Here's an identity theft case study for your consideration:
There is in GSM telephones a smart card called a SIM. It is owned
and managed by the network operator. It contains the keys needed
to authenticate the subscriber to the network. It can also contain
some subscriber data such as a phonebook of frequently called numbers.
The subscriber can PIN protect the phonebook so that a PIN only
the subscriber knows needs to be entered before the SIM will
allow the contents of the phonebook to be read or changed.
The network operator can put an application on the SIM and endow it
with PIN privileges so that it (the application) can read and write
PIN-protected files even though it doesn't know the PIN.
The network operator has enabled the application to act as if it were
the subscriber whereas it clearly is not the subscriber.
Is this an instance of identity theft?
Cheers, ScottG
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Tue 7/1/2003 1:56 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Cc:
Subject: Law aims to reduce identity theft
http://news.com.com/2100-1019_3-1022341.html
Law aims to reduce identity theft
By Robert Lemos
Staff Writer, CNET News.com
June 30, 2003, 2:41 PM PT
A California law that requires e-commerce companies to warn consumers when
their personal information may have been stolen could provide a boost for
security firms.
The Security Breach Information Act (S.B. 1386), which goes into effect
Tuesday, requires companies that do business in California or that have
customers in the state to notify consumers whenever their personal
information may have been compromised.
Companies that fail to properly lock down information or to notify
consumers of intrusions could be sued in civil court.
... snip ...
also ... text of bill
http://info.sen.ca.gov/pub/01-02/bill/sen/sb_1351-1400/sb_1386_bill_20020926_chaptered.html
--
Internet trivia, 20th anv: http://www.garlic.com/~lynn/rfcietff.htm
