New technology won't prevent information security breaches, say ISU experts

Feb 11, 2010

( -- The story's become all too familiar in today's digital world. A security breach provides a hacker access to a computer system containing the personal information of 80,000 people.

This time, the gained entry to personal information through the licensing database of the Iowa Racing and Gaming Commission. But it could have been another state's computer system, or a finance company's system, or your home computer.

Would new technological advancements -- such as retina, iris, or fingerprint scans, like those popularized in the 2002 film "Minority Report" -- prevent the security breach? Three Iowa State University experts agree that the answer is "no."

New technology's impact on identity theft

Qing Hu, a professor and chair of logistics, operations and management information systems at Iowa State, says those new technologies won't even make a dent on the problem.

"Identities are sold around the world quickly after they are stolen through online auction sites operated by organized crime or hackers, and they are used for a number of purposes -- most of which do not need a personal presence where a retina scan might be used," said Hu, who has been conducting research on corporate information security management and user behavior toward information security technologies since 2005.

"They [stolen identities] can be used to apply for new credit cards, making duplicate cards for online purchases of digital services and products where physical delivery is not needed -- online games, pornographic material, music download, fake account for money laundering, etc.," he said. "It is rare that a criminal would take a fake ATM card to go to a physical machine to take cash out, knowing that almost all ATMs today have cameras to record every transaction."

Steffen Schmidt, a University Professor of political science who is also a researcher in ISU's Center for Information Protection, shares Hu's information security outlook amid new technology. The co-author of two books on preventing identity theft -- "Who Is You: The Coming Epidemic of Identity Theft" (The Consortium, 2005) and "The Silent Crime: What You Need to Know About Identity Theft" (Twin Lakes Press, 2008) -- Schmidt predicts identity theft will only escalate with technological advancements.

"Vulnerability of electronic devices to hacking, malware, and 'zombiefication' will explode into a virtually uncontainable crisis for all digital, networked device manufacturers as soon as a truly major incursion takes place -- for example, into an entire smart phone system," he said. "When that happens, device manufacturers and their software partners will finally be forced to step up to the plate and initiate more secure Internet access than the hopelessly weak 'secret' passwords."

Schmidt predicts that biometrics will quickly "up armor" and eventually replace passwords for most transactions and for computer access. "If you can stick a credit card in a slot and start pumping gas in less than 10 seconds, you can scan an eye or a fingerprint in the same time in the future," he said.

The problem with biometrics

But that's not necessarily a good thing, according to Doug Jacobson, director of the ISU Information Assurance Center and a University Professor of electrical and computer engineering.

"Technologies like fast retina scanners are designed to tie a person to a digital identity," Jacobson said. "That is one of the weaknesses in the digital ID system which is called authentication -- connecting a person with a digital ID. Another weakness is how the digital ID is protected and misused. If you re-authenticate your ID every time you use it, then it is safer, but it is not as user-friendly."

Hu also sees both the retina scanner and fingerprint devices being intrusive to individual privacy, and therefore likely to be rejected by the population at large. And he also doesn't have great confidence that they'll be more effective against information security breaches.

"Given the current global network and connectivity and the degree of e-commerce activities, it is almost impossible to identify one or two technologies that can make a significant dent in the identity theft problem," Hu said.

"On the other hand, the global connectivity may also offer the best opportunity to combat identity theft," he continued. "For instance, a global data exchange of some sort can quickly identify that the online transactions requested in one country actually use an identity of a resident in another country who has just used his or her card in a local store."

At this point, Hu reports that banks and credit card issuers are not sharing such information, creating opportunities for thieves and criminals around the world.

Explore further: Japan orders air bag maker to conduct probe

add to favorites email to friend print save as pdf

Related Stories

Is danger of identity theft overblown?

May 23, 2006

The announcement yesterday about the loss of personal electronic data on up to 26.5 million veterans is the latest in a string of similar reports about information security breaches at major institutions in the last two year ...

New alliance to study and combat ID theft

Jul 01, 2006

A dramatic increase in the number of investigations into identity theft and fraud over the past few years has sparked a partnership between law enforcement, government, the corporate world and academia.

IBM software safeguards consumer identity on the Web

Jan 26, 2007

IBM today announced software that allows people to hide or anonymize their personal information on the Web, ensuring protection from identity theft and other misuse. Developed by researchers at IBM's laboratory in Zurich, ...

Identifying ID theft and fraud

Oct 14, 2009

If the wife of FBI boss Robert Mueller has warned him not to use internet banking because of the threat of online fraud, then what hope is there for the average Jo? The results of research published in a forthcoming issue ...

Spyware poses identity-theft risk (Update)

Sep 15, 2005

A new study finds that a growing amount of Internet spyware -- programs downloaded to users' computers without their knowledge -- is designed specifically to steal personal information that could be used for identity theft. ...

Recommended for you

Japan orders air bag maker to conduct probe

Nov 21, 2014

Japan's transport ministry said Friday it has ordered air bag maker Takata to conduct an internal investigation after cases of its air bags exploding triggered safety concerns in the United States and other countries.

Senators get no clear answers on air bag safety

Nov 20, 2014

There were apologies and long-winded explanations, but after nearly four hours of testimony about exploding air bags, senators never got a clear answer to the question most people have: whether or not their ...

Winter-like temps can reduce tire pressure

Nov 19, 2014

The polar plunge that has chilled much of the nation does more than bring out ice scrapers and antifreeze. It can trigger vehicles' tire pressure monitoring systems overnight, sending nervous drivers to dealers ...

US: Gov't aircraft regulations apply to drones (Update)

Nov 18, 2014

The U.S. government has the power to hold drone operators accountable when they operate the remote-control aircraft recklessly, a federal safety board ruled Tuesday in a setback to small drone operators chafing ...

Mapping the crisis of displaced peoples

Nov 17, 2014

Population displacement is a global problem, one that historically has been insufficiently quantified and analyzed, especially given its wide-ranging effects. Displacement can result from a number of factors, ...

User comments : 0

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.