authenticator carries its own inherent vulnerability because as you give the number to people who are going to authenticate you, they now have the number."
Chertoff recommended that our society continue utilizing the tools of the 20th Century to "harden" these two forms of identity protection -- by making it more difficult to counterfeit an official card or document and by making it harder for thieves to gain access to unique social security numbers.
"We’ve put chips in passports. We’ve created pass cards. We’ve put bar codes in. We’ve embedded certain kinds of holograms, all of which are designed to make it more difficult for people to fabricate these cards," explained Chertoff. "And we’ve required higher standards through things like our Western Hemisphere Travel Initiative which governs what people need to show when they cross a land border or our Transportation Worker Identity Card or even the Real ID Initiative to strengthen the security of our driver’s licenses."
In addition, Chertoff said he supports the use of encryption to safeguard social security numbers and bank account PIN numbers, but recognized that encryption is only a partial solution.
"I want to remind you, every time you get on a telephone, and you give your credit card to somebody in a company as a way of validating your identity, you are trusting that the person on the end of the line is not going to misuse it," Chertoff warned.
Chertoff does not strike me as the type of person who easily trusts an anonymous voice at the end of a telephone line. That’s probably why he is advancing the notion of adding 21st Century tools to further strengthen our citizens’ personal identities.
That’s what brings Chertoff to his three D’s – description, device and digit.
Of course, the notion of three-factor authentication is not new and startling within the U.S. security community, but Chertoff probably thought the concept was worth explaining to a broader audience of Americans.
"Description means some piece of information or something known to you, and not to anybody else, that can separate you from the other person," he said. (Your mother’s maiden name or your favorite pet’s name are classic examples.)
A device could be a traditional credit card, but it could also be a cell phone that carries a token which serves as an identification tool. "Many of you actually use cell phones as identification devices now because you can get on the Internet with your BlackBerry," said Chertoff. "You’re using an identification device. So this is not some startling insight by me. It’s a recognition of where we’re headed."
A digit, namely a person’s fingerprint biometric, could serve as the third leg of the stool. "Your fingerprint is unique and the ability to use that as an identifier, as we do, for example, throughout the criminal justice system, gives us a third powerful tool that we can use in order to make sure that we can separate real people from impersonators," Chertoff added.
The DHS secretary said he can envision a time when individuals who want to get on an airplane, transact business with a bank or gain entry to a student dormitory will be asked to authenticate themselves using the three D’s -- a description, a device and a digit.
He’s probably right.
- Add your comment
- trackback url: http://www.gsnmagazine.com/cms/trackback/998-1
