Sunday, July 03, 2005

Dataflation Defined

I came up with the term dataflation to describe an emerging phenomenon, one that could have some fairly serious implications for the future of many things (e-commerce and personal security to name a few). As the inventor of this term, I reserve the right to tweak the definition at some later date, but here is my first stab at it:
  • Dataflation: the tendency of data to rapidly lose value due to factors such as large-scale unauthorized access, excessive abuse and loss of confidentiality.
I do not claim to understand all of the implications of dataflation, I don't think anyone can at this stage. But dataflation is real and it is going to cause problems. Consider the fact that, in the first six months of 2005, the media has reported the exposure of 66 million personal data records belonging to Americans. (I have listed the cases here.) According to the 2000 census there are 210 million Americans age 18 or older. Given the big security breaches that occurred in 2004, it is possible that data relating to one in three American adults is now "out there," meaning it is available to be abused.

This is personal data that cannot easily be sucked back or reflated. To paraphrase the definition of inflation, we are talking about a persistent increase in the open availability of previously confidential consumer data or a persistent decline in the value of that data, caused by an inability to adequately control unauthorized access.

You cannot change your date of birth or your mother's maiden name. Your Security number is hard to change. Moving to a new address is a pain. Changing banks or switching jobs is not always practical. Yet these are the pieces of information out of which an identity thief can fashion your likeness so as to incur debts and acquire goods and services in your name.

And what if that happens? The personal cost can be enormous. Even if you can avoid paying fraudulent debts, the amount of time and stress it costs you can take a heavy personal toll. So who will pay that toll? The company that exposed your data? I don't think so. For a start, how are you going to prove that an identity thief got your data from Company A versus Company B? The first company that finds itself facing negligence claims pertaining to the exposure of your data will defend itself with the very fact of dataflation, i.e. tens of millions of records were compromised by dozens of companies in the first six months of 2005 alone.

Ironically, the aggregation of industry-wide gross negligence means that for John Doe to pin the blame on the donkeys that were supposed to be protecting his data is now an all but impossible task, unless he can get a signed confession from the identity thief himself that says, "Yes, I got Mr. Doe's data from a Citigroup computer tape that I stole from a UPS truck."

Do you see what I'm saying? There is a one in three chance your data is out there already. I'd say there is a 50/50 chance that basic personal data on half of all Americans will have been exposed by the end of the year. At that rate everyone's data is going to be compromised within a frighteningly short span of time.

There are plenty of studies that show the rampant insecurity of personal data is holding back the growth of e-commerce. One indication of dataflation is that growth in electronic trust and e-commerce cannot happen without more and more personal data. More user names, more passwords, more secret questions and answers, more unique identifiers. But at the current rate of data exposure, electronic trust will continue to decline as dataflation increases. That, along with all the fraudulent charge write-offs, could hurt the economy just as much as traditional monetary inflation .

Stephen

No comments: