Recently, I saw a post by Bob Coleman which I wanted to discuss here. Now, what I’m about to tell you is from the perspective of an IT professional, and what this means. I tie this up into a nice package at the end about why you aren’t entirely wrong to reject this.
When you watch the video, all you can think about is the Canadian government a week ago basically seizing the bank accounts of peaceful protestors and this video puts a chill down your spine. It seems to be the next step towards the central bank digital currencies, or CBDCs.
Well, it is, to be quite honest. It is a necessary step, in my opinion to get a CDBC program going.
//Note: My background on this subject? Not going to spell it out here for the minders of the world who have downloaded my shit, taking a few minutes to dig around LinkedIn, you can find me. I have interviewed for CISO-level positions and run a large IT organization now in this field at a very, very, very large organization.
So – it is good to view videos like this with distrust and skepticism. Especially in light of what just happened with Trudeau. The end result of that though it seemed was a bank run and the banks calling Trudeau up bitching, which then had him removing the emergency powers. But the Rubicon has now been crossed.
However, AT FACE VALUE – THIS isn’t as evil as you would think it is. It COULD be – IF the government was doing it, and if they abused this. But how this is presented is as a FEDERATED solution with a bank. These are key aspects many of you did not hear that are important and I’ll discuss below.
Let’s start with what is actually being said…
- Way Canadian can authenticate and identify themselves to business, government, and each other
- FEDERATED ID system (more on this below)
- Power (and security) to store Canadians’ identity and attributes
- ONLY revealing the information necessary for the transaction
- Used to bank, used for government services, drivers’ licenses, shop, travel
- BANKS lead the creation of the digital ID
- Works between government and private sector
- Banks are regulated and trusted
- Banks have cybersecurity and privacy technology
- Working with FinTech startups
- Approach can reduce fraud, save taxpayer money, improve regulatory compliance, make it easier to do business
- This was from the Canadian Bankers Association
What is a federated authentication system? Let’s look at a definition.
You might see this a lot where there’s a new app you downloaded and they ask if you want to sign in using FaceBook or Google. Remember Farmville through Facebook? You sign in to Facebook, then Facebook tells these apps who you are – like Farmville. You are then granted rights to use Farmville. That may see me as NateFarmer23. When I sign up to Facebook, I give them email, phone, DNA, etc – you get the idea. But when I want to sign up for Farmville, they just need me to log in with Facebook, then remember that login. So when I launch Farmville, it then checks with the federated system at Facebook to see if NateFarmer23 is authenticated. Good? OK – you can now play. No need to then give your email and DNA to Farmville.
Think about this if you need government services. Healthcare, pension, driver’s licenses. Think about all of your credit cards asking for all of your information. All of these entities are asking for your financial DNA, to an extent. Now, if you were able to give all of that information to the bank, and then use the banks sign in ability to log into these other sites, you don’t need usernames and passwords for 6 utilities, 10 credit cards, 4 government services, etc etc. You have ONE sign in.
Now, if you have this one sign in with username and password, that is also a problem. You can brute force crack a lot of passwords, given enough time. This is why the complexity and length might need to be crazy. Also, you then get all kinds of phishing scams with criminals trying to get you to log into sites that look like the one you want to go to, and they steal your info.
You were seeing things like this in the news weekly. Suddenly, chip cards seemed to be everywhere which improved security. Thieves adjust their tactics. Now, when you log into things, they may ask you for a passcode they text to you. A lot of these improvements have driven down cyber thefts.
But your information is literally everywhere, and one of those entities that is lax with cybersecurity can create a nightmare for you with loss of your identity. See Target above.
A federated system with your bank would probably then have you given a card to carry with a chip on it. You may need a card reader to then access things, and then put in a PIN. In the US, this is sort of like taking your debit card to an ATM and taking out money. You have a card and a PIN. No username and password. This is 2-factor authentication, and in this case, it’s something you have (card) and something you know (PIN).
Most curious about cyber have heard of CIA – or the cyber triad of confidentiality, integrity, and availability. These Russian cyber attacks you hear about can be any and all of them. Mostly, you hear of websites getting knocked out (availability). You are denying someone access to an IT system. But another big item of cyber is “non-repudiation”. Meaning – no one can deny you are you. With usernames and passwords, these things are a nightmare. Do you remember the usernames and passwords to all of your systems? No? You have them written down somewhere? What if that is stolen? Walk around your office one night after everyone goes home and I bet you may find a username/password under a keyboard somewhere.
The concept is this….
- Set up a digital ID at a bank. They have a lot of your info now. Perhaps your digital ID is 908-8765-2345.
- Your digital ID may be needed to apply for a credit card from a different bank, signing up for a healthcare provider, government services, or even a social media account
- When signing up for this stuff, that entity will have an ID they would then need to check to get some info like salary or address, etc. It then goes to ask the bank, and then you dip your card into a reader to authenticate who you are and put in your PIN. The entity is then granted limited access to certain items for setting up an account for you.
- The other entity may see you as AB-234-987 and have a few scraps of info. Anytime you attempt to log in to that entity, it has to verify with your bank you are you (non-repudiation)
When I was doing my MS in this stuff from 2010-2012, I had read somewhere that ID theft was to the tune of like $400b each year in damages. It was the wild west. Each year, more and more security improvements needed to be made.
And then you see your parents on a Windows 95 computer that hasn’t been able to have been updated in decades.
