Commentary by Mark Wahl, CISA
Organizing principles for identity systems:
Information Assurance in science fiction: outrunning the Bounty Bear (2007/3/26)
In an earlier post today I mentioned the fictional bounty hunter's Bounty Bear skiptrace locating device from the movie Until the End of the World. The Bounty Bear aggregates credit card and identity transactions occuring anywhere in the world.
How might someone in this fictional future avoid detection from someone searching for them with such a device? Some ideas include:
- Don't perform transactions that would be monitored.
This future world has an underground economy that isn't monitored, although many legitimate transactions are no longer possible (as merchants don't accept cash), and the identity might still be detected during police stops or random police sweeps.
- Get new, 'disposable' identities or credit numbers.
- Use a proxy, that performs transactions on their behalf.
The proxy might have an identity or credit with abilities beyond that of the subject, as in the movie Gattaca:
"No, there is truly nothing remarkable about the progress of Jerome Morrow... except that I am not Jerome Morrow." - Spread identity chaff.
The target would give their credit or identity details to some third party, and that third party would perform some operation as the target at different locations.
- An identity laundering network layer.
Suppose a group of n individuals entered into a contract, and each member of the group distributed one of their credit card numbers to all of the other individuals in the group. Whenever one of the group members needed to perform a transaction, they would randomly select one of the card numbers in their deck to use. At the end of each month, the group would settle up amongst themselves.
The last case represents a somewhat extreme extension of the concept of delegation.