Should We Be Allowed to Get New Identity/Account Numbers (Such as Drivers License)

PopCounty on 26/09/2022 - 13:57
Last edited 26/09/2022 - 15:43 by 1 other user

Looking at recent OPTUS data breach, the level of details stolen is enough for scammers to assume one’s identity.
While this is scary, it becomes worse considering some of IDs can’t be changed. Which means the real danger of ID theft is permanent and not contained.
In case of data breach such as Optus, consider this:

  • Passport No.: Can be changed. As one can simply get new one issued with different no. ✅
  • Medicare: Can’t be changed. As replacing only gets last digit incremented by 1. ❌
  • Drivers License: This can’t be changed. And has potential to be misused prolonged. ❌

So shouldn’t we be allowed to get new ID document altogether should we want one.

What I can think of:
- Allow change of ID request only to be valid by cases such as Optus breach. And as recommended by Govt. Cybersecurity Experts.
- The fees to be completely paid by applicant. There should be law which should mandate that this can then be claimed against their breaching company.
- To fast track many applications, the applicant should visit authorities (say Vic roads for DL) in person.
- The authorities validate identity of person and just amend application to change ID.

So, should we be allowed to get new IDs?

Poll Options

  • 161
    Yes
  • 13
    No
  • 15
    I don’t care.
General Discussion

Comments

  • askbargain on 26/09/2022 - 14:00
    -1

    doesn't the expiry change

    • PopCounty on 26/09/2022 - 14:02
      +5

      Yup. But considering License renewal is for (I guess) either one, three or ten years. Seems this is obvious.

      • askbargain on 26/09/2022 - 14:02
        -1

        what is so obvious?

        • PopCounty on 26/09/2022 - 14:03

          The expiry dates.

          • askbargain on 26/09/2022 - 14:04
            -1

            @PopCounty: do you know what month my expiry date is?

            • PopCounty on 26/09/2022 - 14:06
              +4

              @askbargain: Only if I have the breached data.

              • SlartiBartFozz on 27/09/2022 - 18:39

                @PopCounty: I don't believe any expiry dates were in the released data.

                • c64 on 27/09/2022 - 20:23

                  @SlartiBartFozz: yeah, there are expiry dates for the id

                  • cerealJay on 30/09/2022 - 16:13

                    @c64:

                    yeah, there are expiry dates for the id

                    Yikes, you are correct. So not just drivers license/passport number but also expiry date, damn it.

          • garetz on 26/09/2022 - 17:20
            -1

            @PopCounty: Not to stupid people.

      • BewareOfThe Dog on 27/09/2022 - 09:25

        Or 5?

    • AngoraFish on 26/09/2022 - 14:47

      Just add a year or two or three to the existing date you already have from the hack. The month doesn't change. Simples.

      • askbargain on 26/09/2022 - 15:02

        wouldn't it expire on september if i change it now? or october if i change it the next month?

        • AngoraFish on 26/09/2022 - 21:15

          Not normally. For nearly every card I have ever had to replace, including credit cards, drivers licenses, etc. the new card keeps the original expiry date, even if it's only a few months off.

    • MrThing on 26/09/2022 - 20:03

      A lot of credit cards i apply for these days dont just ask for license number, but also card number which does change, as well as expiry date

      So if you have these 2 bits of data which do change, having just 1 number which doesnt, its not really a biggy re drivers licenses

  • Xistn on 26/09/2022 - 14:01
    +4

    SlavOz new account?

    • PopCounty on 26/09/2022 - 14:02

      😂
      Definitely NOT.

      • coffeeinmyveins on 26/09/2022 - 14:09
        +2

        If this was bolded I would have sworn you were JV

    • [Deactivated] on 26/09/2022 - 16:27
      +1

      you can tell it's not because the post is about a real issue

      • [Deactivated] on 26/09/2022 - 20:45

        pot calling the kettle black?

