Record Keeping is Nothing New.

People didn’t begin keeping records just yesterday. This has been going on for a long time, and it’s done for very practical purposes. Validation for citizenship, training, other qualifications, various certifications: There is nothing really new about any of that.

Paper Record Keeping.

First came civil registration requirements. Some of these started in religious institutions through mandates, and then later registration of things like births, deaths, and marriages became unified on a per county basis. Most of that was already in place before the year 1900 in the western world, Europe, and North America.

By any assessment, this is very sensitive information, which has been collected for a long time, and can positively identify family relationships to a certain degree into the past. In the original, often handwritten, paper formats, it would seem like making any use of that information would be difficult, and accessing such old information doesn’t even seem like a ’leak’. Assuming the paper information is correct, complete, and continuous, what can identify any family group more strongly than that?

Then imagine taking all of that lengthy roll of historical civil registry data and doing all of the work of digitizing it. So, now it’s sitting inside of a computer somewhere in a database, maybe even a publicly accessible one.

That’s just one thing that has become a digital asset which you probably would not have chosen to make publicly accessible. It’s not always the case that your ancestry has been made public without your consent but, it seems fairly common.

School Records.

These were normally kept at the specific school which was attended. Later on, as technology advanced, these records were made digital. This was most likely done through a manual data-entry process but, it could also have been done through scanning or photographs. Early on, scanning and photos might have been too much data to hold in a computer system. Today, we might be fully digital for the whole system, right from the start. Grading, and comment entry, all could be fully digital, without paper.

It’s likely that reading and writing are still taught by hand with pencil and paper, and early work in school is still with workbooks but, the grading system is almost certainly a direct computer entry.

All the way through the school system, and everything about your time there is recorded into a digital system, maybe even if it was done after you left that school environment. Some school boards are keeping that information indefinitely.

I’m not sure who needs their grade 7 report card 40 years later. Let’s not worry too much about that but, let just notice that there is a great deal of depth.

Grade School, Secondary School, College or Trades Schools: All of the records are digital, along with any diplomas, degrees, and certifications.

Just Check Your Own Wallet.

You can see how many potential identification methods you might have. Some of them might expire, and only a handful of them will be accepted everywhere. Maybe you have a driver’s licence, a social insurance card, that’s pretty typical, and then maybe you even have a healthcare card, depending on whether the country you are living in has a universal healthcare system.

Some of those things might be accepted as identification for certain purposes. A driver’s licence is generally the standard within the country, while a passport will be accepted while travelling abroad.

Paper Records Were Great.

The only problem was that every now and then a giant fire would consume the building which was holding the records, and the result would be that the records from that region would no longer be complete. The equivalent today might be a data corruption event but, it probably wouldn’t effect all of the data on any given system.

Today the downside seems very much to be that the centralization of information, and the great stride we have all taken towards digitizing as much of our data as possible has some huge risks associated with it. The data can be leaked through various means. That data can become a ransom after malicious groups hack whatever system contains the data. The data is almost never stored in a way that is incredibly secure, and depending on which country you are in, a sufficient percentage of your personal identifying data may already have been compromised in this way.

How much data needs to be stolen from the various places where it’s kept before we have, being potentially sufficient if assembled, an external method of false identification. Is this already the case for some people? It’s possible that there is enough leak exposure that it could compromise the correct identification of some people. This is very difficult to estimate. There is no way of knowing whether there is coordination between the criminal groups who have stolen data, and the leaks that we hear about are only the ones that have been discovered. Still, these types of leaks are best seen through the lense of a ‘big-budget action film’. How is the data used? Do they sell it? Hold the data for ransom and threaten to expose it publicly? Maybe. It’s all speculation as to what actually becomes of the data, as we rarely see any follow up reports showing where stolen data was ever used.

That isn’t the only way that data can fall into the wrong hands.

Data Can be Compromised in Other Ways.

Malicious actors can also take data from a company where they work. It can be done in a way that is almost completely invisible, and probably undetectable. In the age of paper records, it was possible to read a letter left out in plain view, or any other document which might be in plain view. Information could have been compromised that way. Then again, big budget movies have taught us that burglars can break in and then start photocopying data in some large centre containing massive amounts of paper documentation. This is not incredibly likely at the moment and with the current technology. There might be some paper documentation submitted and handled by humans at some points but, a lot of the work is done on computers where each user is authenticated.

Does the authentication take care of all security concerns? Maybe. It depends entirely on how the system is laid out. It also depends on the specific system, and the age of that system. There are some systems where ‘any-access’ is essentially equivalent to ‘all-access’. There are yet other systems where any type of legitimate access can easily be upgraded to an all-access-pass, by someone with a little bit of knowledge. Some older systems have very well known exploits, and those loop-holes aren’t closed yet. There is a lot left to the old fashioned ‘honour-system’ but, we know that the incidence of criminality in any organization is approximately the same as in the rest of society. It’s no different, there will always be some people willing to take something when no one is looking, or in a way which they believe cannot be percieved or traced back to themselves.

So, it’s possible, and very likely that data can be breached and subsequently leaked, without any trail, and without anyone knowing. This is most likely to happen on a smaller scale, something more like ‘pin-point’, a single breach of a single person’s confidential information. Even a leak of information of this smallest kind can be significant for the person who