Open Source Identity
An article I wrote on 25 Nov 2018
Data breaches. By the time you finish reading this article, over 19,280 sensitive records will be lost or stolen worldwide.(1) Former CEO of CISCO, John Chambers, once said: “There are two types of companies: those that have been hacked, and those who don’t know they have been hacked.” Since the inception of the internet and implementation of databases to store data, billions of sensitive records have been stolen. Usernames and passwords, encryption, and proper training of employees cannot protect a network from a data breach. Given enough time and resources, elite hackers can compromise all digital security measures.
A company can do everything right and still have a breach. Why? Because of how the industry “protects” information. The majority of networks have not been designed to eliminate insider threat for a multitude of reasons. First, the cost of designing a network to combat an insider threat is substantial and most companies do not have the capital to do it right. Next, most companies do not have the technical knowledge to understand the risks associated with having a single employee hold the keys to the kingdom, or sensitive information and intellectual property.
In this article, I am going to explain the future of protecting the worlds most sensitive information. It’s called Open Source Identity.
Open Source identity means just because you have my sensitive information, doesn’t mean you can use it. Think about how we create accounts. We visit a website like abcexample.com, we fill out a form and submit our personally identifiable information(PII). It doesn’t matter if its just your name and email address. Those pieces of information can be used to find other pieces of your identity on the dark web like your social security number and address. The other issue is the company does not know who is filling out the form online. They do not know if it is a hacker using your stolen information or if you are actually the one filling out the form. Therefore, fake accounts can be created and identities stolen.
I propose we change how personally identifiable information(PII) is used online. Most industry experts will agree centralized data is the biggest problem facing information security on the web. The issue is we cannot force companies to segregate their databases. It’s far too costly and most companies do not have the personnel or knowledge to do this correctly. The solution to identity theft is a technology I have developed called Anonymous Identifiable Data United States (AIDUS™). AIDUS™ is patterned after the US Department of Defense Special Access Program(SAP). This is the same type of program that protects the locations of nuclear submarines and the identities of spies in the CIA.
In 2017, my identity was stolen in the Equifax Data Breach.(2) Every piece of my PII was compromised. As you may or may not know, I was not the only one. I share the boat with 143 million other Americans. We must take away the need for corporations to store PII. In order to accomplish this citizens must be in control of their identities. There should only be 1 source for a person’s identity; the individual themselves, rather than a data brothel. The citizen needs to be in control of who has access to their identity.
I have been working on a solution that will take human identity and make it a singularity on the internet. A single point of reference in all matters of digital identification. Under my proposed system, companies will no longer have to store our most sensitive information on their servers. Political parties will no longer be able to use a dead citizen’s information to cast a vote in their parties favor. When a person dies, their identity with them; no new accounts would be able to be created using a dead citizen’s identity.
The only way Open Source Identity can work is if society accepts it as a valid solution. I took a physical process in the Department of Defense and made it digital. If SAP is good enough to protect Top Secret information, why not a person's identity? The truth is, it is good enough.
This is what a world with Mass Address™ looks like. Each citizen creates a Mass Address™ Profile(MAP) on the Mass Address™ Network (MAN). The MAN contains 1 server for each piece of a person’s identity. This means an identity is not only physically but also logically separated. The MAN turns a person’s identity into a firewall. Access to that person’s identity is made by making an Exception, which is approved or denied by the citizen.
No one at Mass Address™ can access an individual’s identity because each server is maintained by 1 administrator. The Mass Address™ API links a citizen's digital accounts worldwide to their MAP. This gives the citizen control over who has access to their identity. Please understand, your identity is more than just a Name, Social Security Number, and Date of Birth. Additionally, it is comprised of your billing and physical address and many more bits of information.
One of the great features of Mass Address™ is if you decide to delete one of your online accounts, you can see whether or not the account has actually been deleted using your MAP, where it should disappear from. Companies will no longer be able to lie about deleting accounts. Mass Address™ will be free for businesses and government agencies. There will be absolutely no cost to link their databases to the Mass Address™ Global Interface(MAGI).
Cost is the number 1 barrier to implementing this solution on the enterprise level. This is why I made sure it comes at no cost to businesses or government agencies. Our revenue will be derived from citizens and businesses who create a MAP. The cost to create a MAP will be $5.00. The cost to change any of your personally identifiable information will be $5.00. This means if you set up your MAP and never need to change your PII, you will not need to pay a cent ever again.
Since the day I proposed Mass Address™ as a solution, many people have expressed fears of having all of their information in one place. I am here to put those fears to rest. The easiest way for you to understand how your information is protected is using this example. Imagine walking up to a complete stranger and handing them an envelope. Inside this envelope is every piece of sensitive information about you. You tell this stranger that they need to protect this information. Then you walk away. Does that sound very safe? This is exactly what happens every day online. Countless people do exactly that. They save their most sensitive information on 1 database. Later, thieves steal that envelope from the stranger and now the thieves have all your information.
Now I will use the same example using Mass Address™. This time you approach 25 different strangers with 25 different envelopes. Inside of these envelopes is 1 piece of your identity. None of these strangers know each other and none of them understand what the information pertains to inside the envelope. This means even if a thief were to steal that envelope from the stranger you gave it too, your identity cannot be compromised. You need a minimum of 2 pieces of information to compromise an identity. The Mass Address™ Global Interface only stores 1 piece per server.
In closing, I want to leave you with a few words. Many people have told me what I am trying to do is simply not feasible. Elon Musk once said, “When something is important enough, you do it even if the odds are not in your favor.”(3)
Edward W. Hood is the founder and CEO of Mass Address™, Inc