        • [Deactivated] on 27/09/2022 - 14:14
          -1

          oh hey, aren't you the person who says being a waiter isn't a "real job" and waiters don't deserve a wage to live off?

          • [Deactivated] on 27/09/2022 - 14:56

            @[Deactivated]: nope, i said it's not a career.

            • [Deactivated] on 27/09/2022 - 15:57

              @[Deactivated]: If they want better pay, they should look for a better job. Waiting is a side job, a job for those in schooling or training, or for those who already have a main job and just want to earn some extra money in their downtime

              so by saying this, you in no way insinuated that waiting isn't a "real job" and that waiters shouldn't earn a livable wage? what did you mean when you said that then?

              • [Deactivated] on 27/09/2022 - 16:03
                +1

                @[Deactivated]: would you please quote the section where i said it isn't a real job? i'll be waiting.

                here is an example of such a statement, in case you are still confused:

                being a politician isn't a real job.

              • Gervais fanboy on 27/09/2022 - 16:03
                +1

                @[Deactivated]: Well, I just read what you have referenced and I mean it’s quite straightforward, isn’t it ?
                Waiting as a profession generally can’t be your main job if you also have aspirations to buy a home, comfortable living etc

                In your idealistic Socialist economy, I am sure waiters/waitresses should own properties and drive nice cars etc
                But in a free market, it’s not possible.
                Even as a kid I knew what professions paid more than the others. It’s weird as a grownup to be having these discussions.

                • [Deactivated] on 27/09/2022 - 16:05
                  +1

                  @Gervais fanboy: "you should be able to afford a house and 3 kids on a maccas wage"

                  -Cultural NeoMarxist, probably

                  • Gervais fanboy on 27/09/2022 - 16:10
                    -1

                    @[Deactivated]: lol but he means well, I can tell.
                    And often people with nice intentions try to replace well meaning ideas over actual reality.

                    Btw lowkey, he gives me the AOC vibes,

                    • [Deactivated] on 28/09/2022 - 17:57
                      +1

                      @Gervais fanboy: the road to hell is paved with good intentions

                      • Gervais fanboy on 28/09/2022 - 18:08
                        +1

                        @[Deactivated]: I know and I agree with you but even the people that we fundamentally disagree with, I feel we should still try to understand where they are coming from and relate with them as much as sanely possible…
                        We the middle class, don’t stand a change against the establishment unless the majority of us can agree on key issues.

                        I too wanted a socialist economy when I was 16-18, so I can relate with our good mate here.

                  • [Deactivated] on 27/09/2022 - 16:47

                    @[Deactivated]: you could swap "main job" with "real job" and the intention of your comment would be the same.

                    so you don't believe that waiters who work full time should be able to afford a home - or even have a living wage for that matter - because they're waiters?

                    • [Deactivated] on 27/09/2022 - 21:50

                      @[Deactivated]: I'm still waiting for the part where I said it wasn't a real job.

  • askbargain on 26/09/2022 - 14:05

    https://www.digitalid.com/

    it's almost as if we have the technology to do things, but companies don't care about customers

  • SnowDragon on 26/09/2022 - 14:22
    +2

    Bring back the Australia Card

    • AngoraFish on 26/09/2022 - 14:53
      +1

      It is interesting that the biggest frustration that a lot of tech privacy people interviewed on the radio seem to have is that Australia lacks a universal ID number, making MyGov inefficient, clunky and not user friendly. That 180 degree turn around gives me whiplash every time.

      • skid on 26/09/2022 - 16:46

        Time changes everything.

      • Clear on 26/09/2022 - 19:31

        Australia lacks a universal ID number,

        There's already the Medicare Health Identifier used for various services, like enabling a doctor to ePrescribe a script to you. Why not use that?

        • BewareOfThe Dog on 27/09/2022 - 09:26

          Or CRN or TFN?

          • Clear on 27/09/2022 - 09:27

            @BewareOfThe Dog: Yeah or the TFN. Similar to the US social security number. There's so many unique identifiers used by various government services we all forget about.

