[nyc_data_geek1]

>> Data should be a liability.

This is the crux of it, methinks. "Data is the new oil" has been a common refrain and as long as the externalities of poor security posture hygiene can be completely outsourced while these companies make mountains of cash by monetizing your every scrap of behavior, attention and information, this will only get worse as every entity seeks to hoard more information on you.

Keeping more data than absolutely necessary for critical business operations should be an existential threat for any entity. Those businesses built on this data ought to take Fort Knox level pains to secure it. Anything short of that and we will continue to exist in a society of deteriorating trust and social contract.

[cco]

A framing I often use is, "Data is like holding uranium". It can be incredibly valuable, but also very dangerous. You should be very sure that the data you're holding is worth the cost of safely protecting it (a high cost), and if it is not, get rid of it.

Stripe is a good mental model here, I don't want a person's credit card data, I want to charge them for my product. I love storing a Stripe customer ID, if a hacker were to grab that table, I wouldn't lose (a lot) of sleep, they couldn't do much with it. If that table held credit card data...I would.

That farms out a lot of responsibility to Stripe, but for a side project, I don't have the time necessary to do as good of a job at it relative to Stripe.

[mhb]

FWIW, most other merchant credit card processors also handle this using tokens, encrypting credit card keypads, etc.

[SV_BubbleTime]

And have for 25 years been or so. Authorize.net predates a lot and this was always their main feature, they run it and you get the OK and an ID.

[e_i_pi_2]

I think GDPR was a great step in this direction, even with the annoying cookies popups. There's some states in the US with similar laws basically saying "it's legal for you to collect this data, but if you do you need to build systems for people to request all the data tied to them and for it to be deleted". Hopefully the next step would be to make data sharing opt-in, while it's somewhat limited it is really nice that iOS makes apps request access to different data.

I'm really curious how effective these are in practice if someone got logs or backups, but it at least gives people a path to know what data is there remove the active copies

[SoftTalker]

We also need changes so that posession of identifying information is not sufficient to establish identity. That sounds like a tall order but clearly this information is leaking all over the place and just because someone has my identifying numbers and date of birth and mother's maiden name and signature and fingerprints and whatever else, should not be adequate to gain access to bank accounts or execute contracts and other legal agreements.

[zrm]

The hard part of this isn't that we don't know how to do it, it's that people don't like the consequences of it.

Your bank can give you a bank card with cryptographic keys in it and then you need the card to make a transaction. But then if you lose the card...

At which point we fall back to birth certificates and things because there's nothing else available. The alternative would be that if you lose your bank card, you lose your money. Which could be mitigated by e.g. having backup cards that you keep at home in a safe, but some people would lose those too, and what then?

[MereInterest]

Why would losing your bank card mean losing your money? The bank card would be there to establish identity when performing a transaction. Going to a branch in person with government-issued photo id would be the way to establish identity when generating a bank card. It’s a pain to do, but it only needs to be done for a new account or to revoke/replace a card.

By analogy, the cryptographic key on the bank card is a cross between a session token and a private key. Like a private key, it is never directly exposed for verification. Like a session token, it can be replaced.

[zrm]

> Going to a branch in person with government-issued photo id would be the way to establish identity when generating a bank card.

You need to bootstrap it all somehow. All you've done is move the authentication problem to how you get a government id.

Suppose your house burns down and you're standing on your lawn in your pajamas with no identity documents of any kind. What now?

[SoftTalker]

At least walking into a bank with a fake birth certificate and other forged identty is not a form of impersonation that can be done remotely and at scale.

[e_i_pi_2]

I think there's generally considered to be three classes of authentication methods

- something you know, like a password - something you have, like an RFID card - something you "are", like a fingerprint

You can add multiple of these and choose from different categories to add security, but each time you do it also gets less convenient. You could require a birth certificate, DNA test, and social security number for any access to a bank account, but then it wouldn't really work as a checking or savings account, and if you lose your birth certificate you're locked out of your account.

Definitely worth considering the other side - when you need to access the account how much inconvenience and delay are you willing to put up with before you can? For a checking account it seems like people usually just want a single one of them - the debit card, account login, or face/fingerprint to authenticate

[ronsor]

> "Data is the new oil"

The common usage of this phrase isn't too inaccurate. Keep in mind what oil does to the environment, not just during spills but even in normal refining!

[PakG1]

When oil is refined, it feeds energy consumption, which can have both positive and negative effects. When data is refined, it feeds AI, which can have both positive and negative effects.

When oil spills, it causes toxic damage to the environment. When data spills, it causes damage to society's individuals and the firms that should have kept the data secure.

It's not a perfect analogy, but there are some similarities.

[zoom6628]

Would be good to get a value on this liability onto a company’s balance sheet. This could be done as a value of risk, or a cost of insuring against data exposure (should be govt mandated to have insurance). If Lloyds can insure against weather and piracy then someone should be able to underwrite insurance against data breaches.