This article can also be found in the Premium Editorial Download "Information Security magazine: Security 7 Award winners unmasked."
Download it now to read this article plus other related content.
In the first six months of 2005, 66 million personal data records were reportedly compromised. This number--and the phenomenon it represents--marks a new phase of the information age. We don't even have the vocabulary to describe what is happening to personal data, much less to understand all the implications.
In a modest effort to remedy this, I propose a new word: dataflation, defined as the destabilizing tendency of data to lose value due to factors such as large-scale unauthorized access, excessive abuse and loss of confidentiality.
Let's first put that 66 million in context. The most recent U.S. census estimates that 210 million Americans are 18 years or older. Factor in the numerous security breaches of 2004 and the continuing upward trend in unauthorized access to personal data, and it's entirely possible that confidential data relating to one in three American adults is now out there--and available to be abused. We're talking about your Social Security number, date of birth, mother's maiden name, employer, bank and credit card account numbers, user name and password--the raw material of identity theft, fraud and other forms of information abuse.
Remember, some of this data cannot be changed, and what can be changed is at a great cost to us and the fabric of our society and economy.
Think of dataflation in terms of the supply of and demand for data that's unique to an entity or individual--an emerging science we could call "infoseconomics."
The negligence, incompetence and malfeasance of institutions and individuals charged with protecting the confidentiality of personal data creates a flood of recycled identifiers, passwords and account numbers.
The search for fresh sources of unique identifiers is leading some folks toward biometrics, but unless we protect biometric data better than existing personal data, I see nothing to prevent this emerging technology from also succumbing to dataflation.
What does all this mean? Trust is vital to commerce, and the lack of trust is an impediment to widespread prosperity. I suspect that for e-commerce to continue to contribute to the growth of our economy, it will require more user names, more passwords, and more secret questions and answers.
But, without a drastic reduction in the rate of data exposure, electronic trust--the basis of e-commerce--will decline as dataflation takes its toll. Over the next few years, the effects of dataflation--a stalling or reversal of the rate of e-commerce uptake, sales lost, fraudulent charges written off--will hurt the economy more than traditional monetary inflation.
This was first published in September 2005