Should We Be Allowed to Get New Identity/Account Numbers (Such as Drivers License)

Looking at recent OPTUS data breach, the level of details stolen is enough for scammers to assume one’s identity.
While this is scary, it becomes worse considering some of IDs can’t be changed. Which means the real danger of ID theft is permanent and not contained.
In case of data breach such as Optus, consider this:

  • Passport No.: Can be changed. As one can simply get new one issued with different no. ✅
  • Medicare: Can’t be changed. As replacing only gets last digit incremented by 1. ❌
  • Drivers License: This can’t be changed. And has potential to be misused prolonged. ❌

So shouldn’t we be allowed to get new ID document altogether should we want one.

What I can think of:
- Allow change of ID request only to be valid by cases such as Optus breach. And as recommended by Govt. Cybersecurity Experts.
- The fees to be completely paid by applicant. There should be law which should mandate that this can then be claimed against their breaching company.
- To fast track many applications, the applicant should visit authorities (say Vic roads for DL) in person.
- The authorities validate identity of person and just amend application to change ID.

So, should we be allowed to get new IDs?

Poll Options

  • 161
    Yes
  • 13
    No
  • 15
    I don’t care.

Comments

  • -1

    doesn't the expiry change

    • +5

      Yup. But considering License renewal is for (I guess) either one, three or ten years. Seems this is obvious.

    • Just add a year or two or three to the existing date you already have from the hack. The month doesn't change. Simples.

      • wouldn't it expire on september if i change it now? or october if i change it the next month?

        • Not normally. For nearly every card I have ever had to replace, including credit cards, drivers licenses, etc. the new card keeps the original expiry date, even if it's only a few months off.

    • A lot of credit cards i apply for these days dont just ask for license number, but also card number which does change, as well as expiry date

      So if you have these 2 bits of data which do change, having just 1 number which doesnt, its not really a biggy re drivers licenses

  • +4

    SlavOz new account?

    • 😂
      Definitely NOT.

      • +2

        If this was bolded I would have sworn you were JV

    • +1

      you can tell it's not because the post is about a real issue

      • pot calling the kettle black?

        • -1

          oh hey, aren't you the person who says being a waiter isn't a "real job" and waiters don't deserve a wage to live off?

          • @[Deactivated]: nope, i said it's not a career.

            • @[Deactivated]: If they want better pay, they should look for a better job. Waiting is a side job, a job for those in schooling or training, or for those who already have a main job and just want to earn some extra money in their downtime

              so by saying this, you in no way insinuated that waiting isn't a "real job" and that waiters shouldn't earn a livable wage? what did you mean when you said that then?

              • +1

                @[Deactivated]: would you please quote the section where i said it isn't a real job? i'll be waiting.

                here is an example of such a statement, in case you are still confused:

                being a politician isn't a real job.

              • +1

                @[Deactivated]: Well, I just read what you have referenced and I mean it’s quite straightforward, isn’t it ?
                Waiting as a profession generally can’t be your main job if you also have aspirations to buy a home, comfortable living etc

                In your idealistic Socialist economy, I am sure waiters/waitresses should own properties and drive nice cars etc
                But in a free market, it’s not possible.
                Even as a kid I knew what professions paid more than the others. It’s weird as a grownup to be having these discussions.

                • +1

                  @Gervais fanboy: "you should be able to afford a house and 3 kids on a maccas wage"

                  -Cultural NeoMarxist, probably

                  • -1

                    @[Deactivated]: lol but he means well, I can tell.
                    And often people with nice intentions try to replace well meaning ideas over actual reality.

                    Btw lowkey, he gives me the AOC vibes,

                    • +1

                      @Gervais fanboy: the road to hell is paved with good intentions

                      • +1

                        @[Deactivated]: I know and I agree with you but even the people that we fundamentally disagree with, I feel we should still try to understand where they are coming from and relate with them as much as sanely possible…
                        We the middle class, don’t stand a change against the establishment unless the majority of us can agree on key issues.

                        I too wanted a socialist economy when I was 16-18, so I can relate with our good mate here.

                  • @[Deactivated]: you could swap "main job" with "real job" and the intention of your comment would be the same.

                    so you don't believe that waiters who work full time should be able to afford a home - or even have a living wage for that matter - because they're waiters?

                    • @[Deactivated]: I'm still waiting for the part where I said it wasn't a real job.

  • https://www.digitalid.com/

    it's almost as if we have the technology to do things, but companies don't care about customers

  • +2

    Bring back the Australia Card

    • +1

      It is interesting that the biggest frustration that a lot of tech privacy people interviewed on the radio seem to have is that Australia lacks a universal ID number, making MyGov inefficient, clunky and not user friendly. That 180 degree turn around gives me whiplash every time.

      • Time changes everything.

      • Australia lacks a universal ID number,

        There's already the Medicare Health Identifier used for various services, like enabling a doctor to ePrescribe a script to you. Why not use that?