        • SlartiBartFozz on 27/09/2022 - 18:45

          Medicare cards are a very low security option, don't include any biometrics such as photo, aren't unique to the individual (one card no. per household), the card details can be easily generated without any way to verify them, and the details never change - if your card gets lost or stolen they must add a version number to the end.

          • Clear on 27/09/2022 - 20:26

            @SlartiBartFozz: I wasn't referring to the Medicare card number. Rather the Health Identifier which is different and the everyday person can't retrieve other people's number even if they have your card. The usual way to access other people's IHI is through HPOS via a health organisation PRODA account (PKI certs no longer issued as of Aug 22) or through clinical software which requires an organisation PRODA account to be linked via Medicare Web Services.

            Certainly more ways they could secure it, such as a photo as you suggest however.

  • Tee Rex Arms on 26/09/2022 - 14:46
    -2

    So much of our data is probably being breached in a million other ways that we don’t hear about. Who cares

    • PopCounty on 26/09/2022 - 15:02
      +3

      I personally share the same sentiments but not for collective data which is enough to assume identity.

      Secluded data, fine. Combined at once from single source, I have problem.

    • 7ekn00 on 26/09/2022 - 16:16
      +9

      You will when you get denied your next home loan / car loan / credit card cause you already have 7 due to driver license / passport leak ;)

      Other typical leaked data does not lead to the ability to apply for credit :/

      • [Deactivated] on 27/09/2022 - 09:05
        +2

        Other typical leaked data does not lead to the ability to apply for credit :/

        I beg to differ.

        A variation on name (eg nickname) and your mobile number is all that PayPal need to create an account in your name. Combine this with a stolen card or two and some payment reversals and the negative balance (ie money owing) will be sold to ARL. ARL then hound you for the “money you owe” that some guy in overseas has taken. Failure to respond to this can impact your credit rating.

        Source: happened to me.

    • AustriaBargain on 26/09/2022 - 16:29

      The banks might care, if it's costing them money.

    • c64 on 26/09/2022 - 17:18

      is that you kelly?

      this is about managing the fallout from such a breach

  • paranoidguy on 26/09/2022 - 15:14

    Is there any security the Card Number provides on NSW License? As the only number leaked was License Number but not the card number. I can't recall but I think for Credit Card or Loan appications the companies ask card number also for verification, otherwise the credit check can't be completed. I could be totally wrong.

    • Keplaffintech on 26/09/2022 - 15:28
      +3

      Only recently this has become required in some states (incl NSW) for credit checks: https://www.equifax.com.au/knowledge-hub/risk-solutions/faqs…

      So this is some positive news.

      • [Deactivated] on 26/09/2022 - 22:09

        boost requires the card number, as well as licence number, for new activations..

        • [Deactivated] on 27/09/2022 - 09:05

          Since when? Activated in August and I don’t recall it asking for this.

          • Keplaffintech on 27/09/2022 - 12:31

            @[Deactivated]: Mandatory from September 1. The link has all the details.

            • [Deactivated] on 27/09/2022 - 12:46

              @Keplaffintech: oh my bad, i thought that link was for loan applications, not phone numbers

  • c64 on 26/09/2022 - 17:17
    +6

    in the modern age of cryptography they should be supplying virtual drivers licences that can be revoked and reissued at a whim

  • garetz on 26/09/2022 - 17:23
    +2

    Considering how easy it is for your phone number to be illegally ported, and most secondary security measures are an sms to your mobile phone, they really need to introduce a digital security pass system requiring a key generator. If gaming companies can do it then so should governments.

    • BadGiraffe on 26/09/2022 - 17:48
      +2

      I use Microsoft's and Google's authenticator when I can… but that's on top of my mobile number which is something I can rely on as a backup. So if anyone ports my number, I'm screwed.

      This whole Optus thing is giving me a tiny bit of anxiety. It's already bad enough that a multitude of scammers have my number. I get scam calls and SMSes every other day now. And now that these guys can also get our birthdays, addresses and full names, that could easily impersonate anyone.

