Governments cannot protect personal records, can the blockchain?
Time and time again centralized government databases holding our most private and important identity information have been compromised, leading many to believe these records shouldn't be in the hands of governments in the first place.
On June 4 of this year, a larger than usual privacy breach happened to the US government Office of Personnel Management (OPM). This major hack resulted in the entire user database being stolen, including the records of more than 21 and a half million people’s most detailed government identification.
The OPM does not merely keep the personnel records of government employees. The agency does every background check that the government needs, mostly for sub-contractors of businesses that supply labor to government projects.
“We conduct background investigations for prospective employees and security clearances across government, with hundreds of thousands of cases each year.”
— – Office of Personnel Management
James Anderson, a former engineering contractor and bitcoin user from Atlanta, was among the 21.5 million. Although he wasn’t a government employee, six months after the event he received a letter from the OPM stating that they had been hacked, and his entire identity was compromised. Brave New Coin spoke with Anderson and confirmed that it was a worst-case scenario data breach.
"It’s weird that it was known for so long, they announced it this June apparently, but yet me and a bunch of my friends only received our letters last week. Typical government taking forever to respond to something."
— – James Anderson
His stolen information was gathered long ago, during a background check on in 2011. The job was a contractor position, for an engineering firm whose primary customer was the US Navy. “I had a background check in order to get a low level security clearance to handle confidential materials," Anderson divulged.
The compromised data included all of the information one would submit to a detailed background check, from his social security number to information about family members and far more. With this information, a competent hacker could completely and fully appear to be Anderson online. Getting a bank account in Anderson’s name would be no problem, nor would submitting an application for legitimate state-issued identification.
“The information in our records may include your name, social security number, address, date and place of birth, residency, educational and employment history, information about immediate family, as well as business and personal acquaintances, and other information used to conduct and adjudicate your background investigation.”
— – OPM letter to James Anderson
Adding insult to injury, the OPM also indicated that Anderson’s fingerprints had likely been compromised as well. While it’s conceivable that information like a social security number could conceivably be changed one day, fingerprints are simply not alterable. For the rest of Anderson’s life, every time he uses a fingerprint scanner of any kind, he will know that it doesn’t offer him much in the way of security.
If it’s any consolation to Anderson, 5.6 Million sets of fingerprints were stolen from the OPM, according to their latest estimate. "The problem is insanely widespread… Basically, anyone who had a government security clearance over at least the past 5 years, although it seems likely that it was a much longer time frame," Anderson explained.
According to NBC news, the OPM appears to be offering free theft protection and credit monitoring services, for at least three years, just for the victims. The service provider is of course the OPM themselves.
"OPM is committed to delivering high quality identity protection services."
— – OPM
This data theft was one of the most publicized in recent history, but according to Data Breach Today, this is only one of many US government database hacks, and is neither the most recent nor the largest.
Unlike a corporation such as Target or Sony, many government agencies don’t merely hold data records. The US Department of Social Security, for example, is the ultimate issuer of certain identity data. Imagine no longer having a social security number, passport, or driver’s license. Or worse yet, some hacker out there has yours. This is the new digital battleground that governments are forced to fight on, and they do so very poorly, judging by recent hacks.
Before Bitcoin, the concept of a distributed data store was hard enough to imagine, let alone institute. Fast forward seven short years and all of the largest banks, insurance companies, financial institutions, and even government authorities have publicly proclaimed their appreciation for the power of the blockchain.
As data breaches become more common, and the need for an immutable data store for identity becomes impossible to ignore, using a blockchain such as Bitcoins becomes more plausible. Safety and decentralization are already strong enough to allow all of your personal records to live online, instead of in a government database ripe for the next hacking.
The good news is that there are already many startups out there putting together these public information datastores, although each seem to be attacking the problem from a different direction.
- OneName is the sleekest and most useful system out today, although it’s not truly decentralized quite yet.
- BitNation offers a very official-looking world citizen ID that you can make for yourself, but isn’t interoperable with any other services or websites yet.
- Keybase simply links your public key to your social media profiles, and offers some advanced tools for developers to integrate it into applications.
- OpenID Connect is a protocol that focuses on removing passwords from website logins. Google, Microsoft, and others have all tested it out, but it’s not yet ready for public release.
- Cryptid, although made for smaller, administered environments like corporate campuses, could be used for general purposes as well, if ever fully implemented.
A few altcoins, including Namecoin, were created to tackle this problem too. Sadly, they still compete with Bitcoin for mining resources and are considered insecure, a problem that most altcoins are prone to.
Perhaps the best hope for a useful, decentralized identity system, is for a popular application that is already decentralized, like OpenBazaar, to offer their own decentralized identity system. If OpenBazaar ever becomes truly popular, and the identities used for buying and selling in OpenBazaar were portable enough to use on other websites online, this ‘brand’ of identification could very likely be the first decentralized ID taken to mainstream use.
All of these services clearly have a long way to go before they could replace today’s government run ID databases, but a world without centralized ID databases for hackers to target would be a world with very few online security problems at all.
Brave New Coin reaches 500,000+ engaged crypto enthusiasts a month through our website, podcast, newsletters, and YouTube. Get your brand in front of key decision-makers and early adopters. Don’t wait – Secure your spot and drive real impact in Q4. Find out more today!