Over on BoingBoing, Cory Doctorow is doing his best to raise awareness of data breaches in a post entitled, “Database leaks are as immortal and toxic as nuclear spills – let’s start acting like it”.
If we are going to contain every heap of data plutonium for 200 years, that means that every single person who will ever be in a position to see, copy, handle, store, or manipulate that data will have to be vetted and trained every bit as carefully as the folks in the rubber suits down at the local fast-breeder reactor. Every gram – sorry, byte – of personal information these feckless data-packrats collect on us should be as carefully accounted for as our weapons-grade radioisotopes, because once the seals have cracked, there is no going back. Once the local sandwich shop’s CCTV has been violated, once the HMRC has dumped another 25 million records, once London Underground has hiccoughed up a month’s worth of travelcard data, there will be no containing it. And what’s worse is that we, as a society, are asked to shoulder the cost of the long-term care of business and government’s personal data stockpiles. When a database melts down, we absorb the crime, the personal misery, the chaos and terror.
On the off chance Cory makes it over to this humble site, I’d like to propose some more creative thinking to solve the problem.
The truth is we can never completely protect the data for many of the same reasons consumer DRM fails- it only has to leak once for it to appear everywhere. Assets in physical crime are self limiting; there are only so many ways for a horse thief to chop up a horse. Digital assets are nearly infinitely renewable and reusable.
We need to keep defending our data, but accept the bad guys will get it. Thus we need to limit the impact of those leaks. I see two options (one focused on a specific issue in the US, the other more generalized), and I’m sure there are more:
- Release all Social Security Numbers. Then they can no longer be used as a “secret” identifier for financial transactions. This will stop most forms of identity theft in the US, forcing bad guys to shift to more focused account-level fraud. This post explains the difference.
- Create systems for multi-factor transaction security. Fraud monitoring on credit card accounts is a basic example of this, but there’s a lot more we can do. Placing a fraud alert on your credit report so the monitoring company has to call you before creating a new account is another example. Having your bank verify major account transfers through back channels is another. I call this “Dynamic Authorization” (part of Dynamic Trust) and it leverages the power of real-time technology to change how we perform transactions and authenticate individuals. There are so many creative and effective layers we can add here I get pretty excited just thinking about it.
We accept that data will leak, then build security controls to minimize the damage. We’ve barely scratched the surface. Consider this anti-exploitation for financial transactions: we can’t eliminate the vulnerability, but we can reduce the exploitability.
There are exceptions. Health care data is one example where the private market won’t solve the problem; we’ll probably need government regulation to reduce the financial value of that data (e.g., forcing insurance companies to provide coverage despite prior conditions). Protecting consumer privacy, such as limiting data collection on buying habits, is another tough area. But right now the biggest problems are financial in nature, and that’s one area where we can make a big dent with some creative approaches.
There will always be criminals, but we can sure make their lives harder. Simply storing data in nuclear bunkers and hoping it doesn’t leak isn’t the answer.