In 2017, Equifax suffered a data breach that leaked data on up to 143 million Americans. The leaked data includes social security numbers, home addresses and more. Since that breach, there have been 29 more breachesaffecting more than a billion people world-wide. It seems that hackers collectively have more data on us than credit agencies might have. Companies that are tasked with safeguarding personal data are faced with a myriad of arcane laws, complex technology and, quite frankly, attitude problems. How can blockchain technology be used to prevent data leaks?
The laws around safeguarding of data are all designed to hold a company legally responsible for any data breaches. The data protection laws, such as FCRA in the US or ECHR Article 8 in Europe, were all designed to permit the gathering and storing of data. Most companies would simply take out insurance to cover a breach event and practically continue business as normal.
In truth, our ability to detect data breaches today is largely due to the accessibility of the internet and the dark web. For many hackers, publishing the data for sale on the dark web is the end goal. Given the data treasure trove that companies such as Marriott and others hold, there may have been many breaches for which we are simply not aware.
PCI Compliance, for example, simply mandates that credit card information be encrypted and that the three or four-digit code is not to be saved. Beyond that, there are no requirements on the rest of the data. Email addresses, home addresses, phone numbers and order data are all stored in plain text.
As a result, IT professionals that are tasked with just getting it done as quickly and as cheaply as possible typically do not spend a lot of time on safeguarding personal data. Furthermore, in all the training or compliance procedures, the emphasis is around obtaining and storing the data. The attitude is typically to blame the hackers for making their job harder, but there isn’t any further thought around how to properly obtain, use and to safeguard the data.
In “Freakonomics” terms, this has simply encouraged the growth of a cottage industry of identity breach services. These companies exist simply to report on data breaches and to offer credit protection services. Consumers likely have “free credit protection” services for the rest of their natural lives.
The breaches that have been increasing in frequency and with the advent of state sponsored hackers from China and North Korea, will likely only continue to get worse in severity and frequency. It is likely that there are universities now purely dedicated to training hackers. This means that every day, more vulnerabilities will be discovered leading to more leaks of personal information. To counter this, what can we utilize from blockchain that will further safeguard the data?
Blockchain is an amazing piece of technology. The structure of the technology is designed to maintain a high ground against hackers. To wit – there is a 91-billion-dollar bounty for any hacker that could break the blockchain. In ten years, it hasn’t been broken. The technology is secured by default in a presently unbreakable layer of encryption. And as a technology, it can be improved to have increasingly stronger layers of protection added.
There are approaches that have been designed and implemented by blockchain companies to better protect the data. Solve.care, for example, encrypts the personal information into the blockchain and requires the users’ permission for others to access the data. That permission can be revoked at any time. In an interview for an earlier article on healthcare, Pradeep Goel asked,
“When was the last time that you revoked your Authorization of Medical Records Release form with your doctor?”
Presently, many blockchain startups are required to collect personal information such as driver’s licenses, passports, copies of bank account statement, home addresses and more. This information then must be verified before the investor can purchase an ICO. In the US, the SEC, FINRA and other government agencies mandate this collection of information on all investors – even ones that are doing business with banks and financial institutions. This information is supposedly safeguarded from hackers, but one security researcher last week discovered 10GB of personal information on an insecure WordPress site. Drivers licenses, passports and more were all uploaded by individuals seeking to buy into an ICO.
IBM has been working on a standards compliant system that they call “IBM Blockchain Trusted Identity”. As a service, they want to improve the KYC/AML process that companies like Coinbase and others utilize. This service would allow users to authenticate without giving up control over the information. Since it is secured by blockchain technology, this data is in a highly secure location and likely inaccessible to hackers. This methodology certainly seems a lot better than uploading a PDF to an insecure website. And this technology is available right now.
Even IoTeX has recognized the need for this service. Raullen Chai, the former Head of Uber’s Cryptography founded IoTeX to create a blockchain with privacy at the forefront. IoTeX is working on a credit score system that places the power in the users’ hands. It is currently in pilot testing with a commercial bank and mobile data company, with a planned global release by end of the year. As an example of how the system works for end users, Chai says,
“…the requested score will be cached on the client side (e.g., user’s wallet, mobile apps), and the user could click a button to request to update the score when needed.”
Bitcoin and blockchain has been attacked by pundits solely because of the price action. A closer look by enterprising professionals could reveal a treasure trove of improved security and reliability around personal data and to reduce the threat of attacks. Companies of all types, including insurance companies could save billions by taking the proper action to secure the data.
Consumers stand to benefit the most from this technology. Rather than giving our data away freely to every stranger, consumers should insist that companies use a blockchain enabled identity system to protect this data.
Author: Jefferson Nunn