The Future of Security: A Roundtable
Kevin Poulsen
22427

We Need To Protect *All* Personal Data

One of the most pressing issues is the volume of sensitive information about individuals that companies collect every day. Private companies track who we are, where we are, what we’re interested in, who we talk to, and what we want to buy. On the one hand, people have learned how to mine data like this in order to build incredibly useful products and well-tailored experiences. On the other hand, they’ve also created an incentive for companies to collect and store as much information about individuals as possible, on the off chance that it’ll come in handy one day.

Sam Quigley, Head of Information Security / Square

Unfortunately, the commercial incentives to protect that information aren’t nearly as strong. Some data elements, like credit card numbers, are highly regulated — but most personal information is not. Protecting personal information is an explicit focus of my team at Square, and I’m sure it’s a priority for my fellow panelists as well, but the laws are vague enough (and enforcement actions rare enough) that many companies don’t think twice about the potential downsides of the information they collect.

This is a worrisome enough trend in a purely online context, but the rise of connected devices means that we’re all carrying tons of sensors around with us all the time. The data those devices collect is much more intimate — and while I think some startups are starting to tap the commercial potential of it, criminals are just starting to find ways to abuse it.

Directly monetizable personal data, like credit card numbers and identity information, has been for sale on underground markets for a long time now. We’re starting to see other forms of stolen information traded now as well, including databases from non-financial institutions. Pair that with a trend toward end-user extortion and ransomware, and it’s unfortunately easy to imagine a future in which criminals know as much about us as companies do and data breaches routinely lead to blackmail. Until we get ahead of things and align companies’ incentives with those of their customers, this is likely to remain one of the most pressing issues of the next decade.

The Future of Security Roundtable is a Google-sponsored initiative that brings together thought leaders to discuss how we can best protect ourselves from the data breaches and security risks of tomorrow. Panelists are not affiliated with Google, and their opinions are their own. Read the post that kicked off the roundtable here and feel free to join in the conversation.