  • Banana3 on 26/09/2022 - 17:49
    +3

    I really believe that the real solution to this problem is when we are able to remove the need for this personal information, therefore making the use minimum or non existent. When that is the case, no one will want to hack to get such info, no one will need to spend millions trying to secure such info.

    I know this might be a long future ahead, but I think it's possible. A few years ago, software companies used serial numbers /keys to identify your ownership of a software. And they got pirated all the time. Now these are no longer used.

  • Ryk on 26/09/2022 - 17:53

    change your identity/name.

    • PopCounty on 26/09/2022 - 19:00
      +1

      That’s provision but AFTER fraud has happened and that fraud has been identified.
      Giving the ability to generate new ID is to possibly deter fraud.

  • Iluvfreebies-freeDel on 26/09/2022 - 18:12

    Wondering if people with unique names are more likely to be hacked?

  • bobbified on 26/09/2022 - 19:01

    If you change your licence to an interstate one, you can get a whole different licence and number. I'm not sure what happens if you change it back though - whether they give you a new number or if they give you back your old one. Anyone know? I moved interstate years ago and will be moving back (to NSW) soon.

  • [Deactivated] on 26/09/2022 - 20:42
    +1

    The fees to be completely paid by applicant.

    there shouldn't be a fee. we get nickel and dimed for everything by the bloody government, changing a few numbers shouldn't cost a cent.

    regardless, getting a stupid phone number should not require ID.

    • redfox1200 on 26/09/2022 - 20:58
      +1

      getting a phone number should certainly require an ID, then who ever calls you can be identified, rather than than letting all the scammers use / spoof hundreds of phone numbers, if there was an ID tied to each phone number the amount of scamming would decrease significantly

      • [Deactivated] on 26/09/2022 - 21:09
        +1

        then who ever calls you can be identified

        have you heard of the feature that allows you to hide your phone number when calling others? it's pretty standard..

        there is no problem with scamming, just don't answer numbers you don't recognise, i never do. if it's important, they leave a message, if they don't, it probably wasn't important.

        • haemolysis on 26/09/2022 - 21:35
          +1

          Hiding caller ID to the end user is not the same as not having a caller ID. It’s still visible to the telco.

          It’s a HUGE problem to not link that ID to an end users real ID. We should absolutely forbid anonymous telco accounts.

          • [Deactivated] on 26/09/2022 - 22:08
            +1

            @haemolysis:

            It’s a HUGE problem to not link that ID to an end users real ID

            why? the vast majority of scammers are operating in foreign call centres, the government know who they are, where they are, they just have no jurisdiction.

            We should absolutely forbid anonymous telco accounts.

            there still hasn't been a valid reason provided for this.

            • haemolysis on 26/09/2022 - 22:18

              @[Deactivated]: Yes, well, it’s certainly a shame that foreign governments aren’t taking it seriously and cracking down- but they could do so if they wanted, or in the event of a more serious non-petty crime. However, if the line was anonymous they couldn’t act even if they wanted to, they’d be 100% powerless.

              There’s no social benefit to opening up avenues of crime on a national service that’s pipes into all of our homes and businesses.

              There’s no valid reason TO allow anonymisation.

              • [Deactivated] on 26/09/2022 - 22:29

                @haemolysis:

                There’s no social benefit to opening up avenues of crime on a national service that’s pipes into all of our homes and businesses.

                There is, incidents like this would not be possible in the future, the fact of the matter is, data privacy is a never ending war and there are always going to be slip ups.

                However, if the line was anonymous they couldn’t act even if they wanted to, they’d be 100% powerless.

                not true, they are still able to see the location of calls

                There’s no valid reason TO allow anonymisation.

                this is incorrect, easily proven by the optus breach. your private data is not secure.

    • PopCounty on 26/09/2022 - 22:45
      +2

      The fees to be completely paid by applicant. There should be law which should mandate that this can then be claimed against their breaching company.