        • Or CRN or TFN?

          • @BewareOfThe Dog: Yeah or the TFN. Similar to the US social security number. There's so many unique identifiers used by various government services we all forget about.

        • Medicare cards are a very low security option, don't include any biometrics such as photo, aren't unique to the individual (one card no. per household), the card details can be easily generated without any way to verify them, and the details never change - if your card gets lost or stolen they must add a version number to the end.

          • @Nickels n Dimes: I wasn't referring to the Medicare card number. Rather the Health Identifier which is different and the everyday person can't retrieve other people's number even if they have your card. The usual way to access other people's IHI is through HPOS via a health organisation PRODA account (PKI certs no longer issued as of Aug 22) or through clinical software which requires an organisation PRODA account to be linked via Medicare Web Services.

            Certainly more ways they could secure it, such as a photo as you suggest however.

  • -2

    So much of our data is probably being breached in a million other ways that we don’t hear about. Who cares

    • +3

      I personally share the same sentiments but not for collective data which is enough to assume identity.

      Secluded data, fine. Combined at once from single source, I have problem.

    • +9

      You will when you get denied your next home loan / car loan / credit card cause you already have 7 due to driver license / passport leak ;)

      Other typical leaked data does not lead to the ability to apply for credit :/

      • +2

        Other typical leaked data does not lead to the ability to apply for credit :/

        I beg to differ.

        A variation on name (eg nickname) and your mobile number is all that PayPal need to create an account in your name. Combine this with a stolen card or two and some payment reversals and the negative balance (ie money owing) will be sold to ARL. ARL then hound you for the “money you owe” that some guy in overseas has taken. Failure to respond to this can impact your credit rating.

        Source: happened to me.

    • The banks might care, if it's costing them money.

    • is that you kelly?

      this is about managing the fallout from such a breach

  • Is there any security the Card Number provides on NSW License? As the only number leaked was License Number but not the card number. I can't recall but I think for Credit Card or Loan appications the companies ask card number also for verification, otherwise the credit check can't be completed. I could be totally wrong.

    • +3

      Only recently this has become required in some states (incl NSW) for credit checks: https://www.equifax.com.au/knowledge-hub/risk-solutions/faqs…

      So this is some positive news.

      • boost requires the card number, as well as licence number, for new activations..

        • Since when? Activated in August and I don’t recall it asking for this.

          • @[Deactivated]: Mandatory from September 1. The link has all the details.

            • @Keplaffintech: oh my bad, i thought that link was for loan applications, not phone numbers

  • +6

    in the modern age of cryptography they should be supplying virtual drivers licences that can be revoked and reissued at a whim

  • +2

    Considering how easy it is for your phone number to be illegally ported, and most secondary security measures are an sms to your mobile phone, they really need to introduce a digital security pass system requiring a key generator. If gaming companies can do it then so should governments.

    • +2

      I use Microsoft's and Google's authenticator when I can… but that's on top of my mobile number which is something I can rely on as a backup. So if anyone ports my number, I'm screwed.

      This whole Optus thing is giving me a tiny bit of anxiety. It's already bad enough that a multitude of scammers have my number. I get scam calls and SMSes every other day now. And now that these guys can also get our birthdays, addresses and full names, that could easily impersonate anyone.

  • +3

    I really believe that the real solution to this problem is when we are able to remove the need for this personal information, therefore making the use minimum or non existent. When that is the case, no one will want to hack to get such info, no one will need to spend millions trying to secure such info.

    I know this might be a long future ahead, but I think it's possible. A few years ago, software companies used serial numbers /keys to identify your ownership of a software. And they got pirated all the time. Now these are no longer used.

  • change your identity/name.

    • +1

      That’s provision but AFTER fraud has happened and that fraud has been identified.
      Giving the ability to generate new ID is to possibly deter fraud.

  • Wondering if people with unique names are more likely to be hacked?

  • If you change your licence to an interstate one, you can get a whole different licence and number. I'm not sure what happens if you change it back though - whether they give you a new number or if they give you back your old one. Anyone know? I moved interstate years ago and will be moving back (to NSW) soon.

  • +1

    The fees to be completely paid by applicant.

    there shouldn't be a fee. we get nickel and dimed for everything by the bloody government, changing a few numbers shouldn't cost a cent.

    regardless, getting a stupid phone number should not require ID.

    • +1

      getting a phone number should certainly require an ID, then who ever calls you can be identified, rather than than letting all the scammers use / spoof hundreds of phone numbers, if there was an ID tied to each phone number the amount of scamming would decrease significantly

      • +1

        then who ever calls you can be identified

        have you heard of the feature that allows you to hide your phone number when calling others? it's pretty standard..

        there is no problem with scamming, just don't answer numbers you don't recognise, i never do. if it's important, they leave a message, if they don't, it probably wasn't important.

