authentication and authorization (was: Question on the state of the security industry)

Nicholas Bohm nbohm at ernest.net
Mon Jul 5 06:04:15 EDT 2004 

At 12:26 PM 7/1/2004, John Denker wrote:

>The object of phishing is to perpetrate so-called "identity
>theft", so I must begin by objecting to that concept on two
>different grounds.

Subsequent posters have doubted the wisdom of quibbling with the term "identity theft".  I think the terminology deserves some attention of its own.

There is a long-established term, "impersonation", which is wholly adequate to describe what is now called "identity theft".  Is this just a change of fashion?  I suggest that there is more to the change.

"Impersonation" as a term focuses attention on the fact that the criminal is deceiving someone in order to gain advantage by claiming to have some valuable characteristics or authorisations in fact belonging not to the criminal but to some other person.  The person deceived is the primary victim in contemplation when this terminology is used.

"Identity theft", by contrast, suggests that the victim is the person impersonated, because his or her "identity" has been "stolen".

This way of looking at things implies that the losses which arise out of the impersonation fall on the person impersonated, rather than on the person deceived by the impersonation.

"Identity theft" as a label is attractive to, for example, banks who may wish to suggest that losses must be carried by their customers because they failed to take proper care of their "identity".

I think the use of the term "identity theft" should alert us to the risk that victims of crime are trying to pass the blame and the loss to someone else.

Regards

Nicholas

Salkyns, Great Canfield,
Takeley, Bishop’s Stortford CM22 6SX, UK

Phone   01279 871272    (+44 1279 871272)
Fax     020 7788 2198   (+44 20 7788 2198)
Mobile  07715 419728    (+44 7715 419728)

PGP RSA 1024 bit public key ID: 0x08340015.  Fingerprint:
9E 15 FB 2A 54 96 24 37  98 A2 E0 D1 34 13 48 07
PGP DSS/DH 1024/3072 public key ID: 0x899DD7FF.  Fingerprint:
5248 1320 B42E 84FC 1E8B  A9E6 0912 AE66 899D D7FF  

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list