Why Equifax Happened: The Missing Link: Authentication
Much focus is on our Identity problems because of the tectonic Equifax breach.
There is an easy fix. The problem is that too much reliance is given to the presence of identification, without any authentication.
When you log in to a website, you are asked for a username AND password. Imagine if twitter, facebook, reddit and any other of your favorite websites simply used your username and nothing else. You could log in as anybody, do anything.
This is now where 50% of Americans are at, thanks to Equifax, with their own Personal Identity. To make matters worse, our financial and lending laws are so broken they are backward from our constitutional rights. If somebody commits fraud with your identity, you are guilty until you prove you are innocent!
This is a problem largely brought on by technology, and it can be solved by technology.
The simple fix is to add authentication to the mix and to put the burden of proof onto the lenders if they don't use it. There are many ways this could work, but they are either fraught with massive bureaucracy (let the government do it all!), or we have too broad a diaspora of options.
Can there be a simple solution?
What if the federal government simply passed a regulation that did three things:
- Define an acceptable internet authentication protocol to be used, which can return a unique one-time signed token when authentication is completed.
- Created a government registry where people opt-in and link themselves to a service that can provide the authentication for them.
- Lenders are required to check the registry and run the authentication if the individual is linked. Any lender who does not do this properly is liable for the debt being created, not the opposite.
The problem will solve itself. We need to stop using the presence of identification without authentication as something acceptable. Do not require the use of this registry, but those who do want to do so can. And it also enables the free market, as the government is allowing you to use whomever and whichever service you want to use for your authentication, and you can change it whenever you need.