Is Blockchain A Solution For Securing Centralized ID Databases? Posted on : Dec 11 - 2018

Universal IDs have gained the attention of many governments. The sentiment is that universal IDs could help counter terrorism, increase national security, deter ID fraud and make the lives of citizens easier. The problem with universal IDs, such as the REAL ID in the United States and the Aadhaar card in India, is that they can lead to the creation of national databases, and such databases are not always secure.

In the first half of 2018 alone, there were 668 data breaches across U.S. industries including banking, business, education, government/military and health care that exposed over 22 million records. Many of these kinds of breaches stem from databases having weak or default security configurations, which can leave them open and vulnerable to attack from cybercriminals.

As cybercriminals find new ways to breach databases, it becomes difficult for national ID databases to remain secure long term. Since they store a variety of data from millions (or billions) of individuals within a population, they are a honeypot that cybercriminals are eager to attack.

Preventing criminals from accessing identity data and using it for identity fraud, account takeovers and synthetic-identity fraud is a serious issue that my company and many others are committed to. In 2017, identity fraud reached a record high, with approximately 16.7 million U.S. consumers affected. There is a clear need for technology to be developed that thwarts cybercriminals and makes identity information more secure. With blockchain technology, I believe an opportunity exists to address this growing societal problem and better guard identity data.

Problems With National Identity Databases

In the United States, the REAL ID has seen pushback from state governments and others since its inception in 2005. Consumer privacy advocates claim that the REAL ID will put personal information at risk. According to the International Association of Privacy Professionals, states that issue REAL IDs are required to grant other states and the federal government access to their state's ID card data. Some opponents have argued that, in effect, this builds a nationwide database, even though the U.S. Department of Homeland Security denies that it creates a federal database.

Some privacy advocates think it's unwise to contain a complete profile of a person within such a database, as it could put people's information at risk of identity theft. I believe it changes the question from “Will a data breach occur?” to “When will a data breach occur?”

As with the REAL ID, some privacy advocates believe that it's unwise to maintain a centralized database of personal information for Indian citizens. They think it can cause cybercriminals to focus on attacking the database. This has proven to be the case with the Aadhaar card since it was introduced in 2009.

In March 2018, a state-owned utility company in India had a data leak. Aadhaar cardholders' private information — including their names, unique identification numbers and bank information — was compromised during this attack. This showed the world that many governments are not currently equipped to handle large amounts of identity data and keep it safe. View More