Category: TRACE

Identity Management is DEAD!

by

3 July 2014

22:26

Leave a comment on Identity Management is DEAD!

TRACE

, ,

2518864-8236474736-tombsIt’s all about CONTROL….

You CONTROL your identity
Organisations CONTROL their identity
Countries CONTROL their identity

This is the future of ‘identity management’ or ‘IDM’ or ‘IAM’. Scalability comes from bottom-up, not top-down. You CONTROL what is yours, your identity. Nothing else will work in this highly connected, growing and verbose world that we are all a part of today. That is if we, the identity owners are at all interested in owning and controlling what is fundamentally ours, our identity and our digital footprint.

Identity Hijacking in SWEDEN increased by 50% says UC!

by

25 June 2014

19:45

Leave a comment on Identity Hijacking in SWEDEN increased by 50% says UC!

TRACE

, , , , ,

Now UC is talking about identity hijacking in Sweden. And they talk about the problem with exposure of the personal id that constitutes the first 6 digits of your personal id number!

Listen to Swedish media here.

I’ve been making a lot of noise about this lately. Check here for more, and filter on TRACE in Categories to see it all.

An idiots guide on how Swedish ID is created

by

6 June 2014

17:44

Leave a comment on An idiots guide on how Swedish ID is created

Identity, Information Privacy, Sweden, TRACE

, ,

For those of you that want a quick summary of how the Swedish ID number is created… here we go..

1. The personal identity number consists of 10 digits and a hyphen.
2. The first six correspond to the person’s birthday, in YYMMDD form.
3. They are followed by a hyphen.
4. The seventh through ninth are a serial number.
5. An odd ninth number is assigned to males
6. and an even ninth number is assigned to females.
7. The tenth digit is a checksum which was introduced in 1967 when the system was computerised.

Up to 1990, the seventh and eighth digits were correlated with the county where the bearer of the number was born or (if born before 1947) where he/she had been living, according to tax records, on January 1, 1947, with a special code (usually 9 as 7th digit) for immigrants.

Everyone however keeps their number and it is not hard to find out someone’s number if you know the birth date, the birth county and the checksum algorithm. Even easier is to call the tax authority and ask, since the personal identity number is public information.

How is your Swedish ID created?

by

2 June 2014

21:09

Leave a comment on How is your Swedish ID created?

Sweden, TRACE

, , ,

Do you want to understand how your Swedish identity number is created… or maybe not, it is explained here. If you know how it is calculated after the first 6 digits which is your date of birth, then it must be pretty easy for others to work this out?

Although I did get from a source that one can just ring up the Swedish Tax Agency and ask for any Swedish residents personal ID. I haven’t tested this yet.. but I am sorely tempted to try 😉

In Sweden 6 of 10 digits of personal ID is public by law

by

18 May 2014

08:27

1 Comment on In Sweden 6 of 10 digits of personal ID is public by law

Identity, Information Privacy, Legislation, Sweden, TRACE

, , , , , , , , , , , , ,

This makes you vulnerable to identity theft. Swedish residents have no legal right to protect their personal identifying information (PII) which includes the first 6 digits of the 10 digits (AAMMDD-xxxx) of Swedish IDs. Except is if you have a protected identity. Following is the response I received from one of the credit reporting agencies that I contacted.

“We are a credit reporting agency with permission from the Data Inspectorate (Datainspektionen). The data in our database are and should be a reflection of public databases retrieved from authorities such as tax authorities (Skattemyndigheten), payment remarks and debt collecting agencies (Kronofogdemyndigheten), and the bureau of statistics (SCB). Public data means that anyone can contact the respective government authority and get the same information there. We are by the Credit Information Act (Kreditupplysningslagen) required to make changes in our database to correct faults, but you have no right to be omitted from the register. All residents in Sweden who are over the age of 16 are included.

Protected Identity is the only way to hide the address and other personal information with the authorities, and thus also with us, and it may be issued through the tax or police authorities. Once an identity has been protected the data is hidden automatically in our system.”

This was in response to the following request I made.

I would like to kindly request that you do NOT share my personal information with third parties that make money from my personal identifying information, an example is ‘birthday.se”. Due to the sharing of my PII the first 6 digits of my Swedish ID is public, consequences are that it makes me vulnerable to identity fraud.

Can you please confirm that this is done. If not would be be kind enough to give me enough information to understand why not?

Sweden is a smorgasbord for identity fraud!

by

10 May 2014

15:05

Leave a comment on Sweden is a smorgasbord for identity fraud!

TRACE, Tracey

, , ,

If you are Swedish, are you not concerned who maybe using your identity to purchase something online and then pick up your purchase with a false id-card? You should be, di.se is reporting on this, read more here.

Why do I claim that Sweden is easy picking for identity thieves? Look at yesterdays post. If you are a Swedish resident, the first 6 digits of the 10 digits that comprise your personal id number is public domain in Sweden. Doesn’t that make you just a weeny-teeny little bit uncomfortable?

