October 6, 2017

AI and the Future of Identity Protection

By Daniel Matthews

Future of Identity Protection There’s a lot of alarm over who stands to lose their job to automation and artificial intelligence. From fast food workers to toll booth operators, no doubt there’ll be some losses in the coming decades. But when it comes to identity protection and AI, the question shouldn’t be, “Who’s going to […]

Future of Identity Protection

There’s a lot of alarm over who stands to lose their job to automation and artificial intelligence. From fast food workers to toll booth operators, no doubt there’ll be some losses in the coming decades. But when it comes to identity protection and AI, the question shouldn’t be, “Who’s going to lose their job to artificial intelligence?” The real question should be, “Who should lose their job to artificial intelligence?

If AI could prevent identity theft better than certain cybersecurity specialists, it stands to reason those specialists should lose their jobs to AI. It’s impossible for AI to be “stupid” or to abdicate duties that are part of its algorithm.

Witness the words from chairman of the House energy and commerce committee, Greg Walden: “I don’t think we can pass a law that fixes stupid.” He is of course referring to the Equifax data breach, a giant loss of consumer identity data at the hands of unseen thieves. Equifax’s former CEO Richard Smith resigned after the company revealed the breach to the public. He blames the breach on “human error and technology errors.” What if human error wasn’t an option when it comes to protecting identity data? To the extent that it’s programmed correctly, artificial intelligence promises to do away with human error.

To our detriment, consumers have very few ways of protecting our identity information. The average case of identity theft results in a loss of $1,500 for the consumer. When it comes to protecting social security numbers, Consumer Protect, an activist network, recommends “Always keeping your social security number (SSN) secure. Do not keep your card in your wallet or write the number down on checks. You should only give someone this number when it is truly necessary.” But what if someone (such as Equifax) has this number without your permission?

Although the Government can’t draft a bill legislating the end of stupidity, it can pay attention to one of Mr. Smith’s recommendations. Smith thinks we should stop using social security numbers to verify identity.

It is time to have identity verification procedures that match the technological age in which we live,” Smith said.

For example, a company like Apple knows facial recognition AI is now advanced enough to place it at the heart of the new iPhone X. Apple’s Face ID learns from its mistakes, adjusting its algorithm based on continuing iterations of a user’s facial features. If you keep looking at your phone, it keeps updating its knowledge of your face. Your facial data are encrypted on the device, instead of being stored in a centralized location where hackers can access them. Apple says the chances a random person could access an iPhone X by looking at it are one in a million.

If a person’s face is directly linked to their social security account and credit card accounts, and the facial data isn’t stored on a network that hackers can crack, hackers are going to have a much harder time stealing identities.

But Mr. Smith isn’t offering an entire picture of what a company like Equifax could and should do with AI, and he’s not really addressing Mr. Walden’s assertion that Equifax was simply being stupid by leaving the gate open to hackers.

Equifax’s IT personnel chose not to update Java web applications that were vulnerable because of a fault in Apache Struts, which is an open-source Java app framework. In turn, this left Equifax’s data vulnerable because outsiders could write in malicious code. Blue Matador’s Philip Volmar points out, “What companies like Equifax want is security, uptime, and automated remediation. Instead, monitoring tools give them data, query tools, and reporting.

In other words, Equifax’s monitoring tools didn’t tell them the breaches were happening because they’re using an outdated, limited software stack. Moreover, with awareness of the Apache Struts weakness (which they did have because Apache immediately notified everyone using the framework when the weakness surfaced), they could have used automated remediation to seek out all instances in which the network runs Java web apps using the Apache framework. Then, they could have used Apache’s readily available solution to fix the problem.

In the future, expect AI to do what Equifax’s cybersecurity staff didn’t do: seek out flaws in apps and apply necessary patches, because this type of work doesn’t require critical or subjective thinking. Credit card companies, such as Mastercard, are already using Design Intelligence, an AI program, to identify fraudulent transactions and false declines. It’s not a long-shot to expect a company like Equifax to to use AI for its security purposes too.

By Daniel Matthews

Daniel Matthews

Daniel Matthews is a freelance writer from Boise, ID. Daniel received his Bachelor's in English from Boise State University in 2006, and is currently working on a book about the 2008 financial crisis. Widely-published online, he specializes in research and analysis that sheds light on the intersection of tech, business, and current affairs. Daniel is an avid writer and technology enthusiast whose mission is to bring journalistic integrity and informed opinions to his audience in ways that make them think differently about the world. You can find him on Twitter and LinkedIn.

Azure Free Tier vs. AWS Free Tier: Which Provides More Value?

Cloud computing has become a cornerstone for the digital transformation of businesses. From startups to [...]
Read more

AI at the Gate: Navigating the Future of Cybersecurity with SonicWall’s Bobby Cornwell

Navigating the Future of Cybersecurity In the face of the digital age’s advancements, AI’s role [...]
Read more
Steve Prentice

Episode 19: Why AWS Needs to Become Opinionated about FinOps

On today’s episode of the CloudTweaks podcast, Steve Prentice chats with Rahul Subramaniam, CEO at CloudFix [...]
Read more

Lambda Cold Starts: What They Are and How to Fix Them

What Are Lambda Cold Starts? Lambda cold starts occur when AWS Lambda has to initialize [...]
Read more
Jeff DeVerter

Charting the Course: An Interview with Rackspace’s Jeff DeVerter on AI and Cloud Innovation

Rackspace’s Jeff DeVerter on AI & Cloud Innovation In an insightful conversation with CloudTweaks, Jeff [...]
Read more
Metasploit-Penetration-Testing-Software-Pen-Testing-Security

Leading Cloud Vulnerability Scanners

Vulnerability Scanners Cyber security vulnerabilities are a constant nuisance and it certainly doesn’t help with [...]
Read more

SPONSORS

SPONSOR PARTNER

Explore top-tier education with exclusive savings on online courses from MIT, Oxford, and Harvard through our e-learning sponsor. Elevate your career with world-class knowledge. Start now!
© 2024 CloudTweaks. All rights reserved.