Bluink Blog

eID-Me Security, Privacy, and Skepticism

Posted by Alex Longval · 572 words

 

How secure is eID-Me? How is your information protected? How does skepticism affect eID-Me?

 

Security and privacy are at the core of eID-Me. It’s not an afterthought. It goes into every process, feature, and decision.

 

That’s because eID-Me holds sensitive identity information that proves who we are (name, address, age, etc.) to give us access to government, financial, health care, and other ID-enabled services.

 

Some people are skeptical about eID-Me.

 

That’s why we try to be as transparent as possible in communicating how eID-Me handles your information. It is—after all—your information. It’s your right to know how it’s handled. It’s your right to control it. And we’ve got nothing to hide.

 

In fact, we created eID-Me because we are skeptical. We are skeptical of the current identity system: ID cards, plaintext identity information, passwords, and online identity databases, which centralize sensitive information, creating huge targets for hackers.

 

We are frustrated by the current identity system’s vulnerabilities and seemingly weekly data breaches. Like many of you, we dislike long privacy policy statements full of hidden clauses and legalese, we’re suspicious of email links, and we want control of our identity information.

 

Skepticism is necessary.

 

It pushes us to build something secure that helps solve real problems. It pushes us to be transparent. It motivates us to build something better, something that will pass the skeptic’s test.

 

eID-Me identity verification and digital identity solves the problems of our current identity system.

 

eID-Me doesn’t create a centralized online database of identity information. eID-Me decentralizes information with each individual user offline on their phone. I have my information on my phone and you have your information on your phone.

 

Lost your phone? No problem. Your eID-Me information is encrypted in the eID-Me app, which is locked by your phone’s secure authentication (e.g., Touch ID). From your computer, you can find your phone or remotely wipe your phone’s data if necessary. The same can’t be said for your driver’s licence if you lose your wallet.

 

When you buy wine at the LCBO, you don’t need to hand over your driver’s licence that reveals your name, address, and driver’s licence number. You can use eID-Me to share just your age—just what’s needed, nothing more.

 

When you want to view your tax return online, you don’t need to reset your forgotten password and wait two weeks to receive a temporary password in the mail. You can use eID-Me to sign on password-free. Simply enter your eID on the website and approve the sign-on request that gets pushed to your phone. No more centralized database of passwords for hackers to target.

 

So how secure is eID-Me? I think the examples above answer that question. (Very secure.)

 

October is Cybersecurity Awareness Month. In celebration of that, I’d like to propose a toast to the skeptics, to better security, and to taking control of our digital identity.

 

Here’s some more information on eID-Me security and privacy:

Our eID-Me Beta launches soon. Join our eID-Me Members groups for an invitation to participate: https://eid-me.com/join

 

P.S. Do people propose toasts online?

 

 

Related:

Questions and Conclusions from the Capital One Data Breach