4 Ways Businesses and Consumers Can Take Back Their Data in 2019
“There’s hardly a week that goes by these days where we aren’t confronted about another data breach or critical data loss which impacts millions of people,” says Joseph Hopkins, COO of Crown Sterling, in an interview for the new book I'm co-authoring on emerging technology (21 Ways Life Will Change Tomorrow).
Hopkins’ assertion may be evidenced by recent news that Equifax will have to pay out $650 million or more as part of a combined federal and state investigation resulting from its 2017 breach involving nearly 150 million customers. This development comes in the wake of a $5 billion fine levied by the FTC the week before against Facebook for mishandling users’ information. Seeking to put these events in context, Hopkins explains the prevailing -- and problematic -- economic model concerning data usage. “The fact is, network digital companies (e.g. social media companies) regularly orchestrate the unauthorized movement and selling of data and IP assets with little to no consent from their subscribing member base.”
As early as 2011, media theorists such as Douglas Rushkoff have been sounding the alarm about this practice with the famous pronunciation: “On Facebook, we’re not the customers. We are the product.” Yet it wasn’t until this year that public backlash against data insecurity and misappropriation reached a breaking point. It's therefore fitting that tech startup Crown Sterling is poised to announce a new cybersecurity product launch to combat this threat at this year’s Black Hat conference in Las Vegas.
Based on an algorithm by Crown Sterling’s founder, the new application promises to usurp the current factorization model, a process of multiplying two primes to obtain public key encryption. Grant’s discovery disrupts existing protocol by enabling the prediction of prime numbers to secure cryptography in a product called TIME AI for users and enterprise companies. Using multidimensional encryption tech -- including time, music’s infinite variability, AI and mathematical constancies -- it aims to generate entangled key pairs to wrap around and secure data and applications.
I sat down with Grant to learn how businesses and consumers can take back data rights ahead of his Black Hat presentation, “Discovery of Quasi-Prime Numbers: What Does This Mean for Encryption?” related to his paper published through Cornell University. To understand data sovereignty’s growing movement, let’s review four ways we can regain control now.
1. Build awareness as to how our data is being currently monetized.
“At the moment, companies are generating huge profits through something as seemingly innocuous as the Nest in your house,” says Grant. Hidden behind opaque terms of service agreements is legalese meant to obscure the fact that Internet of Things (IoT) providers, such as smart homes, obtain our private data for third-party sales to monetize it in numerous ways -- from targeted ads to predictive analytics futures.
The first step toward changing this trend is generating attention around it. Of course, Nest is not alone in its data mining practices. Digital search, retail and social media outfits have been doing this for years. “The collected data has value because of how it's used in online advertising, specifically targeted advertising: when a company sends an ad your way based on information about you, such as your location, age, and race,” writes Max Eddy for PCMag. “Targeted ads, the thinking goes, are not only more likely to result in a sale (or at least a click) -- they're also supposed to be more relevant to consumers.”
2. Understand just which information is being collected about us.
“While more informed individuals and groups may be aware of these data acquisition practices, many of us do not realize the full extent of this exploitation,” says Grant. What he means is data sweeps are not confined to our entries on popular sites. To begin with, information regularly collected about us every day can include our location, browser type and links we click on, all of which can lead to a unique web fingerprint offering an idiosyncratic self-portrait differentiating us from other web users.
But the data pileup and aggregation go deeper. Eager to track us, many sites leave a so-called cookie on our systems. A digital breadcrumb, it follows us around the web, remembering where we’ve been and storing items in our checkout for purchase the next time we visit the site. This situation can be problematic, especially when even our search habits are being monetized. “What’s more,” writes David Nield for Gizmodo, “a recent study from Princeton University found that cross-site trackers embedded in 482 of the top 50,000 sites on the web were recording virtually all of their users’ browser activity for analysis.”
Beyond ISPs selling our browser histories and social media sites culling our personal information -- including photos of our loved ones -- for advertising insights, so many more under-the-radar data-mining practices exist in a veritable constellation of forms and iterations that it would be futile to list them all. Suffice to say there are many versions of this practice (and many more to come) unless we take the next step seriously.
3. Become part of the (business) solution, not the problem.
“The big issue we have today are ‘contracts of adhesion,’” says Grant. “If you will allow the metaphor, we agree to whatever a website requires because we want to participate in the digital realm. We want to cross the street. However, we can't cross the street unless we agree to some form of cookie installation or other data capture.”
The fact of the matter, though, is that this Faustian deal to participate in modern life is not something any individual -- or company -- can easily evade. Yes, businesses must also play along to get along in the internet age; as a result, they're also subject to the current exigencies of data malfeasance, in the form of security vulnerabilities.
According to NBC News, financial damages caused by data breaches are becoming ever more common and devastating. “The 2018 Cost of Data Breach Study, sponsored by IBM Security, found that the average cost for each lost record rose from $141 to $148, an increase of nearly 5 percent,” writes Herb Weisbaum. “Healthcare organizations had the highest costs associated with a lost or stolen record, at $408 -- three times higher than average.”
Recognizing the "data" on the wall, Grant insists the status quo must change for organizations to also avoid vulnerability to such losses. Though there are companies benefitting from the current asymmetry of power, it ultimately could behoove virtually all enterprise organizations to transform their operating models from one of laxer cybersecurity protocols to more safeguarding.
Likening the implications of such paradigm-shifting to evolutionary necessity, Grant suggests the successful businesses of tomorrow will be those willing to adapt to the times. “It might mean something as little as charging a small fee for search engine usage or paying to participate on social media,” he says. “Whatever is required, those forward-thinking companies will do what it takes to remain viable.”
4. Recognize more empowering ways to monetize our data.
The status quo presents an inequitable, unsustainable power balance. A minority of companies profit extraordinarily from others’ data, whether created at the individual or organizational level. Potentially worse, ineffective cybersecurity safeguards routinely subject people and businesses to harmful exposures, threatening everything from personal safety to critical intellectual property.
The way we move forward is to recognize the importance of data sovereignty for individuals and businesses alike. While the former cares about this issue from a privacy perspective, the latter has an investment in security. Not only can a breach damage a company in terms of cost and time, but it can hurt enterprise organizations from a trust perspective. According to software company Varonis, Target lost considerable support amongst its customers due to their mishandling of a 2013 breach. In particular, consumers fumed over how long it took the company to publicly disclose the incident, going so far as to cancel REDcards and boycott the retailer.
Grant’s answer to this threat, as well as privacy concerns, is to reclaim data sovereignty. “This means acknowledging the value of our data and asserting our rights to its dominion," he says. This could mean viewing future data transactions as a two-way street. Power dynamics will only shift once we reassert control over our data through enhanced cybersecurity, controlling its monetization. Likewise, companies will restore damaged perceptions and safeguard their organizations against future losses once they regain control of their security through impenetrable digital defenses.
The way forward: a glimpse of the possible
There may be a tendency to view data manipulation and insecurity through the lens of good and evil, but that's too simplistic. The reality is that until quite recently, market conditions suggested the efficacy of the current economic model. However, the rise of an emerging digital tool to wrest back data sovereignty into individual and organizational hands suggests we may be at the dawn of a new era. Here’s to 2019, the year the world takes back its digital rights.