Last week, some 50 cybersecurity experts and observers took on a unique challenge: imagining a future in which bad things have happened in the digital world, and figuring out how to recover from them. The event, designed to help form solutions to problems before they happen, rather than in a panicked reaction afterwards, was sponsored by the Hewlett Foundation and run by the Rand Corp. and the University of California at Berkeley’s Center for Long-Term Cybersecurity.
In the second of two workshops (I wrote about the first workshop, on IoT security, here), the participants, split into groups of eight or so, tackled the idea of digital trust. Among the important questions were: When digital trust is broadly compromised, how do we rebuild it? and How do people identify themselves in the meantime?
Here’s the scenario that kicked off our deliberations:
It is March 2021, and the trafficking of medical records is commonplace. Just last year, a four-year-old girl died after ER physicians administered a medication to which she was allergic. Her medical records had been stolen and sold, and the information had been modified to fit the profile of the buyer’s daughter. We also learned last year that the Drug Enforcement Authority IDs issued to about 100 doctors—the credentials that let them sign electronic prescriptions—were stolen. Looking back at recent events, we remember when the theft of electronic medical records—like the 2015 breach of 90 million health records held by Anthem and Premera—shocked us. (Though that 2015 data breach was folded into our cybersecurity fantasy scenario, it was, of course, not fictional.)
Internationally, in 2018, local elections in India were disrupted when people with Muslim or Sikh surnames were turned away from the polls because their voting registrations had been deleted. In the U.S., a Department of Motor Vehicles database hack compromised 10 million driver’s license records. One state, fearing that imposters would vote multiple times in a close statewide election using phony credentials, reissued new licenses to all drivers in that state.
And, in early 2021, auditors discovered randomly added small amounts, on the order of pennies, to countless transactions at credit and debit clearing providers, with over $100 million stolen and systems shut down for a day to fix. Also in 2021, all three credit reporting agencies were hacked, with false histories created, and real histories altered. Finally, the Electronic Payments Network and the Automated Clearing House, both organizations that process transactions between financial institutions, was hacked. The hack was quickly discovered and patched, but the fix was bungled and phony transactions still went through—to the tune of billons of dollars. At this point, the clearinghouses are manually checking all transactions, slowing the system horribly. People are lining up at banks and ATMs looking to get their hands on cash, and paycheck and other automatic deposits are erratic.
That was the dire scenario. The challenge: Figure out how to restore and maintain trust in the global economy.
My team focused on considering how people can identify themselves when the most common form of identification—the driver’s license—is no longer trusted. The group quickly eliminated the possibility of using biometrics, reasoning that, in this world, you’d have to assume that biometric data was also compromised. Instead, we talked about an expanded and automated form of multifactor authentication, in which cell phone location data and general behavior is used to identify people. This, of course, would trade off privacy for more secure identification. We also talked about financial records verification that would push a bit of a burden on the user—that is, pushing transactions information to a personal ledger, perhaps kept on a cell phone, to enable quick checks of credit card and other statements. And the group proposed a national consortium—a U.S. Trust Service similar to the U.S. Digital Service—that would help companies share best practices and work on building authentication tools.
Other groups suggested:
- Issue a Common Access Card (CAC) to every citizen. These smart cards are used by the military for identification; blanks, one participant reported, are stored around the country.
- Create webs of trust. Develop a mobile phone app that links nearby users via NFC and asks them to sign off on the identity of people they know; use this information to create a social graph verifying identity; weaken the authority of people who seem to casually sign off on identities.
- Use DNA to establish persistent identifiers of individuals
- Create insurance policies for breaches of information that are not monetary, similar to the FDIC’s insurance on bank accounts
- Let consumers freeze certain financial transactions. Allow a person to say, for example, that they are not going to buy a house, or make a certain sized withdrawal, for some number of years
- Make two-factor authentication mandatory.
- Issue each individual a public/private key pair at birth
Finally, one team expressed what seemed to be a common sentiment—that the best thing one could do is already impossible.
“We should go back to 1995 and get this right. This is like climate change, we are too far along to stop bad things from happening in the future; we can just try not to make it worse. We have already gathered too much personal identity information in insecure databases; the rupture will happen. When it does, we just have to make sure we don’t gather more information in response that makes it worse.”
Rand will publish the full details of these deliberations later this year.