If you read my material, listen to me talk or see my comments on any number of the social networks out there you will clearly know that I have a strong belief that every single one of us on the planet has already had our personal identity information compromised, stolen or breached in some form. We are already ALL victims and it is only a matter of time before our “number is up” and someone takes a run and taking over our identity. Sorry to be the bearer of bad news there.
The Equifax breach in 2017 is really just the tip of the iceberg and I hope that it is a wakeup call for those that feel they are not at risk or have the belief that it will “happen to the other guy”. WRONG! You are the other guy, and so is the other guy, and the other guy, and the other guy ….
Feel free to email me when you find out one day someone has taken control of your life through identity theft. It’s going to happen, unless of course appropriate actions are taken by the organizations that have a chance of “helping” the situation. Not “fixing” but helping. There is no fix to the largest enemy and risk people face of falling victim to identity theft. That enemy of course is themselves!
In the absence of being able to reprogram peoples brains to do simple things like manage passwords properly and not share every detail about their lives on the social media, the governing bodies responsible for the foundational establishment of identity and the associated identity information of people need to step up and take control. This of course being GOVERNMENTS.
Today in the physical world government is on the hook to manage and protect the identities of individuals whom are in their jurisdictions. This is done from birth through death and is managed through “government issued identification”. There are mature and well understood procedures, standards and governance frameworks around the issuance and acceptance of government issued ID and although it is not foolproof it is at least something to build upon.
In the digital world everything is just a “click away” and every person, place and thing is wired (future post on the privacy issues of this, but let’s save that one) which amplifies the requirement. Governments worldwide need to move to protect their citizens in the digital context in the same way they have in the physical.
Hence we need priority on the development of “GOVERNMENT ISSUED DIGITAL ID”.
The foundation for this needs to be based on the fact and acceptance that we are all breached. We have been exposed. No information is sacred and we can expect that not to change in the future.
The simple question that governments need to answer is ” If everything is exposed and available for misuse, how do I know it’s actually you when you are legitimately representing yourself ?” (Hint: The question is simple, the answer is not).
We as a society need to assume that everything about us is completely opaque. I would even suggest that we could just go ahead and make everything available since it is already. Heck, it could even put a damper on the “dark web” where the identity information of a person can be bought and sold then used for fraud and identity theft. Of course I don’t really think we should do that, but you get the point.
How we electronically identify that it is the the actual individual presenting their information digitally should be top priority for national, state and provincial governments whom generally are the managers and governors of identity information of their citizens.
Technology, processes and governance needs to address this in the digital context just like in the physical context. The thing that is missing of course is that one thing that always seems to get in the way : COST. That is a difficult one to overcome because of the massive investments in legacy systems, processes and procedures that would need overhauling, but we do need to start somewhere.
I can tell you from experience having worked with governments to initiate these types of things that there is no where near enough resources being allocated to this problem. Some countries are addressing the problem with national initiatives but they are few and far between and are having mixed results.
The private sector can assist with this problem, but as we have seen it is within the private sector that the majority of the problems are actually occurring. The largest data breaches that have occurred in recent months have been non-government organizations. Private sector companies collect, retain and store identity information in the interest of delivering sought after goods and services to those very citizens we are discussing, thus they operate on a different playing field than governments. That of course is why the governance and controls really need to be put in place.
Until such time that we have a ubiquitous digital government ID, I suggest 3 things:
1.) Do not share your personal information with any company unless you have to and when you do, share the minimum.
2.) Contact Equifax or TransUnion and get a copy of your credit file annually. You are generally entitled to a free one annually and don’t need to subsribe to their monthly service. You just may need to dig up the free application on their site. Search for something about “Consumer Disclosure”. Links below to help.
3.) PLEASE CHANGE YOUR PASSWORDS regularly and if you hear about something called a “security key” or “second factor” or “two-step”login”, please do yourself a favour and learn how to use it. Email me at email@example.com if you want tips on that.
Click the follow to be taken to Consumer Credit Report access:
TransUnion Free Consumer Disclosure
Equifax Free Consumer Disclosure