JP Morgan databreach: why it’s time to decentralize your personal information

Privacy

Written by:

After Target, after Home Depot, comes the data breach of one of the largest banks in the country, JP Morgan / Chase.  One thing is clear: no one can protect your online data.  This fact hasn’t sunk in for everyone yet – people still trust their online banks, e-commerce web sites, and in fact, much of established online world.

In five years, we’ll look back on this situation as naive or plain crazy.  By 2020, the majority of people will have taken the protection of personal data back further into their own hands.  And some of the responsibility for holding big centralized databases of consumers personal information will have been ripped away from corporations who simply cannot keep it safe.  This is where technical innovations like Bitcoin shine – they replace central trusted services companies traditionally provide with proven better protocols.  So when it comes to protecting personal information both at a personal level and at a “network” level, big changes are afoot.

Why can’t big databases of personal information be protected?

1.  They’re big and valuable so they provide incentives for thieves and hackers to attack.

2.  There are always imperfections in software – bugs, holes, and exploits and no fancy security system that ever will be invented (though many will) will change this fact.

3.  The world is more connected – meaning more and bigger databases online somehow connected to the internet.

4.  There are more hackers with greater resources.  Whatever one thinks of the NSA, there is clearly more state-sponsored cyber hacking going on.  Does anyone doubt that Vladimir Putin would blink at a hacker group embarrassing a US company participating in sanctions against Russia?

So what can you do?

The only correct direction (there is no silver-bullet answer) to not letting cybercriminals win is to “decentralize” the storage of valuable personal information.  What does decentralize mean in practice? To provide an example, I’ll compare our company, Abine’s, solutions to Apple Pay, Apple’s proposed new system to better protect payments made with iPhones.

Apple Pay proposes to reduce (decentralize) how many merchants have your payment / credit card information by working at the network level.  This means they work with a network of businesses from ones that provide the little boxes at the cashier people currently swipe their cards on (Hi Target!) to a slew of companies responsible for transmitting the payment information between your bank and the merchants bank (including Visa and Mastercard and others) Apple will create “tokens” that are unique for each payment that the merchant uses.   By working together as a network, Apple and these payment companies can dramatically reduce the number of databases that have your real payment information.  Critics will note calling this decentralizing the information is sort of wrong as it remains stored in big databases, albeit many fewer ones.

Abine’s solutions take a similar approach but work at a personal level to mask information – if a consumer doesn’t want their card stored when shopping online, they create a “masked card” with a new card number and limited value and give only this to the merchant. Consumers can also do choose to mask and not share their real email addresses and phone numbers.  This lets the consumer keep their real data off of the many centralized servers of the many web sites they interact with daily, but still use the services.

Protocols like bitcoin and architectures where individuals run their own servers to communicate and do stuff online are far better ultimate answers and truer versions of decentralizing information – their success will be limited by how easy they are to use and how damaging cyberattacks become.  For those interested in both ease of use and better fundamental protection of their personal information, the market will provide many choices in the coming years.  Consider using something now to better protect your passwords, payments and personal information.  The consequences and costs of waiting are only increasing.

 

Leave a Reply