What if we could make data useless to thieves?


In The Mandarin, Julian Bajkowski writes that “the digital identity penny appears to have finally dropped in the current federal Labor cabinet”.

I love to see our government responding so energetically to the rash of data breaches.

But if identity is the answer, what exactly is the question?

Australians are damaged by data breaches because personal details used in identification are now on the black market, where criminals pick them up and use them behind our backs.

The question should be: How do we make stolen data useless to criminals?

There is no such thing as “identity theft”; it’s only data theft. We don’t have a “digital identity problem”; we have a data problem.

According to cybersecurity minister Clare O’Neil, “this government is moving forward on a new national digital ID system… Ultimately, this is all about making Australian identities hard to steal and, if compromised, easy to restore.”

Yes, our “identities should be hard to steal” — except we’re really talking about data.

The way to do this is through the proven technology of verifiable credentials in which your ID is sealed to a smart-chipped device, visualised in a digital wallet on that device, and presented digitally under your control, precisely to the parties that really need to know. Your ID would be protected in this way against theft, interception, replay, or counterfeiting.

This is exactly how a smartphone wallet holds and protects credit cards.

Nobody would dispute that a new digital Australia Card will need verifiable credentials technology, operating in a choice of digital wallets.

Now if Australians had that capability, what else they could do with it?

We could hold our Medicare numbers, birth certificates, driver licences, and passport data in exactly the same way. All that data too would become useless to criminals, thus protecting citizens from data theft and identity fraud. Identification by banks, government agencies, telcos, new employers, alcohol retailers, and gambling sites would all be resistant to stolen data.

Just as many of us “Click to Pay” using digital cards today, we could just as easily “Click to Prove” any one of those credentials over the internet.

We could reap the enormous benefits of data wallets across most of the economy, using existing data, almost immediately. The rollout of a new digital Australia Card would be de-risked, and we would buy more time to have the proper “privacy and access debate” called out in the article.

The road to a national digital ID must be built with verifiable credentials and digital wallets, “critical infostructure” which could be used at scale much more quickly to solve our stolen data problem.

Lockstep’s Data Verification Platform is a scheme to rationalise and organise data flows between data originators such as government and the risk owners who rely on accurate data to guide decisions. Join us in conversation.

If you’d like to follow the development of the Data Verification Platform model, please subscribe for email updates.​