Skip Stein
Consulting Services

Case for Universal Identification & Security of Data

The Growth Industry


You hear and read about breaches in security and distribution of 'secure documents' retrieved through broken security systems. There is identity theft run rampant. Financial institutions loose data files, are compromised and otherwise accessed by unauthorized individuals or systems.


There is a major issue with data security in the USA and around the Globe. Almost nothing is truly secure. Systems security is full of holes. Software is riddled with errors and is untested and prone to failure. Individual identities are stolen and comprised on a regular basis; it is a growth industry! The business and personal losses continue to mount. Government institutional breaches and losses are unreported but must be equally mountainous.


Corporate information, like personal identities are subject to espionage and theft just as governments. Corporate security has long been an afterthought. Corporate systems are riddled with holes. Policies and procedures do not provide security. Cell phones with cameras, scanners; thumb drives with almost unlimited storage make corporate data theft almost too easy. Going through the corporate dumpster is no longer necessary when hacking into the company's data warehouse is so much cleaner and often easier!


Why does this continue? Mostly because of lack of planning, strategic and tactical. Today, almost everything is digital. From computers, microwaves, e-books, financial records, military strategies, to wrist watches; everything is digital. Our very lives are recorded in the minutest detail by digital video cameras, cell phones, email and a host of other 'services'. Data is stored and seldom deleted. These digital records may persist forever. All of it pretty much unsecured, not encrypted; just open for observation to those who are willing to spend a bit of energy and resources to hack into systems and data stores.


No one foretold of this massive data warehouse nor planned it. It just kind of happened. The resulting mess is untold Petabytes of data stored on untold devices secreted around the planet. Much if not most, pretty much unsecured if you know how to access it. It is all linked and connected to the Internet!


Individuals have so many passwords and ID's that they need data base tools to keep track of them all. Every site requires a user identifier and password; many with different requirements as to the style, type and properties required. Most use an email address for user identification. I mean, how dumb can you get? Most people have multiple email addresses and those change over time. Employers provide email addresses, individuals sign up for free email services (hotmail, gmail, live and others). Many individuals have personal web sites with personalized email services. Email addresses change over time. Many change email addresses due to spammers finding them. It is easier to change email addresses than stay off the spammer's lists. Every site with a newsletter or something to sell requires a user identifier and password!


Ages ago, the USA Federal government made an attempt to create individual identification numbers with the Social Security Administration. This was way before computers were everywhere and paper documents were the rule. Everyone who paid taxes received a Social Security Number; it was universal, but restricted to ONLY use by the Social Security Administration and the Internal Revenue Services.


Then came the computers and the Social Security Number was a convenient identifier, so personnel departments started using it for record keeping; no matter that it was illegal to do so! Then there were credit cards and credit bureaus. They all used the Social Security Number to tag and index individual records; it became universal and totally uncontrollable. This single point of identification made it easy to steal a person's identity, personal information, bank account and credit cards and just about everything else. Identity Theft became a proper noun and an industry was born.


So what can we do to restrict the unauthorized flow of information? We must encrypt everything! Encryption may be the answer, but implementing it on the huge scale required will require enormous resources. There really is no choice unless we want total chaos and anarchy. As data continues to accumulate the problem only gets worse. Then there is the issue of organization of all this massive amount of data. Without organization of some kind, restricted access is not possible. At the same time, organization of the data makes illegal search and retrieval easier. What to do?


Well if you had a secure, uniquely index-able, identifiable and totally secure ways to maintain the data stores it would help. Social Security Numbers are out as they have already been fully compromised. The best way is to design and implement a unique personal identifier; controlled and maintained by the individual. Something like a public and private key structure first created by Phil Zimmerman, inventor of Pretty Good Privacy (PGP) may be a concept worth exploring.


The public key would be used by law enforcement and other agencies to record their own encrypted data store, indexed by the individuals public key. Personal information maintained by the individual would be encrypted by the personal private key. The key itself? Maybe some sort of biometric identifier at a cellular/DNA level totally unique to the individual. Digitally encrypted to untold complexity this may provide some measure of security for individual records.


Healthcare, financial and other penultimate secure data then could only be accessed by the cellular/DNA signature of an individual, corporation or Government personnel authorized by their public key and validated by their personal key. Science fiction tales aside, a life signature or biometric 'proof of life' component would eliminate the ability to steal a living persons cellular/DNA signature.


These cellular/DNA signatures and encryption keys would have to be available to link to others for authorized access at a variety of levels. Healthcare records would require access by family members, medical institutions and others. Financial records by banks, the IRS and other financial records management concerns could use the public key to access authorized information. Data stores and secure data keys for access would require postmortem access as well as when the deceased's will is decrypted and accessed.


Currently there are numerous personal and company level encryption services available. Open source encryption, like TrueCrypt is available to individuals and companies to securely encrypt information. Yet, few choose to utilize this most basic tool for securing data. Security is something few think about until it is breached then everyone screams, Why? Well the answer is that no one planned for security in the first place and we now have to retrofit countless systems and data stores. It too will be a booming business!~


There are a host of issues with which to be dealt, but we need something soon as the current state of affairs is in total disarray! I obviously don't have the answer, but can at least pose the question and state the problem. Security will be the growth industry in 2011 and beyond; necessary to counter ongoing and progressively aggressive identity theft criminals.


Skip Stein

President

Management Systems Consulting. Inc.

Orlando, Florida USA