Former Equifax CEO Rick Smith, in testimony to Congress last week, dodged repeated questions from Sen. Elizabeth Warren about whether consumers do, or should, own the personal data that makes up their identities. The senator’s line of questioning and Smith’s squishy answers point to a major problem in our systems of financial and personal trust, a problem that many people have begun to take note of in the last few weeks.
The recent breach of Equifax, in which over 143 million personal identities were compromised, has led many to rightly ask questions about who should own and control individuals’ sensitive personal information. The current system in which three private corporations act as gatekeepers and arbiters of the financial viability of the entire U.S. population while relying on clearly insufficient security apparatus must change. It puts every single person’s Social Security Number, financial history and other critical information at risk of exploitation by hackers and the dark web. This vulnerability, in turn, exposes the entire global economy to massive volatility.
This issue is personal to me. I had my identity stolen in 2010, and I am still dealing with the ramifications. But there is a way to protect individuals and give them ownership of their personal data, and the basis of the solution lies in the blockchain.
Current systems, like the one compromised in the Equifax breach, store information in siloed, centralized databases that are obvious targets for hackers. These must be guarded with firewalls and other defensive measures. By contrast, information stored on a blockchain is verified by a consensus of computers or “nodes” located around the world. In order to breach such a system, a hacker would need to compromise each one of thousands of nodes in each instance, which is cost prohibitive and effectively impossible.
Under such a framework, each component of a person’s “identity” — credit cards, date of birth, bank account information, etc. — can now be shared securely in a way that has not been technically possible until now. Because the data is stored in a distributed way that is extremely resistant to malicious attacks, and because data sharing is encrypted and controlled by each separate user, he can go about his financial life without putting his entire identity at risk. A situation in which hundreds of millions of Social Security numbers are sitting idly in a database waiting to be stolen by hackers simply does not exist with a blockchain system.
This sort of decentralized identity ownership will be a boon for businesses as well. Here’s an example: A major credit card company is evaluating a potential customer’s credit profile. Using the infrastructure of a distributed ledger, the company can securely view the applicant’s financial information without actually taking possession of it, since that data is and always will be owned by the end user. That drastically reduces the liability for a company managing people’s data.
Likewise, once the applicant is approved and receives their new credit card, they will want to make, for example, a purchase through a major online retailer. The credit card information is cryptographically shared with the vendor and the transaction is complete. Neither the credit card company nor the retailer needs to maintain records of this information in its own databases. They pay a small fee for each transaction. In turn, they are relieved of the massive financial, regulatory and reputational risks in storing customers’ most sensitive information, and they are freed to focus on the services they sell to customers.
The technology exists today to create a world in which breaches like Equifax no longer threaten to upend the lives and disrupt the futures of hundreds of millions of hardworking people. The time is right to change the way the world does business around people’s identities.
Jed Grant is the CEO and Lead Architect of Peer Mountain, a blockchain-based software platform focused on giving individuals secure ownership of their personal data. He also is founder of KYC3.com, which delivers reporting and research solutions for professionals looking to mitigate risk through the use of data mining and analysis of unstructured big data. He serves on the boards of directors of Infrachain, The Institute for Global Financial Integrity, and AMCHAM Luxembourg. Mr. Grant is also Adjunct Professor at the University of Luxembourg.