Saturday, March 5, 2016

"Tackling the Future of Digital Trust—While It Still Exists"

This is a subject the Financial Times' Izabella Kaminska has been hammering home for the last couple years, usually in connection with fintech or cryptocurrency but also more generally. Here RAND and UC Berkeley join in via the brainiacs at the Institute of Electrical and Electronics Engineers, Feb. 26, 2016.

From IEEE Spectrum:
Last week, some 50 cybersecurity experts and observers took on a unique challenge: imagining a future in which bad things have happened in the digital world, and figuring out how to recover from them. The event, designed to help form solutions to problems before they happen, rather than in a panicked reaction afterwards, was sponsored by the Hewlett Foundation and run by the Rand Corp. and the University of California at Berkeley’s Center for Long-Term Cybersecurity.
In the second of two workshops (I wrote about the first workshop, on IoT security, here), the participants, split into groups of eight or so, tackled the idea of digital trust. Among the important questions were: When digital trust is broadly compromised, how do we rebuild it? and How do people identify themselves in the meantime?
Here’s the scenario that kicked off our deliberations:

It is March 2021, and the trafficking of medical records is commonplace. Just last year, a four-year-old girl died after ER physicians administered a medication to which she was allergic. Her medical records had been stolen and sold, and the information had been modified to fit the profile of the buyer’s daughter. We also learned last year that the Drug Enforcement Authority IDs issued to about 100 doctors—the credentials that let them sign electronic prescriptions—were stolen. Looking back at recent events, we remember when the theft of electronic medical records—like the 2015 breach of 90 million health records held by Anthem and Premera—shocked us. (Though that 2015 data breach was folded into our cybersecurity fantasy scenario, it was, of course, not fictional.) 

Internationally, in 2018, local elections in India were disrupted when people with Muslim or Sikh surnames were turned away from the polls because their voting registrations had been deleted. In the U.S., a Department of Motor Vehicles database hack compromised 10 million driver’s license records. One state, fearing that imposters would vote multiple times in a close statewide election using phony credentials, reissued new licenses to all drivers in that state.

And, in early 2021, auditors discovered randomly added small amounts, on the order of pennies, to countless transactions at credit and debit clearing providers, with over $100 million stolen and systems shut down for a day to fix. Also in 2021, all three credit reporting agencies were hacked, with false histories created, and real histories altered. Finally, the Electronic Payments Network and the Automated Clearing House, both organizations that process transactions between financial institutions, was hacked. The hack was quickly discovered and patched, but the fix was bungled and phony transactions still went through—to the tune of billons of dollars. At this point, the clearinghouses are manually checking all transactions, slowing the system horribly. People are lining up at banks and ATMs looking to get their hands on cash, and paycheck and other automatic deposits are erratic.

That was the dire scenario. The challenge: Figure out how to restore and maintain trust in the global economy....