AI and the Future of Identity Protection

Future of Identity Protection

There’s a lot of alarm over who stands to lose their job to automation and artificial intelligence. From fast food workers to toll booth operators, no doubt there’ll be some losses in the coming decades. But when it comes to identity protection and AI, the question shouldn’t be, “Who’s going to lose their job to artificial intelligence?” The real question should be, “Who should lose their job to artificial intelligence?

If AI could prevent identity theft better than certain cybersecurity specialists, it stands to reason those specialists should lose their jobs to AI. It’s impossible for AI to be “stupid” or to abdicate duties that are part of its algorithm.

Witness the words from chairman of the House energy and commerce committee, Greg Walden: “I don’t think we can pass a law that fixes stupid.” He is of course referring to the Equifax data breach, a giant loss of consumer identity data at the hands of unseen thieves. Equifax’s former CEO Richard Smith resigned after the company revealed the breach to the public. He blames the breach on “human error and technology errors.” What if human error wasn’t an option when it comes to protecting identity data? To the extent that it’s programmed correctly, artificial intelligence promises to do away with human error.

To our detriment, consumers have very few ways of protecting our identity information. The average case of identity theft results in a loss of $1,500 for the consumer. When it comes to protecting social security numbers, Consumer Protect, an activist network, recommends “Always keeping your social security number (SSN) secure. Do not keep your card in your wallet or write the number down on checks. You should only give someone this number when it is truly necessary.” But what if someone (such as Equifax) has this number without your permission?

Although the Government can’t draft a bill legislating the end of stupidity, it can pay attention to one of Mr. Smith’s recommendations. Smith thinks we should stop using social security numbers to verify identity.

It is time to have identity verification procedures that match the technological age in which we live,” Smith said.

For example, a company like Apple knows facial recognition AI is now advanced enough to place it at the heart of the new iPhone X. Apple’s Face ID learns from its mistakes, adjusting its algorithm based on continuing iterations of a user’s facial features. If you keep looking at your phone, it keeps updating its knowledge of your face. Your facial data are encrypted on the device, instead of being stored in a centralized location where hackers can access them. Apple says the chances a random person could access an iPhone X by looking at it are one in a million.

If a person’s face is directly linked to their social security account and credit card accounts, and the facial data isn’t stored on a network that hackers can crack, hackers are going to have a much harder time stealing identities.

But Mr. Smith isn’t offering an entire picture of what a company like Equifax could and should do with AI, and he’s not really addressing Mr. Walden’s assertion that Equifax was simply being stupid by leaving the gate open to hackers.

Equifax’s IT personnel chose not to update Java web applications that were vulnerable because of a fault in Apache Struts, which is an open-source Java app framework. In turn, this left Equifax’s data vulnerable because outsiders could write in malicious code. Blue Matador’s Philip Volmar points out, “What companies like Equifax want is security, uptime, and automated remediation. Instead, monitoring tools give them data, query tools, and reporting.

In other words, Equifax’s monitoring tools didn’t tell them the breaches were happening because they’re using an outdated, limited software stack. Moreover, with awareness of the Apache Struts weakness (which they did have because Apache immediately notified everyone using the framework when the weakness surfaced), they could have used automated remediation to seek out all instances in which the network runs Java web apps using the Apache framework. Then, they could have used Apache’s readily available solution to fix the problem.

In the future, expect AI to do what Equifax’s cybersecurity staff didn’t do: seek out flaws in apps and apply necessary patches, because this type of work doesn’t require critical or subjective thinking. Credit card companies, such as Mastercard, are already using Design Intelligence, an AI program, to identify fraudulent transactions and false declines. It’s not a long-shot to expect a company like Equifax to to use AI for its security purposes too.

By Daniel Matthews

Anita Raj

A Winning Data Strategy Series Part 3: From Data-driven To An Insight-driven Organization

Insight-driven Organization This is the third piece of a 5-part series on plugging the obvious but overlooked gaps in achieving digital success through a refined data strategy. Data is essential, yes. But the whole idea ...
David Gevorkian

Why Web Accessibility is Important and How to Avoid Lawsuits

Why Web Accessibility is Important In today’s digitally driven world, those with disabilities are normally the ones experiencing difficulties when using and navigating the web. This is the prime reason why web accessibility is conceived ...
Kayla Matthews

Higher-Ups More Likely to Break Policy, Data Breach Survey Finds

Data Protection Policies In an ideal scenario, the people at the highest levels of an organization would be the most likely to abide by data protection policies. Then, their positive behavior could set an excellent ...
Efficient Dispatch Operations with Spare Location Intelligence for DSPs

Efficient Dispatch Operations with Spare Location Intelligence for DSPs

Digitally transform operations of field technicians, design & planning team to reduce overall MTTR by 45% Most of the Digital Service Providers (DSPs) are struggling with the rising cost of repeat-dispatch and a higher Mean ...
Matt Holleran

Cloud Platforms, Marketplaces, and Startups

Cloud Platforms, Marketplaces, and Startups One of the most exciting recent developments in the cloud software business is the proliferation of partner ecosystems, with large public and late-stage private cloud companies creating their own marketplaces ...
Top 10 Tech Job Skills Predicted To Grow The Fastest In 2021

Top 10 Tech Job Skills Predicted To Grow The Fastest In 2021

Top 10 Tech Job Skills Predicted According to Burning Glass Technologies, the two tech job skills paying the highest salary premiums today and in 2021 are IT Automation ($24,969) and AI & Machine Learning ($14,175) ...