There was a bit of a tempest in Singapore recently, with some anonymous Internet poster threatening to print the identity details of all/many foreign workers in Singapore. This is the result of common resentment in this country, where foreign workers are reviled because they take jobs from Singaporeans. It doesn’t matter that it’s the government that sets policy, the average Singaporean — bereft of many liberties — strikes out at the first person s/he sees, and that is the foreigner.

The identity details that were printed however were interesting. They included the name, place of birth, identity numbers, birthdate and current address of the foreigner. And, also interestingly, only Asian (non-white) foreigners were targetted, thus indicating a lack of … what’s the word? ah yes … balls on the part of the poster.

I didn’t take much notice, because the kind of information posted is the kind that every sales clerk in the country is privy to. It seems that you can’t even pay for something in Singapore without having to produce your passport, and who knows how many databases all this information is being written to? This was brought especially home to me when I was filling out the warranty form for a small appliance we’d bought and it asked for my identification number. I mean, what are the chances of another KS Augustin fradulently taking her broken Brand X kettle to the manufacturer to get it fixed? Am I expected to have my passport examined and photocopied ad nauseam just to get an element exchanged under warranty? … Well, yes, I suppose I am.

Lest you be sitting there and chortling at my misfortune, I’d like to direct you to a recent article in The Register. In a nutshell, British banks are rolling out a new type of RFID-enabled card (backed by Visa and Mastercard) called Paywave, that will not require authorisation for any transactions less than GBP10. Now, here’s a question for the class — how many people think that’s a bad idea? As you can see, my hand is up.

Information on items that use RFID technology are notoriously easy to pick up (that’s the whole idea) and the usual so-called encryption algorithms used by companies/the government are notoriously easy to crack. So, to bring this down to the level of reality, there is nothing stopping some grey/black hat from sitting on a bench somewhere, accessing your card from metres away and throwing a couple of GBP9.99 transactions on it. Of course, that’s just peanuts to the committed cracker. If the encryption codes can be cracked, then there are hundreds of identities swarming around that bench every hour, beaming their information into the ether, just waiting to be exploited, leaving the hapless victim with decades of frustration and angst in an effort to clear up his/her affairs after an attack of identity theft. I know of this to a lesser extent, because someone I knew was burgled (pre-internet banking days) and, more than 20 years later, he is still trying to clear his name and prove he didn’t defraud various businesses to the tune of thousands of dollars. Nowadays, you don’t even have to physically touch a possession of your victim’s … you just pluck the intel from the air.

Here’s the thing I can’t understand. Presumably, the world has become a more dangerous place. Yet every major institution, from governments to banks to retail shops, are coming up with more and more insecure ways of throwing our identity around. Whether we’re talking about easily-cracked technologies, or giving every untrained, security-unconscious clerk and his/her dog the ability to openly photocopy and transcribe your personal information, the ‘initiatives’ from these major institutions open the door to widescale identity abuse, not close them.

Which brings up an interesting question. Assuming that: (a) the world has become more dangerous, and (b) the institutions that have told us this are also making our identities less secure, what is the end goal in cases of inevitable infraction? Will justice be served … or will a judicious serve of scapegoating suffice? Hmmmmm …