And now, your moment of Xen
Banks could improve security for their online users by shipping them XenSE CDs. Users would then do online banking using software that was running on a secure virtual machine, reducing the risk of data theft, Neugebauer said. "I think we could provide (banking) with more assurance of security," he said.
My partial solution to identity theft problems is the have credit card companies ship you a Xen/whatever instance that lets you validate charges and credit reports. It would snarf your transactions from their network,, and allow you to add personal info like phone-, email/im/browser- and gps track-logs that could validate whether you could possibly have executed a transaction.
With this aggregate data, you could answer the following questions:
Were you in the store at the right date/time?
Did you call their 800 number?
Did you browse to their website?
Is the rfid of the item you just purchased within the limits of your household?
The above are all examples of things I don't want a credit card company to know, but at the same time they have a lot of potential for distinguishing fraudulent transactions. I see secured VM's running locally as a way to elegantly combining the power of data aggregation with the privacy protection it demands.
In addition to building a better fraud detector mousetrap, it has the potential to provide an alternative for all the merchant intermediaries holding on to excessing amounts of data. In other words, instead of storing all this stealable data themselves, they could delegate some of that to your VM. This is a complicated problem, since we're describing a distributed database, subject to people having a financial incentive to cache the data and break the rules. I acknowledge that this hope might be a bit unrealistic, but if liability ever kicks in for data theft, it's an option the merchants might start to pursue.
Anyway, I call this setup Total Information Awareness, Home Edition ®. Will XenSE be bringing it to us first?