The Medibank hack (and others) is a warning about Digital Identity and the future of privacy
‘Safe’ – it’s a word overused by politicians to lull the public into incredibly dangerous pieces of legislation.
Aside from the obvious failure of other ‘safe and effective’ products over the last two years, digital safety has become the focus of governments around the world spearheaded by the closed-door international lobbying group, the World Economic Forum.
It is WEF partner businesses – including those contracted by the Australian government – that swoop in for hundreds of millions in government tech contracts after world leaders have been scared blind and softened up to ‘safety via digital tyranny’.
Either our politicians believe the lie of ‘safety via digital barbed wire’ or they are so busy salivating over the potential power it offers that they don’t care what happens to citizens or their data.
Let me make one thing clear, data held digitally is not secure. If you want to keep a secret, put it in a locked filing cabinet and bury it in the bush. The North Korean hackers can’t touch it if it doesn’t have a wifi connection. For those who would rather jump to the head of the ‘please steal my private information’ queue, give it to the government for safe keeping.
We have had several months of severe violations of digital privacy via hacks.
The most notable is the Optus hack, which remains the subject of a criminal investigation by the Australian Federal Police. Not only is this a commercial disaster for Optus, who are offering all sorts of things to placate their furious customers, it has exposed millions of Australians to identity theft with their full names, dates of birth, phone numbers, and email addresses taken. The flow-on effect has been other providers, such as energy services and banks, rushing to make sure there are no additional crimes committed by those who stole the data.
Instead of learning the obvious lesson, the Optus hack has been used by the government to ‘accelerate’ its program to integrate the databases of telecommunications companies with both the government and the banks because apparently sharing data under the Digital Identity initiative will make it ‘safer’.
Of course, it’s far more likely that instead of only managing to get their paws on Optus data, next time hackers will get the ‘shared’ data as well.
I’ll give the government the same advice I gave the school trip I chaperoned through Argentina: don’t put all your passports, cameras, and wallets in one backpack. They didn’t listen because they ‘trusted’ the popular girl – who then left the backpack on a bus seat in a mountain village.
Soon after the Optus hack, one of Telstra’s third-party suppliers was hacked which was immediately followed by 2.2 million of Woolworths’ MyDeal customers having their credentials compromised. Now we hear that 4 million Medibank customers have been exposed to a hack in what has been labelled a ‘devastating’ data breach of private health records. It was reported in the Daily Mail that some health claims had been removed, meaning this was not merely a theft but an alteration of data.
‘We believe that the scale of stolen customer data will be greater and we expect that the number of affected customers will grow substantially,’ admitted chief executive of Medibank, David Koczkar.
Considering less-secure entities such as your local real estate agent hold excessive amounts of private information, this trend will continue. Forget the mining industry, in a world run by Silicon Valley and political despots, data is the new gold.
These are only the tip of the iceberg.
Also in 2022, Microsoft customers had their data ‘exposed’ by a misconfiguration, the AFP had classified documents related to agents fighting drug cartels accessed, wine cellar Vinomofo was hacked as well as Uber, the Fremantle Football Club, TikTok, LastPass (oh the irony), DoorDash, Facebook, WA Health, Cisco, Twitter, the University of Western Australia, Uber (again), Perth Festival, the Victorian government, Marriott, iCare, the Department of Home Affairs, the NDIS, National Tertiary Education Union, Transport for NSW… the list goes on and on.
To be clear, political leaders who struggle to unlock their iPhones are being told that the only way to guarantee safety in a post-Covid world is to hand the keys of the nation over to the shadowy world of Big Tech.
That would be the same Big Tech that hopped into bed with China and helped them create the Chinese Social Credit System and surveillance networks to ‘keep an eye on’ the Uyghurs.
In an article titled, How digital identity can improve lives in a post-Covid-19 world published by the WEF in January 2021, note how many times ‘trust’ and ‘safety’ are used to justify the largest global digital tracking system.
‘But the potential is bigger: the possibility to safely claim we are, will impact how fast the world economy can recover – alleviating key risks highlighted in the World Economic Forum’s Covid Risk Outlooks Report … Human-centric digital identities are the enabler to alleviate the global risks of health … the advantages of trusted claims are multiple from binding health tests to an individual being able to enter venues or travel … but with contact tracing, self-declaration or health credential approaches facing scrutiny – how to enable the new normal? … human-centric digital identities: an enabler to rebuild economy and trust … the risk of doing nothing is high.’
The Australian version of Digital Identity – copied directly from the WEF by the Morrison government (with credit, quotes, and shared data) – leads with the promise, ‘safe, secure, convenient’. Yes, your laziness is the key to fashioning a total digital prison.
Centralising extremely large amounts of private data, including data about our social lives that has never been collated, into a government database is easily the most dangerous idea a politician has had in a hundred years.
Not only are government databases notoriously hopeless, they are also among the most hacked entities in the country. The primary target of hackers? Health data. There have been dozens of high-profile hacks of private information from government databases in the last few years. The public can have net zero confidence in the government as a gatekeeper of the details that define their lives. If you fall for the empty promises of, ‘it’ll take less time to fill out this form!’ you deserve to have your data nicked.
If you want your data to be ‘safe’, tell the government nothing.
If the government wants its people to be safe, it should resist any and all demands from international bureaucracies and lobbying groups to access the private data of their citizens, because that is what’s happening.
Digital Identity is not being done for ‘safety’ or ‘trust’ but rather money and power. Our private data, which is collected either covertly or by law, is being turned into commercial leverage for global Big Tech. They intend to make a fortune creating global control systems for the worst individuals – and we’re helping them, herded like cattle into the yard because the press are shouting ‘Hackers! Hackers! Hackers!’ at us from their headlines.