The article on Wired talks about a startup that wants to technologically divorced the concepts of "identity" and "authority" and in so doing, minimize the chance that people will misuse personal information.
Think about this: when you buy something in a lot of places with a credit card, you also have to show some form of picture identification. While most people don't think about this (and they should), realistically there's no actual reason for you to show either, except that there's a gap in technology that makes this rather risky and public method the most convenient, and therefore the most likely to be used by humans.
What's on your credit card? A name, the name of your bank or whatever, the card number, the expiration date, the CVV code on the back, a magnetic stripe, and a hologram probably.
What's on your driver's license? A name, your complete address, possibly (in some states) your Social Security number, your picture, your vital statistics, a driver's license number, an expiration date, maybe a checkbox if you wear glasses, have pledged to donate organs after death, and if you're the irresponsible sort, maybe a thing saying you have an alcohol-related violation on your record. It probably also has a magnetic stripe on the back or some sort of barcode that contains most or all of this same information.
But all you wanted to do was buy some tennis balls or a spindle of blank CDs or something?
What the fuck does any of this information have to do with that, and why should you have to expose all that information to some clerk?
Step back a minute and think of two concepts.
First is "identity." You are who you say you are.
Second is "authority." You're allowed to do what you are trying to do.
Sound familiar from the really early Notes/Domino training? Separation of "identity" from "authority?"
Well, in the human world, these concepts have gotten really messed up, to where to do simple things, you are forced (mostly by "convenience") to divulge a lot of personal, sensitive data to complete a transaction to which this data is actually irrelevant. To the clerk at BestBuy, he doesn't care what your name is or what your eye color is. He's just looking to see that "you," or who you claim to be, matches the "name" on the credit card. The credit card is largely worthless to say "who" you are, but is the key to a system that is, after all, rather important to the store: is this person good for $16.72?
But yet the clerk now has your name, your address, your picture, your credit card number, your expiration date, your CVV, and if the store was shady, they could easily be storing away a copy of everything on the mag stripe on your credit card and your license.
Instant potential for identity theft.
Worse, potential that exists even though it adds no value to the transaction.
So, back to this startup and my 1994-1995 musings.
What I told that executive (we'll call him "Bob," because that's his name) was that in the future, we'd all be carrying a sort of intelligent agent on our person. Not like an RFID patch, which is willing to tattle on you to anybody with a cheap scanner, but more like a trusted manservant (or womanservant, if you prefer). A little device that will vouch for you. In every way.
But it would not be omniscient.
Picture some transactions:
1. Turtle02/09/2008 12:56:36 AM
I tried stuffing cash into the DVD slot of my MacBook Pro when I was buying the new GPS. The results were not particularly good.
2. Tim Leach02/08/2008 05:05:32 PM
I can certainly see the potential in such a device. Until it exists, however, you might want to consider using good, old-fashioned, relatively untraceable and anonymous cash!