Is it worth sacrificing your personal data security for a bit of convenience?
I have spent many years working in IT, which is an odd place to find myself, especially when you consider I started my career as a Chartered Quantity Surveyor.
Over time I have witnessed the evolution of technology, and I love helping organisations embrace technology that, put simply, makes their lives easier, more productive, and helps them work smarter, not harder.
Throughout these 20 plus years, I am always looking for solutions to protect against the ever-increasing threats that are potentially aimed at my customer base, and not a lot has phased me in this time.
However, there is one threat that concerns me, over which I have no control: the government's plan to implement people with a Digital ID.
What has got me worried?
Government led projects hardly ever scream efficiency, technical excellence, value for money, being bug free or having good security.
It is nigh on impossible to find a Government implemented IT project that has been on time, on budget and successfully implemented. Instead, they always run over budget and they under deliver on what was promised and don't get me started on how they suffer from all sorts of technical issues, data leakage and security breaches.
The next thing on the list that has me worried is the Post Office scandal featuring the Horizon IT project which is shocking, it was known to be flawed but Post Masters were still held accountable for compute errors and some were even given criminal records and were imprisoned, rather than the people running the flawed system admitting that the software didn't work. That is just a level of evil that is difficult to comprehend, how those people sleep at night is beyond me, knowing that innocent people were behind bars, all because they didn't want to admit to having a badly coded system.
Thinking of the Post Office scandal, let's set a scenario:
- Someone steals your Digital ID
- You try to use your Digital ID but it no longer shows your picture or allows you access to your accounts and services
How do you prove to the government that you are you? Especially when your picture no longer is of you on your digital ID?
I don't mean what if someone steals your phone with your Digital ID on it.
I mean what if someone hacks the database and steals your identity and digitally becomes you?
Identity theft has been a blight on society, with people getting saddled with debt they were blissfully unaware of because someone stole their identity and used it to setup financial agreements, like credit cards or bank accounts or loans.
What would happen if someone managed to steal your Digital ID, they are effectively you, and if the government development roadmap for Digital ID is accurate, they would have access to all your personal information, including financial details, medical records, driving license, passport, and potentially even contracts and property deeds. Meaning they become you, could then own what you did legally and how would you prove otherwise, especially if we look at the Post Office scandal track record of people spending years fighting to clear their names, how do you convince someone who doesn't want to admit their system could be hacked, that it has been hacked and that you are you, not the other person whose picture is on your Digital ID. What the Horizon IT scandal showed us was those in charge were deliberately lying, saying this had never happened to anyone, when they knew it had, I doubt any lessons have been learned from it, so expect more of the same.
In the meantime, whilst you are trying to convince a faceless bureaucrat at the other end of a telephone call that you are you, all your assets could be exploited, spent and sold off, just how would you get these back once you did prove you are you?
Here is hoping you never find yourself in this position.
Recently, the Government hasn't covered itself in cyber security glory either, there have been several high-profile hacks, the most shocking being an MoD data breach that resulted in the known deaths of 49 Afghanis and family members, with significantly more likely dead but unverified as yet, all as a direct result of the data breach.
Poor cyber security has real world consequences and unfortunately Government IT projects have poor cyber security. Couple this with the rich pickings of data on offer and it makes Digital ID a prime target for attacks.
Did you know...
That Digital ID has been in development since Covid? The vaccine passport application was the basis for the new Digital ID platform. It has already been hacked TWICE that they know of. The first was through Government testing of the application, the second was from hackers who broke the security, got in, were unnoticed by the developers and testers and it only came to light when they notified the project! If they hadn't notified the Digital ID test team, they would most likely still be blissfully unaware of the breach!
But it is not just Digital ID that is insecure
The legal Aid Database has been compromised, leaking information relating to personal data about applicants for legal aid (both civil and criminal) and their legal representatives.
Another example has been Russian hackers stealing data from MoD sites and publishing the data on the dark web.
In all cases the data should be stored and accessible only on an encrypted network that cannot access the Internet, let alone be hackable, but time and time again we find out this is not the case, so if this is the level of security that can be so easily breached, what chance with our personal sensitive information when it is all linked into one repository?
The government, through various politicians and departments recently went on a social media campaign pushing for how your life will become so much more convenient if we have Digital ID, but as I asked in the title, is it worth having a little convenience when the price you end up paying could be so high?
If you feel as strongly as I do, I will leave you with this call to action, write to your MP and express your concern with the track record of poorly run IT systems, the fragility of the internet of late with service providers failing and the raft for security breaches suffered by government run projects.
You can write to your MP by visiting the website “Write to them” (click here) and follow the instructions