Issues with re-establishing Identity After Natural Disasters

As many of you will know, southern Australia is currently suffering the worst bushfires in peacetime history of Australia. Over 173 are confirmed as dead with many more injured, towns have been destroyed completely and people losing everything. The SBS and the ABC have particularly good online coverage of this ongoing disaster. What makes it worse is that police are investigating a number of sites where the fires were suspected to have been (re)started by firebugs (arsonists) and even by thrown cigarette butts. IMHO those responsible should be tried for murder with sentences served consecutively.

Identity

I’ve just watched Prime Minister Rudd address the Australian Parliment (ironically, via the BBC) where I was pleasently suprised to hear, quite early in his speech [Link Available Soon], that the Government will direct its departments to provide assistance to people re-establish their legal identity. Things like passports, birth certificates, marriage certificates and so on are difficult enough to get hold of, but even worse when all of your “identity sources” are destroyed in disasters such as these fires or the floods ravaging Northern Queensland. Being able to provide a positive and trusted identity “token” (drivers license, passport, etc) about yourself is nowadays a virtual prerequisite to living a normal life in todays society. If you have none – how do you identify yourself? PM Rudd paused from reading his speech to convey, in his personal tone, this difficulty to the rest of Parliament. This is the first time I have ever heard a senior politician even understand this difficulty, simplistic as it may sound. Maybe its because he saw The Chasers’ Julian Morrow demonstrate how easy it is at a recent Identity Fraud conference in Sydney.

However – this got me thinking, as of course I work in the Information Security and Identity spaces. What provisions will the Commonwealth put into place to stop those evil people take advatage of this tragedy to assume the identities of victims? How do you prove your identity when your primary sources have been destroyed? There is an excellent case study of an affluent lady in NSW [Citation Needed] who has lost her home (including title deeds), car, digital identities, bank accounts, and so forth after having her identity stolen by a criminal gang whilst she was abroad. (The suspected Russian-based gang proceeded to sell everything she owned, obtained passports and birth certificates in her name,  bankrupted her and racked up massive debts in her name, and she is still fighting to this day to clear her credit record years later – which nobody seems to know how to do, due to the lack of legaslative process in Australia).  And all from stealing mail from her mailbox. Australians – put an unbreakable lock on your mailbox or get a PO Box, is all I can say.

Although its not proof of identity, people born in England and Wales can order as many copies of their birth certificates as they like (well – to be accurate – certified copies of an entry in the register of births and deaths) over the internet. A very useful service. Indeed, I’ve ordered quite a few copies of my own, based on only knowing basic information about my parents and where I was born. What is a scary thought is that this can then be used to apply for an identity elsewhere, for example my Australian Citizenship, my passports in multiple countries and even my French Carte de Sejour (itself a de facto Identity card).  I don’t know what processes there are in place to stop you, or anyone else, doing that with such a copy. I bet you that the various governments around the world don’t check the validity of every birth certificate copy they are presented with.

Whilst digital identity is a complex area, we must also not forget the issues around dealing with the offline world. Identity theft and fraud is a growing crime, not just done by neer-do-wells, but also in a profitable manner by the organised gangs. And they’ve been doing it for years. All we can do as individuals is to protect our own identity as best we can. Something I will blog about in the near future.

Australian National Disaster Support

Many Australians, including myself, have dug deep and already donated well over $15m in less than 24 hours of the appeal fund being set up by the Red Cross and the Victorian Government. Fires also continue to burn in not only Victoria, but also South Australia and New South Wales. With over 173 confirmed dead in the fires, the toll continuing to rise and many more injured, losing loved ones, pets, their homes and/or their businesses. Once the immediate situation has passed it will take a long time for those affected to recover, both physically and psycologically. I urge anybody reading this blog to please donate to this very good cause. As always, Australians, all donations over $2 are tax deductable (they email you a tax receipt) and for those abroad, the relative weakness of the Aussie Dollar at the moment means your donation will go much futher. Thankyou for your support.

Again, Australian Organisations Complacent about Information Security

A colleague of mine at work started blogging again last weekend, highlighting a very good point that if 2-Factor Authentication is being offered to online gaming players, they why the hell are there still governments and financial institutions across the world that still rely on basic UserID and Password authentication to their online services?

Although an interesting debate, I’m not going to go into a rant about this today. What has caught my eye though as an article in todays Australian IT highlighting that a survey reveals that the majority of Australian Organisations are confident in the security of their IT systems, have rarely had that tested and can withstand all types of attacks.

Although I would like to see the details of the survey, this statement scares me. The article describes how:

[…] organisations have reached a level of comfort with security, as most internal security projects have been completed. Continue reading “Again, Australian Organisations Complacent about Information Security”