Andre Durand

Discovering life, one mistake at a time.

Archive for March, 2003

Open Source becoming Preferred Platform by State CIOs

March 20, 2003 By: Andre Category: Ping Identity

Phillip Windley found this timely story on open source from CIO magazine says that 54% of the 375 CIO’s they surveyed said that open source software would be their dominant server platform.


March 19, 2003 By: Andre Category: Life

We’re buried under 4 to 5 feet of snow. Yesderday we woke up to the crash of the neighbors appletree taking out our entire fence and covering half the backyard. Two hours later, with the power out and the heat waning, my home alarm system mysteriously went off — I had to pull the power on the battery to shut it up, but that only happened after I ripped the keypad off the wall in frustration. Needless to say, the neighbors, all of whom were in the street, were impressed.

We decided it was time to get out of our ice-box and head south to Steve Adam’s house. We call it ‘Resort Adams’ (hot-tub, movie room and lots of gourmet coffee and cooking). After 15 minutes of digging our Denali out of the snow we were finally on the road. It’s now 12 hours later, and the snow has piled up another 15-20 inches. It’s like Alice in Wonderland outside, everything on the deck out back looks like an overstuffed white cotton mushroom.

Definition of Pseudonymous Linking

March 18, 2003 By: Andre Category: Ping Identity

Another great definition of pseudonymous linking by Roger Clark

A pseudonymous record or transaction is one that cannot, in the normal course of events, be associated with a particular individual.

Hence a transaction is pseudonymous in relation to a particular party if the transaction data contains no direct identifier for that party, and can only be related to them in the event that a very specific piece of additional data is associated with it. The data may, however, be indirectly associated with the person, if particular procedures are followed, e.g. the issuing of a search warrant authorising access to an otherwise closed index.

To be effective, pseudonymous mechanisms must involve legal, organisational and technical protections, such that the link can only be made (e.g. the index can only be accessed) under appropriate circumstances.

Two closely related techniques are:

  • the authentication of people’s eligibility rather than their identity; and
  • the authentication of people’s identity but without recording it.

Dimensions of Privacy

March 18, 2003 By: Andre Category: Ping Identity

Roger Clark has written this fantastic paper on Privacy. I especially enjoyed his breakdown of the dimensions of privacy:

Drilling down to a deeper level, privacy turns out not to be a single interest, but rather has several dimensions:

  • privacy of the person, sometimes referred to as ‘bodily privacy’ This is concerned with the integrity of the individual’s body. Issues include compulsory immunisation, blood transfusion without consent, compulsory provision of samples of body fluids and body tissue, and compulsory sterilisation;
  • privacy of personal behaviour. This relates to all aspects of behaviour, but especially to sensitive matters, such as sexual preferences and habits, political activities and religious practices, both in private and in public places. It includes what is sometimes referred to as ‘media privacy’;
  • privacy of personal communications. Individuals claim an interest in being able to communicate among themselves, using various media, without routine monitoring of their communications by other persons or organisations. This includes what is sometimes referred to as ‘interception privacy’; and
  • privacy of personal data. Individuals claim that data about themselves should not be automatically available to other individuals and organisations, and that, even where data is possessed by another party, the individual must be able to exercise a substantial degree of control over that data and its use. This is sometimes referred to as ‘data privacy’ and ‘information privacy’.

Whitepaper: Addressing Identity Fraud

March 17, 2003 By: Andre Category: Ping Identity

Identity theft and fraud is the fastest growing crime in America. Not only did identity fraud enable the terrorist attacks of 9/11, but identity-related crimes are projected to rob the global economy of over 24 billion by 2004. As individuals increasingly engage one another and businesses electronically, the accelerated proliferation of digital identities is staggering.  The question of how to fundamentally address the growing concerns surrounding identity-related crimes does not seem easily answered.

This whitepaper explores the nature of identity-related crimes: how they originate, how electronic networks are accelerating the problem and how existing security approaches provide at best only a partial solution. The findings of the white paper suggest that identity federation, or the connecting of existing identity systems, presents both new concerns and new opportunities. Identity Federation presents, on the one hand, the opening of a new door to accelerated cross-boundary identity-related fraud and on the other hand, the possibility for powerful new tools and approaches in dealing with and mitigating the effects of identity theft. Indeed, the very nature of identity theft seems such that identity federation may begin to lay the foundation for combating these threats.

