With yet another announcement of personal data being compromised from a company, are we ready to start thinking about living in a world without personal data? We are to the point where so much information about each of us has been taken that it makes one wonder, “is there anything left that is not already out there in someone else’s hands?”
Does this mindset change how we live our lives; how we protect our information? I have been contacted no less than 8 times over the past 3 years with an indicator that my “personal information” had been compromised. Since we as a society are not penalising those companies that allow our information to be stolen, should we now begin to pivot to executing our daily activities with the underlying premise that all our information is in the public domain? How might this change what we do?
Health information is the area that is most concerning, since our model of health insurance (at least in the USA) is often premised on pre-existing conditions and the ability to charge you more if you will cost the company more. The recent changes in US insurance law has begun to whittle away the ability to be denied, but it does not remove the ability to be charged out the nose to cover what will likely be a costly endeavour: being previously sick. Perhaps the move to age-based pricing that can not take into account your medical history, or force health insurance providers to become non-profit organisations that care about the health of America instead of the health of their shareholders. This way, you don’t need to be as scared of your health data appearing in the hands of potential insurers, and you can be honest with your physician for the first time in quite a while and he can hopefully be allowed to provide you with the care you should get, and not just what your profit-motived insurance company tells him that their bean counters think is the best course of remedy.
On the financial transaction side, the fact that my credit card numbers are all over the Internet means that one-time payments, tokenised transactions and alternative authentication (yes, PIN, I am referring to you. Americans CAN handle a PIN, I swear). If you assume that the numbers is or will shortly be in the open, then you just shift to a more ephemeral piece of information. Yes, this will annoy the data collection companies and retailers who like to use your credit card numbers to tie all your purchases along with your credit report to sell to marketers to better target their sales pitches to you. Similar to the recent move by Apple to making MAC addresses less trackable by marketers as you walk about, ephemeral payment numbers will be bad for marketers; but anything bad for marketers is good for the general population.
Authentication is key to the success of this approach as you need to make sure that you are who you claim you are. First and foremost, the use of strong, two-factor authentication has to become not just commonplace, but innate. (BTW, if you want to check out an awesome 2FA service, have a look at Duo Security! Frictionless and very easy to integrate into a lot of things, including WordPress!). Fido Alliance has some very interesting approaches that move us beyond username or password and could help to authenticate in an even more secure manner. Likewise, the growth of discussion on BYOI (Bring Your Own Identity) offering could lead to the vendor-agnostic, vetted authentication service that we all hoped that Microsoft Passport would be back in the early 2000’s and bring us to a place where we can have trusted, strong identity that is usable across the Internet. As long as we don’t trust the entity that issues and vets the identity (yes, I don’t trust Facebook’s motives – do you?), we won’t use it ubiquitously and it won’t be uniformly trusted.
Not that all this will mean that we will never be at risk if we begin to become more open with our information on the Internet, but the mindset toward changing the way we do business and operate in the wake of having nothing be private anymore could make a bigger difference than just trying to build bigger, stronger walls around the data we have and still be susceptible to the current, flawed processes and controls that have let our data be spread around the tubes like so much SunButter on a bagel.