Data is not actually the problem with the Optus breach; it’s the quality of the data. That sounds like I’m splitting hairs, but the point is we can’t protect people by just updating their data. That’s no lasting fix. Changing driver licence data or passport data is not a sustainable response when another breach is inevitably around the corner. People deserve better safety in a modern digital economy.
The root problem that makes people vulnerable after a breach today is that we can’t tell the difference between original data and copies. Websites can’t tell if a form is being filled in by a genuine customer or an imposter. So stolen data is traded on black markets and used by imposters behind our backs.
Data is the lifeblood of the digital world. Data sharing can only expand. Of course nefarious, underhanded and misleading collection must be fought, but well-intended data collection must continue. Instead of changing the way data is used, we must change the way data is presented. We must make data better.
Instead of having people type raw numbers into forms to establish their bona fides, we must transition to digital presentation of cryptographically protected facts and figures. Digital credentials should be signed by their issuers when issued, to prove their origin, and must be signed again by their holders when presented, to prove the owner consented to each transaction, or was at least actively involved.
The signing is relatively easy. It’s built into mobile technologies and used seamlessly every time we bring up a virtual credit card from a mobile phone wallet.
We should be adding official digital copies of driver licences, Medicare cards, passports, and all official facts and figures into digital wallets — whether they be government mobile apps such as that of Service NSW, the Apple and Google wallets, or new versions of the future Open Wallet standard.
People should be able to move their important data around with exactly the same convenience, privacy and security as they move their digital money.