Mr. Horne's Book of Secrets

And if everyone gets hacked?

Hey there, fellow victims.

I was so sorry to hear that fraudsters got a hold of your personal information recently.

What’s that? You don’t think your personal information was stolen? Well, it pains me to inform you that you are completely delusional!

“I voted for you, Kevin.”

Because everyone’s information was stolen—143 million sets of names, social security numbers, birth dates, and addresses. That’s almost half the population of the United States, and before you go thinking that you belong in the “other half” that didn’t get hacked, consider the following:

  • Have you ever applied for a credit card?
  • Have you ever applied for a loan?
  • Have you ever had a background check as part of your employment, housing, or other circumstances?
  • Do you own a car?
  • Do you own any real estate?
  • Did you go to college?

If your answer to any of the above questions is “yes”, then it was your information that was stolen.

So why did this happen? It has something to do with a little company called Equifax.

What is Equifax?

Equifax is one of the three big credit-monitoring agencies in the U.S. Their job is to sell your personal information to banks, employers, and other corporate entities who may wish to know more about you.

Ostensibly, they are also responsible for securing your personal information so that others cannot compromise it. They offer some services such as credit monitoring, credit freezing, etc., as a way of excusing themselves for holding on to information they do not own and have no rights to.

And they let hackers steal it all.

And, just to make this clear, Equifax collects this information without your permission. There is no way to opt out of the system, apart from living entirely off the grid.

The two other credit bureaus—Experian and TransUnion—don’t seem to have been hacked, but at this point, it really doesn’t matter. Because those other two bureaus were holding onto copies of the exact same data. One bureau getting hacked is no different than all three bureaus getting hacked. And that is a problem.

What Happens Now

It’s hard to say exactly how this is going to play out, but we do have some precedent for it. People’s identities get stolen all the time, after all. So steps are taken to restore identity. New credit cards are distributed, new accounts are created, and, sometimes, new Social Security Numbers are even issued. If an individual has their identity stolen, the problem can be fixed.

But what if everyone’s identity is stolen?

A name, a social security number, and a birth date is all you need to wreck a person’s life. No password or security question is strong enough to block an intruder when they have your data. And if data for every person were to suddenly fall into the wrong hands all at once, then all the locks disappear and all the doors fly open…for everyone.

Everyone can suddenly log in to your Paypal account, your Amazon account, your Gmail account. And you can potentially do the same to them.

But that’s not even the worst part.

Banks and credit card companies will be inundated with fraudulent applications that they can’t double check. To protect themselves from fraud, they’re going to have to stop loaning money, which slows the American economy to a crawl. Commerce stops. Businesses fail. All because they were forced to participate in a system that was designed to fail.

What Can be Done

Issuing 143 million new social security numbers is not a viable option.

Issuing 143 million new birth dates is even less viable.

This problem cannot be fixed by going back to the old way things were done. Using magic combinations of numbers to control people’s identities was always a bad idea. And better techniques have existed for decades, which have been waiting in the wings to take their place, but these have been stopped at every turn by one terrible fact:

The halls of power are filled with technophobia. The obsolescence of our technical infrastructure is rivaled only by the graying of our civic leadership, who don’t understand why the methods they were raised on are insufficient. Other countries have already adopted asymmetric methods of identity verification. The United States, supposedly the land of technological achievement, has fallen woefully behind.

And even today, new technologies are emerging that are changing everything, yet the people who make the decisions, in government and in industry, aren’t prepared to deal with it. Whenever they aren’t ignoring progress, they’re fighting against it.

But for what it’s worth, I propose that the current system of verification by social security numbers and birth dates be declared defunct by the government, and the congress should pass a law whereby the use of these for identification becomes illegal no later than three years from today’s date.

In the meantime, the hands of our society should get busy building a blockchain system of identity, where every individual carries their own token that proves their authenticity. This token is controlled by a private key known only to the individual, as well as an address that is common knowledge, and the token may be occasionally moved to a new address by the individual, to make it a moving target that is so much the more difficult to steal.

This is what is required by the current state of technology. Bloated corporations have no business holding onto secret information that citizens need to identify themselves. It is insecure and unpatriotic. And if the geezers at the helm are not prepared to implement such a system, then new leadership is required.

 

[This week’s tagline: “Where people come…after losing everything.”]