Is Facebook fundamentally EVIL?

by

9 May 2014

11:48

Leave a comment on Is Facebook fundamentally EVIL?

TRACE

, , , ,

This is as claimed by Johan Staël von Holstein. Do you believe that everything you are digitally, and do online should belong to you? This includes your “digital identity” and all data/information you create online associated with your identity?

I placed “digital identity” in quotes because today it is not your digital identity, it is in fact not a digital identity at all. It is purely some fields in a database somewhere, in many databases. In fact you have no idea where you exist digitally. You may know that you exist in social networking tools such as Facebook, but not where your information has propagated to. Social networking tools have enabled you to add contextual information to your identity name, or your ‘digital identity’, i.e. your digital footprint, but you do not own this. These rich corporations makes loads of money from your digital footprint, but it should be you who is making money from this. It is, after all, your intellectual property!

YOUR IDENTITY – YOUR DIGITAL FOOTPRINT IS YOUR INTELLECTUAL PROPERTY!

Everything you create online should belong to you. All user-generated content should be the intellectual property of the individual, user, who created this content. You should have control over your digital identity, and your digital footprint. Organisation should have control over their corporate identity, but not yours! I call this not identity management (IAM/IDM), the term used in organisations, but IDENTITY CONTROL. This is the future!

Listen to a recent podcast released 07 May 2014, where Johan talks about these things, like when and why will Google and Facebook die? The future of identity control. Listen to it all, the real cool stuff comes in the second half of the podcast, so hang in there!

‘stupid loop’

by

6 May 2014

00:00

Leave a comment on ‘stupid loop’

TRACE

,

Do you have any of these in your organisation? Maybe you have become attached to the old practices, and anyhow who wants change really?

So what would I define as a ‘stupid loop’? It’s pretty straightforward, it is when something strange happens to the integrity of the information, after INPUT and before OUTPUT. Effectively integrity is compromised during PROCESSING. An example could look as follows:

    1. Information submitted by paper (INPUT), by snail-mail, take your tax returns, or your company financial statements, for example;
    2. These statements are converted (PROCESSING) into some picture format for digital storage, i.e. .gif, tif;
    3. Then the picture files are converted back to text/numbers (PROCESSING), as they are unusable as pictures, no indexing (impossible to search);
    4. OUTPUT is distributed to end consumers, e.g. banks.
    5. End consumers use OUTPUT to make lending and other financial decisions.

Okay, this brings us to the integrity part. How much of the information INPUT has become misinterpreted during PROCESSING? The answer is that based on work done using software that translates graphics to text and numbers, that the risk to information integrity is at least 15%. So this means that of the information INPUT, information OUTPUT will not mirror INPUT exactly by 15%.

XBRL for Transparency
This brings us to XBRL (eXtensible Business Reporting Language). XBRL is a global industry standard and is the standard of financial reporting in Basel III (CRD IV). You could liken it to a universal language that everyone understands, hence there is nothing lost in translation after capture. XBRL gives some protection from accidental risks to information integrity. This gives true transparency and improved traceability, because it is easy during any audit process to see the original information at capture and how it has been processed or/and changed from capture through to when it is consumed; by a human or a system because it is all using the same language. If you’ve ever dabbled with XML, you will recognise XBRL like an old friend 😉

Securing XBRL for Traceabiltiy
This is where we get to the security part. XBRL is not secure, and in order to weave legality into submitted digital financial reports, their submission must to be intimately coupled to the individual and ultimately role of the initiated digital interaction. One could liken digitalised financial reports i.e. XBRL instances, to an information vehicle, programmed to get from A to B quickly and without hindrance. In securing digital reports, you have handed over a sealed package to the vehicle. The seal is unique and is watermarked by your signature that encapsulates not only your identity but also your appointed role. This package can only be opened by the intended recipient, and in his/her appointed role.

More CONTROL Less SPEND
No need to ‘teach your grandma to suck eggs’ as I am sure that you’ve worked out yourself by now that secured financial INPUT in XBRL-format should facilitate cost reductions because there is no longer any need to send paper reports by snail-mail, to convert to some strange format, only to be converted back again…. a ‘stupid loop’ indeed 😉

Additional reading:
(en) Securing XBRL – the next challenge (2014)
(en) Improved Business Process Through XBRL: A Use Case for Business Reporting (2006)

What a mess!

by

4 May 2014

16:52

Leave a comment on What a mess!

TRACE

,

All these identity products, or what they prefer to be called ‘solutions’ in every organisation, connecting up… if lucky- disparate applications with their own authentication, authorisation systems, and maybe Single Sign-on.. the security nightmare, but necessary in order for any sane individual to survive in this identity crisis era.

But this is IDENTITY security built around applications, instead of people, how WEIRD!