“Once more unto the breach, dear friends, once more.”
This Shakespeare quote(1) pops into my head almost daily as I open twitter or the New York Times. Shakespeare was using these words in the mouth of King Henry, exhorting his troops to fight another day, holding back the raging of the storm or war.
But now, here, all I can think of are data breaches that threaten our foundational abilities to control our own identities along with protecting the privacy, transactions and wealth that are tied to it. So… once more unto the breach.
The last time this reached public consciousness was with the Equifax episode. Setting aside the sometimes unsavory history of the company, the facts are that 143 million Americans had their identities exposed because of shoddy security.
Sadly, Equifax’s mishandling of consumer data pales in comparison to a recent report about India’s citizen identity initiative.
It was only last November that the UIDAI asserted that “Aadhaar data is fully safe and secure and there has been no data leak or breach at UIDAI.” Today, The Tribune “purchased” a service being offered by anonymous sellers over WhatsApp that provided unrestricted access to details for any of the more than 1 billion Aadhaar numbers created in India thus far.
The Tribune, India(2)
Let’s step back for some background. First, what is Aadhaar data? Let’s go to the Wikipedia entry:
Aadhaar means ‘foundation’ is a 12 digit unique-identity number issued to all Indian residents based on their biometric and demographic data. The data is collected by the Unique Identification Authority of India (UIDAI), a statutory authority established in January 2009 by the Government of India, under the Ministry of Electronics and Information Technology, under the provisions of the Aadhaar (Targeted Delivery of Financial and other Subsidies, benefits and services) Act, 2016.(3)
In short, Aadhaar is a unique identifier that allows its holder to gain access to all services and transactions associated with the identifier–whether the holder of the unique identifier is the actual person it represents. While the goals of this program are well-meant and honorable, it was doomed to fail because UIDAI had the wrong model of identity in mind and, as a result, choose the wrong technology platform.
There are a range of responses from citizens, but you can get a flavor of the general thrust:
And what, you may ask, has been the response by the overseeing government agency to this breach? Legal action, of course:
Days after an investigative report in The Tribune revealed a racket via which a journalist was able to gain access to the Aadhaar database of a billion Indians for just Rs 500, an FIR has now been filed against the daily as well as its reporter Rachna Khaira by a deputy director of the Unique Identification Authority of India (UIDAI).
The UIDAI released a statement saying that it takes every criminal violation seriously, and “unauthorised access” by The Tribune and its journalist is what invited the criminal proceedings that have been initiated against them. It also said it respects freedom of speech and the media, and that its FIR shouldn’t be viewed as “shooting the messenger”.(4)”
Two key takeaways;
- When you don’t own and control your identity, it’s not your identity.
- Your identity, if centrally stored, will be hacked.
lifeID ends personal data breaches once and for all
lifeID is here to help change this sad state of affairs by giving users control over their own self-sovereign identity.(5)
In brief, the core tenet of any useful self-sovereign digital identity is that the user is in control of the existence and use of their identity–in the real world and online. lifeid is designed so all personal information attributes–whether biometric, drivers license, credit cards, etc.–are only stored on your phone as a cryptographic hash. Even if your phone is stolen, there is no “out in the open” personal data for thieves to access.
lifeID achieves this level of security by providing a better way. We are building a decentralized blockchain platform, that is permissionless and economically self-sustaining. Most important, we’ve designed the governance that shepherds its future to be transparent, fair and ultimately serve the identity holders.
We believe that this identity service will dramatically change the way people use identity information for transaction with the world around them. It will give power over personal data back to the people it actually belongs to–the individuals themselves.
Join us
If you believe as we do, that we all deserve to control our own digital identities, join our cause. This invitation to join us is for users, developers, as well as other companies, even those that see us as competitors. We are moving quickly toward a future with more transparent, more universal and more just methods of proving identity.
- https://www.poetryfoundation.org/poems/56972/speech-once-more-unto-the-breach-dear-friends-once-more
- http://www.tribuneindia.com/news/nation/rs-500-10-minutes-and-you-have-access-to-billion-aadhaar-details/523361.html
- https://en.wikipedia.org/wiki/Aadhaar
- https://www.thequint.com/news/india/fir-against-tribune-and-reporter-for-aadhaar-data-breach-story
- https://medium.com/@lifeID_io/what-is-self-sovereign-identity-and-how-does-it-protect-my-privacy-e784e6bbfea6
