Think about the last time you bought a DVD, booked a flight, rented a car, or signed up for a service or newsletter on the Internet. At some point, you had to fill out a form that asked for a lot of personal information. While it’s a hassle unto itself, filling out forms can lead to a bigger problem: each time you give out your information, you provide an opportunity for your information to be picked off by identity thieves.
As more services migrate online, and as tactics of identity thieves become more sophisticated, people will need better ways to manage their information, says Nataraj Nagaratnam, chief architect of identity management for IBM Tivoli.
Nagaratnam and other IBM researchers have developed open-source software that they think can help. Called Identity Mixer (Idemix), the digital identity management software lets people make online transactions–from filling out forms to purchasing plane tickets–without disclosing personal information. The software lets a person use artificial identity information, in the form of digital “tokens,” to make online transactions. Using these encrypted tokens, which are issued by trusted sources such as the Department of Motor Vehicles (DMV) or a bank, a person can effectively be anonymous to Web services such as Amazon.com or Expedia, never giving out his or her information.
In a typical online purchase, Idemix could obviate the need for a person to fill out a form or reveal her credit-card number. Instead, she could use a token that vouches for her, verifying that she is who she says she is and that she has the appropriate funds and credit to make a purchase.
In addition, these tokens would provide only the information that is needed. For instance, if you’re renting a car online and need to verify that you’re older than 25, a token from the DMV could verify that you can legitimately rent without divulging your birth date, license number, or address. Otherwise, you reveal more than you need to about yourself, says John Clippinger, senior fellow at the Berkman Center for Internet and Society at Harvard Law School. “It’s like using a passport when you buy a Coke.”
To explain digital identity management, Clippinger draws from a real-world example: we have wallets that hold identifying cards such as a license or credit cards, he says, but we don’t have an analogy in cyberspace. “It’s hard to make people appreciate things like privacy and [online] identification,” he says, “but I think these things are going to become much more critical.”