Ordinary people might be a lot smarter than most in IT think about protecting their own privacy and security online, if a new study from ID Analytics, Inc. is correct. Or they might just be a lot less honest.
According to a report released in June, 45 million Americans deliberately "manipulate their identities in applications for credit, cell phone service, auto loans or other credit transactions."
From an IT/data-security point of view, that's good, in that it means they're not all entering all the same data – usernames and passwords are the usual problem – on every web site on which they have to register.
Observed strictly from the perspective of data architects and designers of federated authentication systems, it would seem to indicate that average people have a relatively clear understanding of all the pieces that make up the "self" online, how easy it is to change to a different self or even steal someone else's. Not the real self, but a metadata homunculus born from the accumulation of data about us from many different sources, some legally binding, some not.
That amorphous mass of identity information describes us in every detail and exists in multiple dimensions, showing one set of relationships to our work environment, another to our personal networked connections and a third to our personal-business connections – mortgage holders, credit-card companies and other services for which we contract and pay online.
Keeping all that data accurate, straight, secure and private is turning into a big business and a huge legal mess as courts and web service companies wrestle with how much control individuals should have over data about themselves and how much is legitimate for a product or service provider can hold about its customers.
It could be great news about how well the bulk of the population will adapt to the realities of the Internet as privacy evaporates, information with which we trusted one service provider shows up on the screens of another without our approval and every bit of data recorded about us is available at will to both law enforcement and any business that either wants to pursue us to collect on past debts, or to pitch us new products or services they think we'd buy, based on exhaustive analysis of the most private details of our lives.
In the ID Analytics study the most common identity data manipulation was not some aspect of a commercial exchange, though. It was the Social Security number, followed by names and dates of birth.
The three most promiscuous "identity manipulators" used a total of 417 Social security numbers, 68 dates of birth and 17 different first names.
That definitely shows an awareness of where their electronic identity tracks have been left, or at least the kinds of behavior that might have been associated with each identity.
There's no data in the study that really shows intent, but somehow I think the people highlighted as the most frequent identity manipulators -- and a good percentage of the other 45 million, too – were manipulating data more often to commit fraud or avoid penalties for broken contracts, unpaid bills or other bits of financial flotsam.
The main point suggested by the study is still perfectly valid, though: Americans definitely know where traces of their identities are left online.
They're just not as pure about why they're trying to avoid being identified as a digital civil libertarian might wish.
On the other hand, if part of what you do is collect personal data about customers to use in marketing campaigns, product design or to help chase down deadbeats, you might want to look twice or three times at the checks you already use to ensure the quality of your data.
With 45 million active identity manipulators in the population of your potential customers, even the pessimistic view you probably already have about the accuracy of your data may underestimate the amount of fiction in your databases.