The 8th General Order of a Sentry is to “Give the alarm in case of fire or disorder.” and as professionals it is incumbent on us to point out the herd of elephants in our midst.
If you are indeed a security professional, with the latest round of breaches, chances are high that virtually ALL of the information that currently comprises your “identity” is now a form of public record, worse than that, it is now in the hands of an organized criminal element and to make matters even worse yet, though reckless, Snowden revealed programs that exist and in turn similar programs likely also exist inside practically every other sovereign country spreading copies of your data amongst other nation states obviously including our adversaries.
It’s no longer an assumption now that the pilfered data not only included name, address and phone numbers, family metadata, psychographic and demographic but also photographic and fingerprint imaging all of which are surface or derived morphological biometrics and verified meta information which can now be combined to such a degree as to cause most credential issuance systems to be compromised and to make matters worse the credential recovery process typically utilizes the formerly assumed opaqueness of such information (last four of your social security number etc.) in combination to offset risk in re-issuance as a means of compensating controls.
Oh and when you read about all the latest breaches remember this… they didn’t just steal your passwords, they’re stealing all your secret questions and your secret answers… Just imagine trying to adjudicate individuals given this. Not kind thoughts, indeed disturbing and perhaps inflammatory, but reality is not always pleasant to contemplate.
Given what’s at stake from a personal, family, governmental and national defense perspective, I firmly believe that the time is now to establish a new identity beachhead with non-invasive multi-factor ultrasonic biometrics as the tip of the spear and back the system up with the full force of law and our military as the defender. Now more than ever the citizens of the United States need a protected sovereign trusted system that provides individuals an ability to regain a modicum of control over what is left.
We can provide a least trust biometric enrollment platform that can collect and safely store new non-traditional biometric data and that can indeed begin to act as the equivalent of a private key to achieve an objective of starting the process to secure a virtual beachhead of sanctity and then slowly expand the trust with processes that can reclaim the total security perimeter of ones identity one physical access, one logical access, one transaction, one day at a time.
By embarking on such a hybrid commercial / governmental / military approach and subsequently backing it with law enforcement, government and full counter counter measures, we can provide a solution set that, like the Bill of Rights, would serve to bolster the defense of our liberties and defend our way of life without sacrificing our privacy.
In fact, done right, we’d get it all back and then some.