      So basically the Govt. is motivated enough to continue functioning. And the payment to be done by the company (e.g. Optus). It seems right thing to do. Isn’t it?

      • [Deactivated] on 26/09/2022 - 22:53

        their motivation should be the protection of their citizens, if that isn't enough, their fear of being voted out if they don't.

        optus will just pass on the fees to us, through price increases, like everyone else does.

        • PopCounty on 26/09/2022 - 23:02
          +2

          Good insight. Though, In that case, the data holding should be regulated and be contained within Govt. boundaries.

          Consider Optus causing this nuisance without any repercussions. And Govt. (Employees) taking hit without any bonuses.

          Optus increasing prices may mean less business for them. Contrary, Govt. may use money on social services.

        • Quantumcat on 27/09/2022 - 06:45
          +2

          optus will just pass on the fees to us, through price increases, like everyone else does.

          That's good. Other telcos did not have these fines and can operate more cheaply. Optus will lose market share like they deserve.

          • [Deactivated] on 27/09/2022 - 14:03

            @Quantumcat:

            That's good. Other telcos did not have these fines and can operate more cheaply. Optus will lose market share like they deserve.

            the other telcos will raise their prices accordingly, just under optus.

  • haemolysis on 26/09/2022 - 21:31
    +4

    The entire identity and authentication industry needs a serious shake up, and to be built entirely the ground up. It’s so systemically broken and lacking in features it’s honestly insane.

    To think we are heading into a world facing nuclear war threats and we don’t even have basic digital protection is honestly scary. Digital attacks are going to be the worlds next battlefront.

    And frankly - this should be a regulated industry with licence subject to audit. I’m not much of a government red tape fan, but organisations CONTINUALLY prove to be unfit to manage data security. I mean, a telco failing is catastrophic… telcos are our ‘de facto’ identify authentication service. They are used more routinely than government with SMS 2FA. They should be treated not only with stringency, but the highest possible stringency.

  • [Deactivated] on 27/09/2022 - 08:40
    +1

    Drivers License: This can’t be changed. And has potential to be misused prolonged.

    False. At very least NSW provides capability to do this. They charge you a reissue fee (after acceptance, ie second time you go in with a letter from their fraud team), ~$30 iirc.

    Source: did it myself. It’s a sh** process: you apply in Service NSW, bring in evidence of breach, someone assesses and gets back to you in 6-10 weeks. Given numbers in the Optarse breach, might be 6-10 months now…

    • Sleeqb7 on 27/09/2022 - 10:26

      Well that's all well and good for NSW, but when the breach is larger than literally the whole state's population, maybe it's worth considering other populous states;
      In QLD and Victoria, at this stage you can't change the number UNTIL YOU ARE THE VICTIM OF IDENTITY THEFT.
      In WA, you can't change it at all, weirdly.

      • Gervais fanboy on 27/09/2022 - 11:59

        UNTIL YOU ARE THE VICTIM OF IDENTITY THEFT.

        I have been going through forums this morning to find out if there’s an alternative to this…
        Surely, there has to be another way.

  • 87percent on 27/09/2022 - 11:01

    when applying for the free credit score, what information do they require to verify your identity? is it 100 points of ID?

  • Commonwealth Pig on 27/09/2022 - 15:01
    +1

    I really think it's time we came up with better ways of identifying people than using static (non-changing) numbers such as Drivers Licence or Passport.

    I'm not sure what the answer is, but using documents from before the internet age doesn't seem to be working out.

  • morse on 27/09/2022 - 20:37
    +1

    Well in Queensland at least, it looks like we can https://www.abc.net.au/news/2022-09-27/qld-free-licences-for…

    I am an Optus customer, not sure if my deets have been leaked but will probably do the change anyway, no harm in doing so.

    • PopCounty on 27/09/2022 - 20:43
      +1

      Wow. QLD has really led the way. This is really a welcome initiative. Thanks for the info 👍

Login or Join to leave a comment
Login Join