If I were President of AT&T Wireless

March 15, 2003 By: Andre Category: Ping Identity

What do I know about wireless operators? Not much. But I tell you what, if I were President of AT&T Wireless, here’s what I’d do.

1. I’d go to some private label financial institution and get my very own AT&T Wireless Visa, MC or Amex.

2. I’d then Liberty Enable (via SourceID SSO of course) all of my customers accounts to every company that end-users will end up engaging using their phone.

3. I’d then build a long-term strategy to make the cell phone (via Bluetooth, WiFi or 2.5g) the ‘secure purchasing instrament’ of the future. Afterall, why would I want multiple cards in my wallet when I’ll be able to ‘attach’ (via identity federation) my debit and credit card accounts to my wireless phone number (via the authentication of the wireless operator).

4. I’d default all credit purchases made through the phone to my one of my co-branded Visa, MC or Amex accounts (taking a portion of the interest fees generated in partnership with the financial institution behind the credit account or some other private label source).

Long story short. I’d move aggressively to migrate the utility of the mobile phone from simply a ‘communications’ device with built in PDA functionality to a personal trusted agent of my digital identity, and I’d tie all conceivable financial transactions that can originate from my cell phone to my primary authentication of users.  

Identity Theft Statistics – From Ford Motor Credit

March 10, 2003 By: Andre Category: Ping Identity

·        The FBI states that identity theft is the fastest growing crime in America.

·         According to the Communications Fraud Control Association, annual fraud losses are in excess of $12 billion worldwide and the problem is growing rapidly.

·        It is estimated that identity fraud affects more than 2,000 people worldwide each day.

·        In 2002, it is estimated that more than 500,000 Americans will be robbed of their identities, with more than $4 billion stolen in their names.

·        The Secret Service estimates that in 1997 American consumers lost more than $745 million due to identity theft. Police detectives around the country now estimate that loss to be more than several billion dollars, adding in losses to credit card companies, victim costs including legal assistance, judicial and law enforcement time in investigating and trying cases.

·        According to The National Small Business Travel & Health Association (NSBTHA), every 79 seconds an identity is stolen.

·        Most victims don’t know about the theft until months or years afterwards.

·        According to the Federal Trade Commission, identity theft is the fastest growing crime today. More than 700,000 people became victims in 2000.

·        In 1992, TransUnion received 35,000 calls related to identity theft, but in 2000, they reported there were more than 600,000 reports made.

Congressional Hearing on Identity Theft

March 10, 2003 By: Andre Category: Ping Identity

Eric Norlin uncovered these two snippets from a recent Congressional hearing on Identity Theft. They both sound like applications of an identity network.  

The Secret Service has made a particularly strong commitment to making the Clearinghouse the centralized investigatory tool for identity theft crimes nationwide. The Secret Service has just begun its second year of detailing a Special Agent to the FTC’s identity theft program. This partnership has provided numerous benefits. In addition to the day-to-day assistance of an experienced law enforcement officer with expertise in investigating identity theft crimes, the Secret Service has also provided the FTC with access to powerful data mining and clustering software tools, the research capabilities provided by its financial crimes analysts, and its network of task forces throughout the country.


The FTC is examining other ways to lessen the difficulties and burdens faced by identity theft victims. One approach under consideration is to develop a joint “fraud alert initiative” with the three major credit reporting agencies (“CRAs”). This initiative would allow the CRAs to share among themselves requests from identity theft victims that fraud alerts be placed on their consumer reports and copies of their reports be sent to them. This would eliminate the victim’s need to contact each of the three major CRAs separately.

Another Year. Another Digital ID World

March 01, 2003 By: Andre Category: Ping Identity

We just completed the first version of this years conference website, Digital ID World 2003. While in some respects I think this years conference will be a bit easier than a first year conference, the expectations are also higher, so I suspect it will be just as much if not more work than last year.