A revolution in privacy, security, and data is coming. Are you ready?
In today’s world consumers relinquish control of a lot of intimate details about themselves, their family, and their friends to 3rd parties : birthdays, SSN, address, phone number, money, cryptocurrency, social media comments, private messages, texts, credit card numbers, bank account information, purchase history, credit score, photos, videos, salary, job history, medical records, location, drivers licence photos, etc. We do this to access things that have become essential for the higher quality of life promised to us by corporations and governments and for a time it worked out okay.
While corporations and governments have been working diligently to build massive data sets of this information whats been happening in the background?
Soon after this data started being collected hackers started getting sophisticated enough to steal large swaths of it, governments started abusing it with Orwellian style surveillance programs, and nation-states started targeting it. For a long time this mostly happened in the background but over the last several years people have been forced to accept this information is not safe. Let’s look at a timeline of some of the biggest thefts and abuses in recent history.
- TJX — Parent company of TJ Max & Marshals — 94 Million customers were affected. Data stolen included credit card information & drivers license numbers.
- NASDAQ — Hackers gained access to parts of NASDAQ services to steal user information.
- eBay — Hackers gained access to 145 Million customer records including names, addresses, dates of birth and encrypted passwords.
- Heartland payment systems — (one of the worlds largest payment systems) Hackers gained access to 130 Million customer credit card and debit card numbers.
- Anthem — hackers gained access to names, social security numbers, and other sensitive information for 80 million customers.
- Sony — Hackers gained access to information from 77 Million users on the PSN network.
- JPMorgan — Hackers stole email addresses, phone numbers, names, physical addresses, and “internal JPMorgan Chase information relating to such users,”
- Target — Was targeted by hackers who gained access to names, mailing addresses, phone numbers and email addresses of 70 Million Customers.
- Home Depot — Hackers gained access to 56 Million customer credit and debit card information.
- The US and British intelligence tapped directly into the central servers of Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, and Apple gaining access to audio and video chats, photographs, e-mails, documents, and connection logs.
- NSAs EvilOlive project collected and stored metadata from americans that allowed them to see who you sent and received emails from.
- Yahoo — 3 Billion user accounts compromised. (that’s all the users yahoo had though you should keep in mind a lot of those are likely duplicate accounts considering there are only around 7 billion humans on earth.)
Clearly, I could continue with more examples but for the sake of not having this whole article be a list of massive data breaches and abuses, I’ll stop here…
What do we have to protect us against this now?
There are laws that require data breaches to be disclosed under certain circumstances though they don’t exist in all countries and many times there is no recourse for breaches. So we need to wake up as a people and understand that this isn’t a problem that can be solved simply by updating our laws. This point is made clear by the fact governments / nation states themselves are perpetrating a lot of these thefts and abuses. Instead this is a problem that needs to be addressed with technology as well as changes to our laws.
How did this happen and how can we protect ourselves better against this?
When the internet was first spreading across the world most corporations, governments, and users didn’t think critically enough about security, privacy, and data ownership and now we’re all paying the price. So what do we do now? Well first people from around the world need to start thinking very differently about data in general. For too long we as users have allowed corporations like google, facebook, dropbox, employers, DMV’s, email providers, insurance companies, merchants, DNA labs, etc (who doesn’t have data on us now days?) to retain the keys to extremely intimate information that can be stolen or even abused by them in ways 10 years ago people weren’t educated enough to know they would object to if they knew what we know today. It doesn’t stop at simply impacting users though, the average cost to a corporation per record stolen in a data breach is $141 according to IBM anyone care to do the math on hundreds of millions if not billions of records stolen across the globe? This isn’t the fault of any one party like a single government, corporation, or users because until recently the technology didn’t really exist to build a system in a way where everyone is much safer.
What can I do as a government to change this?
- Work to get the laws changed in your country to better protect user data.
- Work to give users the legal right to control what data is collected and how it’s used.
- Work to make any unnecessary collection of data illegal to collect and have a punishment when people break the law.
- Work to give users true legal ownership of their data.
- Work to make it illegal to store information longer than it’s needed.
- Replace the SSN identity system with something users have more control over.
- If you MUST run Orwellian style surveillance programs at the very least d̶o̶n̶’̶t̶ ̶d̶o̶ ̶i̶t̶ ̶t̶o̶ ̶y̶o̶u̶r̶ ̶o̶w̶n̶ ̶p̶e̶o̶p̶l̶e change your mind?
- Work with the private sector to implement forward thinking technilogical solutions to the problem.
What can I do as a corporation to change this?
- Limit the amount of information you collect and modify your retention policy for the information you don’t need long-term, if you don’t need it don’t collect it and if you only need it for a short period of time delete it when you don’t need it anymore.
- As a business owner make sure you’re organization is researching data anonymization technology so if a breach does happen it’s harder or impossible for the attackers to associate an identity with a stolen record.
- Give your users the ability to delete any and all data you collect on them. Your relationship with your users should be based on their continued willing participation of your product and services and be revocable at any time.
- Give users the ability to control exactly how the data you collect can be used.
- Research how your company can use the blockchain in the future to store data in a safer manner. I know the standard as of now when building a technical product is to store user data and money on centralized servers but let’s face it you’re really just opening up yourself to the liability of attackers breaching your system then getting sued by your customers for gross negligence. After looking at the list of breaches in this article what makes you think you won’t get breached by a nation state or even a 15-year-old British teenager named craka?
What can I do as a user to change this or protect myself?
- Demand something better from the companies that have your data. If you’ve been a victim of data theft it’s very likely the party that stored your data could have used current technology to prevent or minimize the impact.
- Be careful what permissions you grant the apps you use on mobile devices and be careful who you give your data in the first place. To make my point on this I’ll tell you about a time I was doing security consulting work and I got hired by a company in Sioux Falls, SD that builds decks on peoples houses. I found a security flaw in an FTP server that was used to store scanned copies of the government forms one needs to sign before getting a job in a way that allowed google and other search engines to index those documents making them literally show up in search results. This was information such as address, SSN, phone number, among other sensitive information. He eventually had the person who set it up in the first place fix his mistake but I tell this story to point out just how careful you need to be when choosing who to give your personal information too. Most businesses especially small businesses simply can’t keep up with security demands.
- Learn about how you can control your own data and wealth through the blockchain then demand these innovations from the financial institutions, governments, insurance companies, employers, etc whose services you use. I understand this is a daunting task for the uninitiated but you wont regret it if you try. This technology can secure our voting system, give you control over your money, and give you control over your own data. Remembering It will take time for it to be adopted on a wide scale but better security, privacy, etc is something we should be demanding.
Final words of wisdom
Recent advances in Blockchain technology are going to allow corporations to build profitable business models without having unlimited custodial control over user information, data, funds, and user-owned securities (things like stocks and cryptographic tokens) these advances will allow users to not only experience the current level of conveniences we have today but open the door for less corporate liability, better privacy protections, user controlled data, and stronger security than we’ve ever had access to as a people. We shouldn’t have to live in a world where we are forced to trust any party other than ourselves as individuals more than we have to and rather technology like this gets adopted today or 10 years from now one thing is certain, you cannot stop innovation. So when you find yourself waking up one day in a world where these innovations are a production-ready reality I hope you’ve thought thoroughly enough about these issues to be ready.