23 June, 2006 - 11:08am

A couple recent news stories reinforce our belief in the need for Identity 2.0. The Anti-Phishing Working Group reported that May was a record month for phishing scams. According to the APWG there were 11,976 phishing websites last month, the most ever recorded, and a more than three-fold increase from 2005. Also of note, 34% of all phishing sites worldwide were hosted on infected American PCs! Other troubling announcements are from several US government agencies regarding the theft of identity data, including that of the FTC, Veterans Affairs, and the NNSA (which oversees the American nuclear weapons program).

Yesterday the FTC, the US agency reponsible for fighting identity theft, said that two government laptops containing sensitive personal data were stolen. This comes on top of announcements by the Department of Veterans Affairs last month regarding the theft of an employee's laptop that contained electronic records on 26.5 million veterans, and by the National Nuclear Safety Administration a few weeks ago, regarding a hacker who stole the personal records of at least 1,500 employees.

Clearly a new approach to digital identity data is needed that involves not only new technologies but also more secure processes. An Identity 2.0 internet-scale identity infrastructure would allow individuals, websites, and organizations to:

• Enable simple and secure access to online resources.
• Communicate profile information across different domains.
• Prevent identity theft.
• Audit and trace malicious behavior.