I agree with the premise that SSII audits are useless, but your solution sounds like bandaid on a cancer. The real solution solution is stop this surveillance machine madness!

I understand that identity is required for property deeds and bank accounts for tax reasons and that should 100% not be online. But for the rest, it should be entirely outlawed to collect personal information beyond what's necessary for the service, including for government agencies.

Make healthcare (really) free => no social security database to hack. Give me back humans in offices for taxes and drivers licences => no ANTS database to hack. etc.

> Penalties don't work for government agencies. Taxpayers would pay for it and it doesn't act as an incentive.

This is the same as the rogue police problem in the US. What needs to happen is a shift to personal liability for those responsible.

You don't seem to realize the difference between those 2.

> The way to fix it is to empower one government agency to do aggressive pentesting against every other agency, hospitals, banks, infrastructure, and big corporations, with salaries matching the private sector. Impose ...

And now you've got private people empowered to attack specific government officials. In fact, that's their job. Btw: you forgot to specify "in public", and that needs to be how it works, otherwise it will just result in officials attacking this security agency. Oh, AND you're giving government officials an obvious point of attack: "salaries matching the private sector".

> Forget compliance checklists, KPMG "audits" and all that crap, just have government-sponsored hackers trying to get into everything like an attacker would.

You mean forget the way even the dumbest of the dumb can "provide security"? Do you think government officials in France got their position based on their IQ?

Of course this is the only way it can work, but this needs a very un-French form of government to get it to work.

[dead]