CIMIP fights identity theft

* Utica College's Center for Identity Management and Information Protection

A year ago, the Center for Identity Management and Information Protection (CIMIP) at Utica College was created in a partnership including the Economic Crime Institute (ECI) of Utica College, LexisNexis and IBM Entity Analytics.

The CIMIP’s mission is “a research collaborative dedicated to furthering a national research agenda on identity management, information sharing, and data protection… [I]ts ultimate goal is to impact policy, regulation, and legislation, working toward a more secure homeland.”

Since its founding, it has attracted many other sponsors and collaborators, including the U.S. Secret Service, the FBI, Carnegie Mellon University Software Engineering Institute’s CERT/CC, Indiana University’s Center for Applied Cybersecurity Research, and Syracuse University’s CASE Center (for links, see the Partners page).

Last October, the Center was awarded $1.7 million by the State of New York for its operations.

The CIMIP has several valuable research projects under way, including the following, which are described in more detail on the research page:

* Identity Fraud Trends and Patterns: Building a Data-Based Foundation for Proactive Enforcement

* Identity Theft Assistance Corporation (ITAC)

* Survey: ID Theft Awareness and Behavior of 18-29 Year Olds

* The Use of Identity Management by Non-Compliant Sexual Offenders

* Identity Management Research Workshop

I downloaded several interesting white papers from the site after a simple registration process. These older documents (all PDFs) provided the basis for creation of the CIMIP and have information that is still of value.

* The Growing Threat of Economic and Cyber Crime (2000) - 42 pages of foundational information, including types of economic crime, costs as of the late 1990s, effects on victims, law-enforcement organizations and coordination, and recommendations.

* Identity Fraud: A Critical National and Global Threat (2003) - 48 pages of follow-up to the original 2000 report by two of the major authors, Gary R. Gordon of the ECI and Norman A. Willox Jr. of LexisNexis. Topics include the role of identity fraud in criminal and terrorist activities, U.S. and international laws about identity fraud, and technological and policy recommendations.

* Using Identity Authentication and Eligibility Assessment to Mitigate the Risk of Improper Payments (2005) - an 18-page brief from Gordon and Willox about fraud and abuse of entitlement programs run by the federal government. The paper discusses the role of false identities in such abuse and reports on three field studies of different methods of verifying the authenticity of identities used in registering for government programs or benefits. The authors discuss risk assessment methodologies that can usefully be applied to all types of identification and authentication requirements for large populations, including the issues raised in my recent articles about the weakness of identification and weak authentication as a basis for improving security.

* The Ongoing Critical Threat of Identity Fraud: An Action Plan (2006) - an 11-page continuation by Gordon and Willox of their 2003 report. The paper uses the same headings as the 2003 report but unfortunately omits a table of contents. Each section discusses changes since the 2003 status and adds recommendations. The report has many fascinating insights; for example, the authors cite John Sparks’ comment from a January 2006 review, “And then there's China, where Internet penetration is expected to top 10 percent in 2006. Because China's PCs don't generally run licensed versions of Microsoft's Windows, they're not eligible for the security patches Microsoft makes available to its legitimate users. Hackers have already taken control of the PCs of thousands of unsuspecting Chinese and used them as a platform from which to launch spam attacks. These so-called botnets are routinely bought, sold and swapped in Internet chat rooms.”

I have registered on the CIMIP site to receive alerts when they publish new research reports and I wish them well in their important work.


Copyright © 2007 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022