Government IDs, are becoming hacker targets with bad actors aware of the high volume of sensitive data

Auto-generated description: A person, wearing glasses, is focused on a tablet with two monitors in the background.

I spent a lot of Friday working through the ramifications of the UK’s Online Safety Act (OSA) for a client. Although I’m sure the OSA wasn’t designed as such, it’s likely to have a chilling effect on free speech as it places so much of a burden on those running community platforms.

As a result, I should imagine that, instead of using Open Source software and creating a bespoke environment, many groups will end up using platforms provided by larger tech companies. This means their users will be subject to whatever age verification process that the tech company has chosen.

In the case of Discord, which is used by many communities, that means biometric details. It’s pretty bad that a hack has meant the leak of these details. Of course, the best thing is not to store these centrally in the first place.

Critics will assume that this is another reason not to push ahead with digital ID. But, actually, the opposite is true. Legislation such as the OSA means that providers have to implement solutions that store copies of things like passport details. With government-provided digital IDs, it’s actually the identifier that is held centrally: the biometrics stay on your device.

Some countries, including the UK, require social media and messaging providers to carry out age checks to ensure child safety. In the UK this has been the case since July under the Online Safety Act. Cybersecurity experts have warned of a risk that some providers of such checks, which can require government IDs, are becoming hacker targets with bad actors aware of the high volume of sensitive data.

“Recently, we discovered an incident where an unauthorised party compromised one of Discord’s third-party customer service providers,” Discord said in a statement. “The unauthorised party then gained access to information from a limited number of users who had contacted Discord through our customer support and/or trust and safety teams … Of the accounts impacted globally, we have identified approximately 70,000 users that may have had government ID photos exposed, which our vendor used to review age-related appeals.”

Source: The Guardian

Image: Evgeniy Alyoshin