Spam and the related problem of phishing seem to me to be an example of low-hanging fruit that digital identity ought to be able to grab easily. I hate to say it yet again, but there is no reason that commnications between two virtual identities (in this case, virtual me and virtual my bank) should not be encrypted and signed. It’s impossible to find a web browser that doesn’t implement SSL just as most mail packages implement S/MIME.
One of the ironies of the current situation is that people who ought to be part of the solution — banks — are actually part of the problem. The phishers are so sophisticated that is it very difficult for customers to distinguish real from fake e-mails: so while the security department advises that a bank tell customers it will never ever send them an e-mail, the marketing department always wins and the e-mails continue. At the same time, I read things like "I am optimistic that email can still be effective if financial institutions clearly personalise their message". No! This is not the solution: it’s not about personalising messages it’s about signing them and making clients e-mail services that will discard all unsigned e-mail by default. And if a bank can do this for its customers, then it can do it for other service providers as well so that the provision and management of digital identities because a line of business instead of a cost of being in business.
My opinions are my own (I think) and are presented solely in my capacity as an interested member of the general public.
[posted with ecto]