It was with some amazement that the U.S. Senate discovered that Equifax, the consumer credit firm that essentially gave its entire database away to cybercriminals in July, exposing almost all adult Americans to identity theft in perpetuity, was awarded a taxpayer identity contract by the Internal Revenue Service. The public uproar was immediate, and comedians off all stripes gleefully accepted the windfall in new material.
In the IRS’ defense, it is likely that the requests for proposal for the contract was released some time before the Equifax breach, and that certain technical expertise would be required for the contract winner that is not necessarily indicative of a company that negligently guarded its consumer data. It is also true that federal systems divisions of companies are often thought of as separate from the commercial operations.
But given the recent furor, the optics of letting a contract to Equifax strikes me as exceedingly ridiculous. In fact there is an argument that Equifax, rather than winning new contracts from anybody, should be placed immediately under administrative control by the courts for eventual closure and liquidation. After all, once Equifax gave away its intellectual property for free, whether intentional or not, what value does the company have to anybody?
There is also an argument that is making its rounds that the era of using the Social Security number as an identification number for consumer credit, employment checks, insurance records, and virtually any other kind of public record, be brought to an end. This would mean that Equifax and its competitors would need to reinvent themselves through the use of identity co-operatives centered around pools of identification codes assigned to consumers for different purposes. After all, what is the point of relational databases if consumer credit companies can’t use them for diversification of identity records?
Things clearly need to change in identity technology, and Equifax is unlikely to be a leader given its cavalier balance between profits and security. Lets hope somebody else steps up.
10/16/17 update: the IRS-Equifax contract was suspended, although this had the undesirable effect of putting that particular online taxpayer service out of action. Or perhaps that was for the best.