The Future of Personal Information Security
There have been many discussions of late regarding the Equifax data breach which affected every American adult. Both high-profile data breaches and day-to-day cases of individual identity theft are becoming far too routine. Can anything be done to stem the tide? There is both good and bad news on that front.
A combination of both new and old technologies exist today with the potential to end unauthorized access to your personal information. However, major changes are needed in the way third parties handle our information. We will discuss three facets to putting the security back in personal information security.
The technology exists today to store any digital information in an encrypted format rendering it useless to thieves. Encryption can protect data where it is stored as well as when it is transmitted between parties. Today’s commercial and public encryption technologies, if used properly, are sufficiently robust to provide an extremely high level of protection against even the most sophisticated enemy. The key is that they must be used properly.
Data exists to be accessed, and frequently this requires it be exchanged with other authorized parties. Storing data in an encrypted state is pointless if strong authentication policy is not in place to prevent decrypting and passing off the data to unauthorized parties. Imagine an important document stored in a safe deposit box in a bank vault. The vault and lock box represent encryption. Authentication represents the process by which the bank decides who they will open the box for. Weak authentication will defeat even the strongest vault.
In the past there has been emphasis on using “strong passwords”. As data thieves become more sophisticated, this is no longer adequate protection. In response, “two-factor authentication” is becoming more common. An example of two-factor authentication is being required to enter a passphrase followed by a one-time code sent to you by text message. Two-factor and similar authentication methods significantly enhance security but often at the inconvenience of the end-user.
There is good news in that cutting-edge authentication methods combine both heightened security with reduced inconvenience. Technology including (but not limited to) biometrics such as eye, fingerprint, and voice authentication are becoming both more accessible as well as being increasingly more difficult to defeat (especially when used in combination).
Indisputable Data Accounting
Who accessed what, and when? What was changed? What differences are there in the data before and after the change? Up until now companies responsible for keeping your information safe frequently struggle to answer these questions.
In 2018 you will start to hear a lot about a technology with the potential to revolutionize data-transaction-accounting. It is known as “Blockchain”. It is a method of utilizing encryption to ensure data cannot be altered or exchanged without the details of those events being permanently recorded and tamper-proof. Blockchain is not a product or piece of computer code. It is a mathematical concept with broad potential for use in virtually all areas of digital data management from banking to medicine. It was first used as the accounting-ledger for the crypto-currency Bitcoin as a way to prevent counterfeiting and prevent unauthorized transactions. Computer scientists are now using Blockchain theory to develop tools to protect many types of data. I predict Blockchain will be one of the big buzzwords of 2018. You will frequently see it used in the context of the crypto-currency Bitcoin, but remember its potential uses as a secure accounting system go far beyond that.
What is the Next Step?
As more data-managers (from Gov’t agencies to retailers) adopt systems combining encryption, authentication, and Blockchain accounting we could potentially see the end of the routine private-data breach.
More good news comes in the form of examples from abroad. Many countries are moving quickly to develop and implement systems incorporating the three facets of security discussed above – encryption, authentication, and accounting.
India, for example, is a world leader in authentication technology. Whereas US citizens typically are required to use a simple (and easily stolen) Social Security Number as their personal identifier, citizens of India utilize a sophisticated biometric identity program. They too use an identifier like our Social Security Number, but access to it is tightly controlled through cutting-edge authentication. Indian citizens protect their identity against theft by using combinations of iris-scan, fingerprint, photograph, and demographic information to control when their personal information is accessed and by whom. Among other things, it prevents an identity thief from easily impersonating a potential victim.
The small Baltic nation of Estonia is another leader in this much-needed data-security revolution. After suffering a devastating national data breach 10 years ago they committed to developing robust data protection infrastructure. Estonia now uses Blockchain technology to control data which cannot be accessed, erased, or altered without leaving detailed records of who, what, when, and where. (Author’s note: I highly encourage you to research Blockchain theory to learn how this is possible. It is an ingenious concept.)
What this means for you and me
While countries such as Afghanistan, Bangladesh, Tanzania, Singapore, Russia, Dubai, Switzerland, and Gibraltar (in addition to those previously mentioned) are actively pursuing adoption of the latest security technologies to protect the personal information of its citizens, the US has been dragging its feet. We are victims of 1st-generation infrastructure. A developing economy tends to invest in current technology. A developed economy with legacy infrastructure tends to maintain outdated methods. Like the fact that we are a decade behind Europe in adoption of chip-card technology to protect against credit-card theft. Not to mention we are 116 years behind the curve regarding metric system adoption. The bottom line is the US is stuck in its old habits.
In the wake of the Equifax breach there is some good news. The Trump administration has asked federal agencies to develop a secure modern national identity system to replace vulnerable social security numbers. The latest methods of data security as discussed here are being evaluated and proposals are being prepared. It may be that unfortunate recent events act as sufficient motivation to propel the US forward into a new era of digital security. My hope is that the day is not too far off when we will not need to worry so much about the risks of identity theft and unauthorized access to our private personal information.
Legal Information and Disclosures
This memorandum expresses the views of the author as of the date indicated and such views are subject to change without notice. HFG Trust has no duty or obligation to update the information contained herein. Further, HFG Trust makes no representation, and it should not be assumed that past investment performance is an indication of future results. Moreover, wherever there is potential profit there is the possibility of loss. This memorandum is being made available for educational purposes only and should not be used for any other purpose. The information contained herein does not constitute and should not be construed as an offering of advisory services or an offer to sell or solicit and securities or related financial instruments in any jurisdiction. Certain information contained herein concerning economic trends and performance is based on or derived from information provided by independent third-party sources. HFG Trust believes that the sources from which such information has be obtained are reliable; however, it cannot guarantee the accuracy of such information and has not independently verified the accuracy or completeness of such information or the assumptions on which such information is based. This memorandum, included the information contained herein, may not be coped, reproduced, republished, or posted in any form without the prior written consent of HFG Trust.