New technology won't prevent information security breaches, say ISU experts

February 11, 2010

( -- The story's become all too familiar in today's digital world. A security breach provides a hacker access to a computer system containing the personal information of 80,000 people.

This time, the gained entry to personal information through the licensing database of the Iowa Racing and Gaming Commission. But it could have been another state's computer system, or a finance company's system, or your home computer.

Would new technological advancements -- such as retina, iris, or fingerprint scans, like those popularized in the 2002 film "Minority Report" -- prevent the security breach? Three Iowa State University experts agree that the answer is "no."

New technology's impact on identity theft

Qing Hu, a professor and chair of logistics, operations and management information systems at Iowa State, says those new technologies won't even make a dent on the problem.

"Identities are sold around the world quickly after they are stolen through online auction sites operated by organized crime or hackers, and they are used for a number of purposes -- most of which do not need a personal presence where a retina scan might be used," said Hu, who has been conducting research on corporate information security management and user behavior toward information security technologies since 2005.

"They [stolen identities] can be used to apply for new credit cards, making duplicate cards for online purchases of digital services and products where physical delivery is not needed -- online games, pornographic material, music download, fake account for money laundering, etc.," he said. "It is rare that a criminal would take a fake ATM card to go to a physical machine to take cash out, knowing that almost all ATMs today have cameras to record every transaction."

Steffen Schmidt, a University Professor of political science who is also a researcher in ISU's Center for Information Protection, shares Hu's information security outlook amid new technology. The co-author of two books on preventing identity theft -- "Who Is You: The Coming Epidemic of Identity Theft" (The Consortium, 2005) and "The Silent Crime: What You Need to Know About Identity Theft" (Twin Lakes Press, 2008) -- Schmidt predicts identity theft will only escalate with technological advancements.

"Vulnerability of electronic devices to hacking, malware, and 'zombiefication' will explode into a virtually uncontainable crisis for all digital, networked device manufacturers as soon as a truly major incursion takes place -- for example, into an entire smart phone system," he said. "When that happens, device manufacturers and their software partners will finally be forced to step up to the plate and initiate more secure Internet access than the hopelessly weak 'secret' passwords."

Schmidt predicts that biometrics will quickly "up armor" and eventually replace passwords for most transactions and for computer access. "If you can stick a credit card in a slot and start pumping gas in less than 10 seconds, you can scan an eye or a fingerprint in the same time in the future," he said.

The problem with biometrics

But that's not necessarily a good thing, according to Doug Jacobson, director of the ISU Information Assurance Center and a University Professor of electrical and computer engineering.

"Technologies like fast retina scanners are designed to tie a person to a digital identity," Jacobson said. "That is one of the weaknesses in the digital ID system which is called authentication -- connecting a person with a digital ID. Another weakness is how the digital ID is protected and misused. If you re-authenticate your ID every time you use it, then it is safer, but it is not as user-friendly."

Hu also sees both the retina scanner and fingerprint devices being intrusive to individual privacy, and therefore likely to be rejected by the population at large. And he also doesn't have great confidence that they'll be more effective against information security breaches.

"Given the current global network and connectivity and the degree of e-commerce activities, it is almost impossible to identify one or two technologies that can make a significant dent in the identity theft problem," Hu said.

"On the other hand, the global connectivity may also offer the best opportunity to combat identity theft," he continued. "For instance, a global data exchange of some sort can quickly identify that the online transactions requested in one country actually use an identity of a resident in another country who has just used his or her card in a local store."

At this point, Hu reports that banks and credit card issuers are not sharing such information, creating opportunities for thieves and criminals around the world.

Explore further: Spyware poses identity-theft risk (Update)

Related Stories

Spyware poses identity-theft risk (Update)

September 15, 2005

A new study finds that a growing amount of Internet spyware -- programs downloaded to users' computers without their knowledge -- is designed specifically to steal personal information that could be used for identity theft. ...

Is danger of identity theft overblown?

May 23, 2006

The announcement yesterday about the loss of personal electronic data on up to 26.5 million veterans is the latest in a string of similar reports about information security breaches at major institutions in the last two years. ...

New alliance to study and combat ID theft

July 1, 2006

A dramatic increase in the number of investigations into identity theft and fraud over the past few years has sparked a partnership between law enforcement, government, the corporate world and academia.

IBM software safeguards consumer identity on the Web

January 26, 2007

IBM today announced software that allows people to hide or anonymize their personal information on the Web, ensuring protection from identity theft and other misuse. Developed by researchers at IBM's laboratory in Zurich, ...

Identifying ID theft and fraud

October 14, 2009

If the wife of FBI boss Robert Mueller has warned him not to use internet banking because of the threat of online fraud, then what hope is there for the average Jo? The results of research published in a forthcoming issue ...

Recommended for you

Inferring urban travel patterns from cellphone data

August 29, 2016

In making decisions about infrastructure development and resource allocation, city planners rely on models of how people move through their cities, on foot, in cars, and on public transportation. Those models are largely ...

How machine learning can help with voice disorders

August 29, 2016

There's no human instinct more basic than speech, and yet, for many people, talking can be taxing. 1 in 14 working-age Americans suffer from voice disorders that are often associated with abnormal vocal behaviors - some of ...

Apple issues update after cyber weapon captured

August 26, 2016

Apple iPhone owners on Friday were urged to install a quickly released security update after a sophisticated attack on an Emirati dissident exposed vulnerabilities targeted by cyber arms dealers.


Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.