Wednesday, November 9, 2011

The Identity Illusion

In 1974, one of my brothers was badly injured in a collision between his 750cc Suzuki water-cooled street bike and a station wagon, driven by an old lady who thought she could make a left turn in front of him.  She was wrong.  They were traveling in opposite directions at 30 mph each.  My brother was thrown more than 100 feet from the collision site, suffering two broken legs, a broken pelvis, a broken right arm (his writing hand), and a fractured skull.  He lay in a coma for six weeks, as the doctors tried to soften the blow to my parents that he'd likely never regain consciousness, let alone return to a "normal life".

After coming out of his coma, and gradually getting out of the bed and hobbling around, he was awarded a settlement from the driver's insurance company and went down to cash the check.  This was several months after the accident, and he was still on crutches and his arm still in a cast (attached to a shelf on the right-hand crutch).  He couldn't sign the settlement check legibly, and his bank obviously balked.  Thinking quickly, he suggested they contact a branch employee from across town, whom he'd known since high school, to provide confirmation of his identity.  They called.  The employee drove over, confirmed his identity and the check was cashed.

The driver's license didn't cut it.  The Social Security card and birth certificate didn't help.  The signature was all that mattered to that bank manager.


Working in the Defense industry for over twenty-five years, I've seen many identification systems come and go.  The latest fad seems to be the photo ID "smart card", containing a chip with a PKI encryption key and some additional bits.  So what?  In most large corporate environments, the only people who can attest to your identity are your immediate coworkers, supervisor, and a few secondary people you interact with.  But once you leave your facility and travel to another facility, populated with employees who have never met you, what does that do?  So you have a badge with your photo on it, and an encryption key.  Does that "really" confirm it's YOU that it is pinned to?

You sign contracts, forms, letters, agreements and waivers all the time.  How does anyone know it's really YOU signing them?  How often are you asked to show identification to prove who you are before signing things?  At doctor's office counters?  At your kid's school?  How about signing in at the receptionist when visiting business offices?  So much of "identity" is built on trust and confirmation.  The gadgets and biometrical aspects are merely shoring up the fortress of trust for others to gain comfort.  Think about it though:  How do we really "know" who someone is?

Epilogue: My brother recovered over the course of several years, eventually, and after finishing up his Masters in Electrical Engineering, finished law school and passed the Virginia Bar.  It took more than ten years for him to fully regain memory from the days leading up to the accident.  For the first two years he didn't remember me or my siblings, let alone friends, neighbors, coworkers and many of his favorite possessions.  He still has not regained his sense of smell.  I told him that's not really a bad thing since few things smell good (which is why we value good-smelling things so much).

No comments: