Re: they already try to do this...
Years back, as an IT manager/security officer I created a Facebook ID to assess the risks of my users accessing it at work. The first thing it wanted to do was leech my contacts, which I declined. I implemented and enforced a 'no Facebook on company PCs' strategy.
I tried sometime later to access this account. In order to do so, I then needed to supply more personal information, which I declined to do, in order to unlock the account. I then tried to delete the account, which I could not do unless I provided more personal information, and no, I could not contact anyone without authenticating myself with - more personal information... That was a few less years back. Now I'm retired I might have enough time to tweak the tiger's tail, but I doubt I'd get anywhere.
A personal bete noire is the use of personal information (mother's maiden name, 1st pets name, school attended etc) as security questions - in order to protect your personal information! The simple solution is to allow you to create a unique security question which will trigger you (and you only) to know what the answer is, and is meaningless to others. Instead we get inanities like 'a significant date' where you have no idea as to what significant date you stated when you set the thing up.
On one of my past financial cards, transactions had a buried reference of 'fuckknows' because I got presented with a request to enter something... This was apparently unchangeable, and I never was asked for it again!
No - I see no future in requests for passport information. Perhaps when a full digital ID system has been built and perfected, and run but a reputable and incorruptible authority(!) that may be the answer.
Biting the hand that feeds IT
