Sunday, January 02, 2011

Forging bits

William Gibson makes passing reference to the art and craft forging documents early on in Spook Country, telling about trips to second hand bookstores to buy just the right paper, and ageing credentials by carrying them around.

Nowadays, though, paper is optional. Checks can be deposited by snapping pictures of front and back and sending to the bank, and airlines scan pictures of boarding passes from your phone at the gate.

Paper credentials decentralize verification. When it's difficult to "call HQ" to check identity - which it used to be until very recently - the attestation had to stand on its own feet, carrying the full burden of authenticating not only its bearer but also itself. Nowadays a database look-up is instantaneous, and the database can not only produce the photo of the person making the identity claim, but can also track whether multiple claims are being asserted simultaneously in different places.

The locus of forgery thus moves from the edge to the middle: you don't hack the passport, you hack the passport database. With a suitably large investment in securing the center, it becomes harder for street freelancers to generate credentials as they go, "at retail". However, there is now a single point of failure, and a successful hack of the central database can generate an unlimited number of false documents. As always when moving from bricks to clicks, the upfront cost is huge, but the marginal cost is negligible.

The discretion of, and trust required in, the agent at the edge diminishes. When paper documents had to be checked, officers developed a feel for a fake by handling tens of thousands of them over years, and their instincts could tell them something was off long before the official notice came around. Not all of them were equally good, though, and a rookie might miss a dud that an old hand would see a mile off. Now the quality of authentication depends on the security and agility of the central repository; if it can be broken, or is slow to respond to an exploit, a hack that works will work everywhere, immediately.

One might therefore expect that digital spooks and their paymasters are working not only on building bit-bombs to disable infrastructure, but constructing trapdoors to facilitate the forgery of digital credentials. "Identity theft" is probably not the half of it; identity creation (and destruction) is much more valuable.