        • +1

          Hiding caller ID to the end user is not the same as not having a caller ID. It’s still visible to the telco.

          It’s a HUGE problem to not link that ID to an end users real ID. We should absolutely forbid anonymous telco accounts.

          • +1

            @haemolysis:

            It’s a HUGE problem to not link that ID to an end users real ID

            why? the vast majority of scammers are operating in foreign call centres, the government know who they are, where they are, they just have no jurisdiction.

            We should absolutely forbid anonymous telco accounts.

            there still hasn't been a valid reason provided for this.

            • @[Deactivated]: Yes, well, it’s certainly a shame that foreign governments aren’t taking it seriously and cracking down- but they could do so if they wanted, or in the event of a more serious non-petty crime. However, if the line was anonymous they couldn’t act even if they wanted to, they’d be 100% powerless.

              There’s no social benefit to opening up avenues of crime on a national service that’s pipes into all of our homes and businesses.

              There’s no valid reason TO allow anonymisation.

              • @haemolysis:

                There’s no social benefit to opening up avenues of crime on a national service that’s pipes into all of our homes and businesses.

                There is, incidents like this would not be possible in the future, the fact of the matter is, data privacy is a never ending war and there are always going to be slip ups.

                However, if the line was anonymous they couldn’t act even if they wanted to, they’d be 100% powerless.

                not true, they are still able to see the location of calls

                There’s no valid reason TO allow anonymisation.

                this is incorrect, easily proven by the optus breach. your private data is not secure.

    • +2

      The fees to be completely paid by applicant. There should be law which should mandate that this can then be claimed against their breaching company.

      So basically the Govt. is motivated enough to continue functioning. And the payment to be done by the company (e.g. Optus). It seems right thing to do. Isn’t it?

      • their motivation should be the protection of their citizens, if that isn't enough, their fear of being voted out if they don't.

        optus will just pass on the fees to us, through price increases, like everyone else does.

        • +2

          Good insight. Though, In that case, the data holding should be regulated and be contained within Govt. boundaries.

          Consider Optus causing this nuisance without any repercussions. And Govt. (Employees) taking hit without any bonuses.

          Optus increasing prices may mean less business for them. Contrary, Govt. may use money on social services.

        • +2

          optus will just pass on the fees to us, through price increases, like everyone else does.

          That's good. Other telcos did not have these fines and can operate more cheaply. Optus will lose market share like they deserve.

          • @Quantumcat:

            That's good. Other telcos did not have these fines and can operate more cheaply. Optus will lose market share like they deserve.

            the other telcos will raise their prices accordingly, just under optus.

  • +4

    The entire identity and authentication industry needs a serious shake up, and to be built entirely the ground up. It’s so systemically broken and lacking in features it’s honestly insane.

    To think we are heading into a world facing nuclear war threats and we don’t even have basic digital protection is honestly scary. Digital attacks are going to be the worlds next battlefront.

    And frankly - this should be a regulated industry with licence subject to audit. I’m not much of a government red tape fan, but organisations CONTINUALLY prove to be unfit to manage data security. I mean, a telco failing is catastrophic… telcos are our ‘de facto’ identify authentication service. They are used more routinely than government with SMS 2FA. They should be treated not only with stringency, but the highest possible stringency.

  • +1

    Drivers License: This can’t be changed. And has potential to be misused prolonged.

    False. At very least NSW provides capability to do this. They charge you a reissue fee (after acceptance, ie second time you go in with a letter from their fraud team), ~$30 iirc.

    Source: did it myself. It’s a sh** process: you apply in Service NSW, bring in evidence of breach, someone assesses and gets back to you in 6-10 weeks. Given numbers in the Optarse breach, might be 6-10 months now…

    • Well that's all well and good for NSW, but when the breach is larger than literally the whole state's population, maybe it's worth considering other populous states;
      In QLD and Victoria, at this stage you can't change the number UNTIL YOU ARE THE VICTIM OF IDENTITY THEFT.
      In WA, you can't change it at all, weirdly.

      • UNTIL YOU ARE THE VICTIM OF IDENTITY THEFT.

        I have been going through forums this morning to find out if there’s an alternative to this…
        Surely, there has to be another way.

  • when applying for the free credit score, what information do they require to verify your identity? is it 100 points of ID?

  • +1

    I really think it's time we came up with better ways of identifying people than using static (non-changing) numbers such as Drivers Licence or Passport.

    I'm not sure what the answer is, but using documents from before the internet age doesn't seem to be working out.

  • +1

    Well in Queensland at least, it looks like we can https://www.abc.net.au/news/2022-09-27/qld-free-licences-for…

    I am an Optus customer, not sure if my deets have been leaked but will probably do the change anyway, no harm in doing so.

    • +1

      Wow. QLD has really led the way. This is really a welcome initiative. Thanks for the info 👍

Login or Join to leave a comment