Future of Identity Protection

AI and the Future of Identity Protection

Future of Identity Protection

There’s a lot of alarm over who stands to lose their job to automation and artificial intelligence. From fast food workers to toll booth operators, no doubt there’ll be some losses in the coming decades. But when it comes to identity protection and AI, the question shouldn’t be, “Who’s going to lose their job to artificial intelligence?” The real question should be, “Who should lose their job to artificial intelligence?

If AI could prevent identity theft better than certain cybersecurity specialists, it stands to reason those specialists should lose their jobs to AI. It’s impossible for AI to be “stupid” or to abdicate duties that are part of its algorithm.

Witness the words from chairman of the House energy and commerce committee, Greg Walden: “I don’t think we can pass a law that fixes stupid.” He is of course referring to the Equifax data breach, a giant loss of consumer identity data at the hands of unseen thieves. Equifax’s former CEO Richard Smith resigned after the company revealed the breach to the public. He blames the breach on “human error and technology errors.” What if human error wasn’t an option when it comes to protecting identity data? To the extent that it’s programmed correctly, artificial intelligence promises to do away with human error.

To our detriment, consumers have very few ways of protecting our identity information. The average case of identity theft results in a loss of $1,500 for the consumer. When it comes to protecting social security numbers, Consumer Protect, an activist network, recommends “Always keeping your social security number (SSN) secure. Do not keep your card in your wallet or write the number down on checks. You should only give someone this number when it is truly necessary.” But what if someone (such as Equifax) has this number without your permission?

Although the government can’t draft a bill legislating the end of stupidity, it can pay attention to one of Mr. Smith’s recommendations. Smith thinks we should stop using social security numbers to verify identity.

It is time to have identity verification procedures that match the technological age in which we live,” Smith said.

For example, a company like Apple knows facial recognition AI is now advanced enough to place it at the heart of the new iPhone X. Apple’s Face ID learns from its mistakes, adjusting its algorithm based on continuing iterations of a user’s facial features. If you keep looking at your phone, it keeps updating its knowledge of your face. Your facial data are encrypted on the device, instead of being stored in a centralized location where hackers can access them. Apple says the chances a random person could access an iPhone X by looking at it are one in a million.

If a person’s face is directly linked to their social security account and credit card accounts, and the facial data isn’t stored on a network that hackers can crack, hackers are going to have a much harder time stealing identities.

But Mr. Smith isn’t offering an entire picture of what a company like Equifax could and should do with AI, and he’s not really addressing Mr. Walden’s assertion that Equifax was simply being stupid by leaving the gate open to hackers.

Equifax’s IT personnel chose not to update Java web applications that were vulnerable because of a fault in Apache Struts, which is an open-source Java app framework. In turn, this left Equifax’s data vulnerable because outsiders could write in malicious code. Blue Matador’s Philip Volmar points out, “What companies like Equifax want is security, uptime, and automated remediation. Instead, monitoring tools give them data, query tools, and reporting.

In other words, Equifax’s monitoring tools didn’t tell them the breaches were happening because they’re using an outdated, limited software stack. Moreover, with awareness of the Apache Struts weakness (which they did have because Apache immediately notified everyone using the framework when the weakness surfaced), they could have used automated remediation to seek out all instances in which the network runs Java web apps using the Apache framework. Then, they could have used Apache’s readily available solution to fix the problem.

In the future, expect AI to do what Equifax’s cybersecurity staff didn’t do: seek out flaws in apps and apply necessary patches, because this type of work doesn’t require critical or subjective thinking. Credit card companies, such as Mastercard, are already using Design Intelligence, an AI program, to identify fraudulent transactions and false declines. It’s not a long-shot to expect a company like Equifax to to use AI for its security purposes too.

By Daniel Matthews

Daniel Matthews

Daniel Matthews is a freelance writer from Boise, ID. Daniel received his Bachelor’s in English from Boise State University in 2006, and is currently working on a book about the 2008 financial crisis. Widely-published online, he specializes in research and analysis that sheds light on the intersection of tech, business, and current affairs. Daniel is an avid writer and technology enthusiast whose mission is to bring journalistic integrity and informed opinions to his audience in ways that make them think differently about the world. You can find him on Twitter and LinkedIn.

View Website

CONTRIBUTORS

What’s Next In Cloud And Data Security For 2017?

What’s Next In Cloud And Data Security For 2017?

Cloud and Data Security It has been a tumultuous year in data privacy to say the least – we’ve had ...
What You Need To Know About Choosing A Cloud Service Provider

What You Need To Know About Choosing A Cloud Service Provider

Selecting The Right Cloud Services Provider How to find the right partner for cloud adoption on an enterprise scale The ...
The Good, Bad, and Downright Ugly Takeaways from WikiLeaks’ Vault 7

The Good, Bad, and Downright Ugly Takeaways from WikiLeaks’ Vault 7

WikiLeaks’ Vault 7 If you haven’t heard of the Vault 7 WikiLeaks data dump, you’ve probably been living under a ...
AWS S3 Outage & Lessons in Tech Responsibility From Smokey the Bear

AWS S3 Outage & Lessons in Tech Responsibility From Smokey the Bear

AWS S3 Outage & Lessons in Tech Responsibility Earlier this week, AWS S3 had to fight its way back to ...
The Five Rules of Security and Compliance in the Public Cloud Era

The Five Rules of Security and Compliance in the Public Cloud Era

Security and Compliance  With technology at the heart of businesses today, IT systems and data are being targeted by criminals, ...
3 Ways to Protect Users From Ransomware With the Cloud

3 Ways to Protect Users From Ransomware With the Cloud

Protect Users From Ransomware The threat of ransomware came into sharp focus over the course of 2016. Cybersecurity trackers have ...
Digital Transformation: Not Just For Large Enterprises Anymore

Digital Transformation: Not Just For Large Enterprises Anymore

Digital Transformation Digital transformation is the acceleration of business activities, processes, and operational models to fully embrace the changes and ...
Cyber Security Tips For Digital Collaboration

Cyber Security Tips For Digital Collaboration

Cyber Security Tips October is National Cyber Security Awareness Month – a joint effort by the Department of Homeland Security ...
Bryan Doerr

Cyber-Threats and the Need for Secure Industrial Control Systems

Secure Industrial Control Systems (ICS) Industrial Control Systems (ICS) tend to be “out of sight, out of mind.” These systems ...
Battle of the Clouds: Multi-Instance vs. Multi-Tenant Architecture

Battle of the Clouds: Multi-Instance vs. Multi-Tenant Architecture

Multi-Instance vs. Multi-Tenant Architecture  The cloud is part of everything we do. It’s always there backing up our data, pictures, ...

NEWS

Hackers shut down infrastructure safety system in attack: FireEye

Hackers shut down infrastructure safety system in attack: FireEye

Hackers shut down infrastructure safety system (Reuters) - Hackers likely working for a nation-state recently penetrated the safety system of ...
email as a service

Google Data Analysis, Artificial Intelligence and Predicting Vaccine Scares

Social media trends can predict tipping points in vaccine scares Analyzing trends on Twitter and Google can help predict vaccine ...
U.S. IT Sector Employment Expands by 8,100 Jobs in November, CompTIA Analysis Reveals

U.S. IT Sector Employment Expands by 8,100 Jobs in November, CompTIA Analysis Reveals

DOWNERS GROVE, Ill., Dec. 8, 2017 /PRNewswire-USNewswire/ -- New hiring in computer and electronics manufacturing and technology services and custom ...