Binance KYC fiasco shows again that personal data is not private
I was at it again yesterday.
I had to drive across town to give ID documentation to a law firm I'm instructing. They took my documentation, photocopied it and filed it somewhere in their back office. Great... yet another company I need to trust with my 'personal' data.
Yet I understand that, as with numerous other entities, the law firm in question needed the ID to comply with regulations.
When we hear of data breaches, I think it is easy to forget that entities like Binance (or legal firms) don't want the headache of managing hundreds or thousands of people's personal data from across the globe. It is done, for the most part, to comply with local laws, to prove that businesses have done their due diligence and ultimately for business owners to avoid going to prison for facilitating possible criminal activity.
Yet in complying with the law, these businesses create another avenue through which our personal data can be compromised. Whenever we hand over our personal data, be it online or at a local bar wanting ID, we risk it falling into the wrong hands.
For me, it is obvious the ID system is clearly broken. Especially when people are required to take photos of themselves holding their passport and a piece of paper with the date on it as 'proof' of identification.
Then repeat this process or similar processes, for various other online services they interact with. We live in an age where people can manipulate words spoken on video. Manipulating photos of someone waving a document and scrap paper would appear to be child's play.
I find it ironic. We are warned to treat 'everything they do online as public'. Yet we are often required to upload our ID documents online and expected to be outraged when personal data input online is compromised.
To my mind, my ID documents are not private. They are public documents, issued by public bodies. We are then required to expose these documents over and over again, online and offline. This is the antithesis of private information.
In and of itself, I do not have a problem with ID documents being de fact public. We live in a world where it is the norm to get 'tagged' in photos on a weekly basis.
The problem arises when an entity relies on an ID document as if it was private.
Hardcopy ID documents can be forged. Softcopy ID documents can be hacked. The question becomes what additional steps can be taken to verify someone is who they say they are. Ultimately the problem is less about criminals getting hold of ID documents but an over-reliance of ID documents alone in some quarters.
For example in the Crypto space, if an Exchange is relying on your ID documents before allowing you to withdraw fiat to a Bank Account of exacting the same name and having done some additional checks such as the original source of funds etc; then I can understand ID documents being part of the puzzle. However, if an Exchange wants your ID documents before upping your BTC daily withdrawal limit from 2 BTC to 100 BTC then, for me this is an academic exercise.
Ultimately I don't have the answers. However, we are kidding ourselves if we believe our ID documentation is not vulnerable, almost from the moment it is issued. The question is, knowing that fact, what measures can we take to protect ourselves from misuse of our ID?
Image by Gerd Altmann from Pixabay
Hi Nanzo
Interesting post with an interesting reveal. I think it’s understandable that if companies are forced by governments to collect data on customers that they don’t need and can’t use to make money, then we can’t really expect them to spend much money storing that data and minimal spending for its protection. The data is just a source of negative cash flow for the company. From this perspective it’s a wonder that data breaches don’t occur more often...or do they?
Shortsegments
just stop using centralized legacy products. start by using a DEX and P2P
Another day another data breach, I think one of main parts of this problem is the ID companies are centralised monopolies that haven't upgraded their tech.
Providing a photo ID to an entity your never going to meet seems nonsensical in the age of deep fakes.
"The problem arises when an entity relies on an ID document as if it was private." -- YESSS. And more generally, the problem arises when an entity relies on any piece of information as if it was private, because as soon as you share it, it no longer is!
The regulators are slowly squeezing the life out of crypto and it's crazy that people are looking forward to yet more "regulation"...
Crrrrazyyyy
Posted using Partiko iOS
I am not be surprised that who perpetuated it was an insider and just wanted to sell the information. Well it is hard to trust these companies but due to the need of some people to use them they have no choice @nanzo-scoop
To listen to the audio version of this article click on the play image.
Brought to you by @tts. If you find it useful please consider upvoting this reply.