In an interview with the WSJ's CIO blog, Lawrence Lessig proposes that the existence of cryptographic tools that allow for "zero-knowledge" data-querying, combined with the potential liability from leaks, will drive companies to retain less data on their customers.
It's a very lessigian analysis, grounded in the idea that social outcomes are driven by norms, code, law and markets. It's not enough for it to be technologically possible to do a lot of the kind of processing that companies desire without retaining data (code). There also must be rules that punish companies that leak user data (law), which drives the economic decisions to use the technology (markets), and changes what customers view as acceptable data-handling (norms).
I'm keenly interested in how this process could be accelerated. For example, what if insurers refused to offer policies to companies unless they used good, long random salts for their password hashes? Insurers aren't experts in infosec, but they're also not experts in fire-safety. Nevertheless, when it became apparent that they would lose money unless they imposed fire-safety practices on their customers, insurers came up with rules about how many sprinklers, exists, and alarms the businesses they wrote policies for needed to install.
If insurers actually attached pricetags to customer data -- assuming, say, that leaking name, social and date of birth would create $150 in liability from eventual class-action suits over losses -- and passed those costs onto companies, companies would start assuming that user-data was more like plutonium than oil.
The average cost per user of a data breach is now $240 … think of businesses looking at that cost and saying “What if I can find a way to not hold that data, but the value of that data?” When we do that, our concept of privacy will be different. Our concept so far is that we should give people control over copies of data. In the future, we will not worry about copies of data, but using data. The paradigm of required use will develop once we have really simple ways to hold data. If I were king, I would say it’s too early. Let’s muddle through the next few years. The costs are costly, but the current model of privacy will not make sense going forward.
If I ping a service, and it tells me someone is over 18, I don’t need to hold that fact. … The level of security I have to apply … [is not] the same [that] would be required if I was holding all of this data on my servers. This will radically change the burden of security that people will have.
I think the market will move strongly in that direction. Let the bank keep the money you have. You hold it once in awhile when you want to use it. That is the analogy here.
… I don’t hold data on how old you are, but I could of course capture that data once I ping the server. Then the law needs to control the actual uses of the data, make it possible for systems to insist on single-use purposes.
That … is what the future of privacy regulation looks like. I think the future will be one where I will be able to block (certain) data on a driver from being passed through to an insurance company.
Lawrence Lessig: Technology Will Create New Models for Privacy Regulation