With this, they don’t realize their machine is a zombie in a botnet, most likely, already. And, every time they would try and sign on to a bank or something with username and password, it’s possible a man in the middle attack was happening years ago. Banks have upped their security, and now unless your browser supports a certain type of encryption, you cannot access the site.
So, the point here is a safe and easy way for you to identify yourself to a LOT of different entities whilst keeping 99% of your financial DNA hidden from all of them.
But those evil banks?
Look – if I commit a crime here, like dealing drugs, and I’m arrested, they can seize my bank account money with a warrant. The bank will read the warrant and hand over the account contents. The idea here is that there is a check and balance here.
- Government LEGISLATURE making policy
- Law enforcement following policy
- Judges ensuring no malfeasance is happening and provided a check and balance to the above
- The banking institution fighting on behalf of their customers and possibly fighting a court order to a higher court.
- Civilians who can sue in court to protect their assets and stop government overreach
What we saw with Canada was this…
- Government EMERGENCY power created
- Law created to prosecute crime after the fact (ex post facto)
- Banks being ordered to seize without warrant
This worked about as well as you would think it would work. Many people felt that the government overreached with war emergency powers (president GIVING HIMSELF this power), going after people after they created the laws drove people like me bat shit (and I’m not Canadian), and banks seemed to not like this when a bank run happened.
The above can lead anyone immediate to question a digital ID to make things “easier” for you. Anyone reading this who has ever dealt with identity theft may like this. Any bank/insurance company who has had to pay for these losses welcome the new system.
The key here is that you are putting this in the hands of a private entity, like a bank. Can the government use a warrant and do things with this? Probably – but they would need to be granted a warrant.
In my country, Biden has been doing things that “are probably not legal” – FORCING people to comply, and months later these things are overturned in courts. The fact that governments now are acting first, knowing things aren’t legal, to POSSIBLY be rebuked later speaks more to government overreach today at its worst. It looks like Trudeau went the path of Biden, and many of these people are going to lose at the ballot box.
What could be terrible? If a digital ID was setup by the state, and a CBDC is run by the state – THIS is terrifying. I felt there needed to be a separation here between government and the private sector, and I wrote a bit about federated authentication and a check/balance in my article about CBDCs. Granted, this was 2 weeks before Trudeau shocked the hell out of all of us, but I think if this is designed to have those proper warrants and checks/balances, this would be ok.
Let me explain a concept here that might explain SOME of my positivity. I believe in limited government – and with a limited government, this works great. I believe in a small budget. I believe in states’ rights. I am a strong believer in the second amendment here and in every country. I believe our forefathers were a bunch of smart bastards. I read a book called “Miracle in Philadelphia” by Catherine Drinker Bowen in HS AP Poly Sci. It went day by day of the Constitutional Convention here, and walked everyone through how and why everything came to be. These smart bastards were not perfect, as evidenced by limited rights for different classes and that lack of dealing with slavery – for starters. The document allowed for things to be changed, by amendment – and spelled out the process. The truth is, by the 10th amendment, anything not spelled out in there is to be regulated by the states. Things like drivers’ licenses, marriage, etc.
Back then, states had different identities, and you may have migrated towards a state that held your values. We were held together by commerce, in Article 1, section 8. But our military was tiny, and almost non-existent.
The point of all of that is to say that we are very fearful of our very large governments today. This isn’t how they were designed. And, I think over time, they will be reduced. Whether a politician comes in and takes a weed whacker to everything, or whether default forces many services to no longer exist – it could topple itself with its own weight. But the state we are in right now, a federated system being run by a private entity should be a good thing. However, all any of us can possibly see is a large government using the weight of the justice system to terrorize a bank into complying to their wants and desires.
I believe a federated system and CBDC is the right way to go, IF it is designed appropriately – almost like a constitutional convention sort of design. However, we all know now we are in the grasp of “the great reset” where they want you eating bugs to save the climate, while the elite fly on private jets to Davos and dine on expensive Wagyu.
Under these conditions, it is wise for the people to be wary of those in power. And it is wise for the NRA here to grow their supporter base by the day to protect the rights of the people.
Do I blame people for being suspicious of a digital ID? No. Do I think it can be setup to be a positive for everyone? Yes. Do I think that’s going to happen? No.
The only real answer to prevent the downfall of the Roman Empire is to reduce the size and power of government. The last person that tried to do that was impeached twice, and had a political campaign create a fake Russian dossier to gaslight a public for 4 years that he was a Russian operative.
Most people I know on this planet could not run for dog catcher today. Why? Because every one of the people I know were 20 years old and in college one day. And, in today’s culture, there’s not one of those people who want the scrutiny of anyone looking at them, let alone having a DNC or RNC with a billion dollar war chest able to create dossiers to smear you and make you unable to ever be hired by anyone again. Meaning, today, in this country, the only people that can mostly be elected are those who have nothing to lose, like a bartender, someone who is ridiculously rich already, or someone with huge political ambitions since their teens who has done nothing but craft a persona of what you THINK you are supposed to vote for so you can get them into office.
Given we are approaching stage 7 of a monetary crisis, and there’s no way those in power will ever let the people elect someone to shrink budgets and governments, we are in for a wild ride the next few decades. This is probably why people don’t want digital IDs and probably why the people are fed up at this point. At issue, I believe they don’t understand what they are and how they can help – but it doesn’t matter because the leap to instant distrust and abuse of this information is now baked into the psyches of many people.
That’s not good. And I cannot create a diagram or powerpoint chart to un-learn that.
I need to read the 4th turning. Seen some videos on it, read the cliff’s notes. I need to get that book. We are in some weird times people.