You’ve just glanced over a list of some of the major data breaches from the last year, presented as the number of stolen data records.
Let’s dive deeper.
The number of annual data hacks in the US has grown from 157 millions in 2005 to an astonishing 1.5 billion in 2017. The most common type of data breach is identity theft (69 percent of all global hacks in 2017, see graph). Solely in the United States, companies experience an annual loss of more than USD 525m due to cybercrime (compared to USD 1.3bn in losses reported globally, see graph).
It’s getting more and more difficult for policymakers and Internet companies to keep up with the creativity and sophistication of online crime. From infected X-Ray machines, ongoing cyber wars, to prospects of AI-enabled terrorism, cyber security issues have appeared not only on top of the agendas of policymakers worldwide, but also high on our personal priority lists.
We’ve talked with Steve Shillingford, co-founder and CEO of Anonyome Labs, the company behind SudoApp and SudoPay apps. Anonyome Labs’ products enable consumers to create Sudo identities (digital extensions of you) that shield your personal and private information from strangers, corporations, and the rest of the online world. Sudo identities come with a customizable name, email, phone number and private browser—so you can talk, text, email and browse safely and securely. The company's mission is focused on bringing control over our online privacy back to us, the end users.
Steve Shillingford: No.
Not a huge social media person, but any that provide a strong authentication mechanism, like two-factor authentications are a great start.
We believe privacy is a human right. We should have the right to control and protect our personal and private information. Having this freedom gives us the safety and security we need for the modern, digital world.
Anonyome Labs' Mission Statement
I can only speak from a US-based perspective, but it’s clear that our politics, cultural landscape, and tribalism have only gotten worse. I think the world is in a transitional moment, moving away from central authorities – whether those are governments or corporations (like Facebook and Google) – towards a decentralization.
In politics, this is evidenced in the US by the election of an outsider in the form of Donald Trump. If you believe the Russians elected Trump, you still have to explain other populist movements in Europe like Brexit, Austria, and even recent German elections.
There’s a worldwide movement to resist centralised governance. In the digital realm, we’ve already seen great power wielded by Internet giants who’ve consolidated power by virtue of their scale, data mining, and insidious manipulation of feeds and searches. People have naturally resisted this. Ad blocker usage has soared from virtually zero in 2010 to over 500M users today. Alternative search engines like DuckDuckGo have seen a rapid rise in use, and over 200M people have deleted their Facebook accounts. I firmly believe the advent of the blockchain and its killer application – cryptocurrency – are a direct response to the lack of accountability in the financial sector.
Privacy, in its simplest form, is the right to be let alone. When so much of our social and political world is regulated, harvested, and controlled by a select few, there is an inherent danger to freedom of expression. That is what we’re fighting for. It’s not that we have things to hide, but rather, it’s that we have things we just choose not to share. Today, it’s very difficult. We hope tomorrow, it will be very different.
We’re kidding ourselves to think that governments will be any good at regulating technology specifically. They lack both the competence and efficiencies to keep up. However, what they are very good at is legislating broad parameters and letting markets operate within those boundaries. The Sherman Antitrust Act is a great example. Passed in the United States in the early 1900s, it was simply meant to prevent inordinate power accruing to a select few. At that time, oil and railroad companies were the worst offenders. That act works today, but the offenders are Facebook, Google, and others who seek to dominate both our digital identities and what those identities are exposed to. We don’t need more laws, we need more existing law enforcement.
The US and EU are setting the agenda, but my experience suggests their goals are more self-serving. That is, they are looking to promote status quo (or more) for surveillance and prevent any major kinetic attacks from the usual suspects.
With regards to GDPR, I want to praise the EU authorities, who drafted it for their intent. Unlike the US, they are clearly trying to provide more protection for individuals. Unfortunately, the net result, I believe, will be an Internet tax for EU citizens and a ridiculously handsome payout for lawyers using it to sue. I think the US, as well as the EU countries are making valiant attempts to enhance their citizens’ security.
But the problem is ceaseless. Cyber threats are asymmetric. An enemy can take an infinite number of “shots” and only needs one to be successful. These governments need to literally be “correct” every single time. Moreover, many if not all attacks involve human error which is impossible to prevent. As long as humans are in control (and that may not be that long), this will be an intractable problem, in my opinion.
I’m hopeful but pessimistic. While I do think people’s eyes have been opened, there’s a sense of “what else can I do?”. Until someone provides an alternative, there’s lots of friction involved in change. Having said that, we’ve seen great platforms “fall” overnight. There was a word processor before MS Word that had 90% of the market called WordPerfect. There was a networking company with 90% market share before MicrosoftNT servers. Google at the outset was one of 13 search engines. There was MySpace and Friendster before there was Facebook. Monopolies can and do fall; be it governments or corporations.
In the US, it is literally impossible to verify someone’s legal identity thanks to the carelessness of Equifax*. Companies now have to create more PII just to compensate. What happens when that’s compromised too? Insanity is doing the same thing over and over again and expecting a different result. In a world where no one knows if the other party is actually who we believe them to be, how do we prevent identity theft, bank fraud, and the like?
Imagine the lights not working for a week. Imagine electricity not working at all. How long does food at the grocery last? Three days at most. Gas pumps require electricity to pump. Sanitation systems require electricity to sanitize. Now, check the average lifespan of power plants in the US. They’re older than I am (and I’m no spring chicken). How hardened do you think those facilities are? And getting them locked down would be like putting a car alarm on a stagecoach. Pretty ineffectual. That’s what keeps me up at night.
Use your legal identity (e.g., name, date of birth, mobile number, personal email, etc.) less and less. Start taking steps to reduce your future digital exhaust. Always enable secondary authentication mechanism like two-factor authentication (Apple does a very good job of this) when you can. It’s more friction, but knowing when someone is logging into your account is the first step toward minimizing the impact of a hack.
MySudo fits into this paradigm as it allows users to control when to share their legal identity. By providing users with the ability to create personal Sudo identities for interacting in the online and offline worlds, they finally get to choose how they share their personal information – without being forced to provide their personal and private credentials. Even further, having to opt out of the participation in an online world that permeates our everyday life.
Think of MySudo as a personal identity app with customizable Sudo. These Sudo can be used anywhere you want to control or compartmentalize your relationships with people or companies. When you use a Sudo identity you create a protective shield from unwanted or unknown risks, whether those are spam, robocalls, data mining or hacking, identity theft, or worse. No one else offers this kind of personalization, control, and protection inside a holistic solution that allows users to call, text, email, pay, and browse.
In the future we’ll be adding things that consumers have come to expect like video calling and refer-a-friend. We want to provide a consumer experience that anyone who is privacy aware (not just privacy geeks!) will enjoy.
Our head of engineering, Jeff Poulton was in San Diego at a tech conference and met an entrepreneur from Poland. He gave him an amazing overview of the state of tech in Poland. We’ve made our research – Netguru was miles ahead of their local competitors. Their focus on design, aesthetics, technical depth, talent acquisition, and process made them a winning combination for what we were looking for.
We have found Netguru to be very professional, proactive, and great to work with. They have done a good job of understanding the skills and requirements of our teams and have matched their engineers accordingly. Overall, the Netguru engineers are engaged, highly skilled and have augmented our teams seamlessly. The management team is proactive in their approach.
Yes, this I am optimistic about. As mentioned above, decentralization is a theme that is slowly taking over the world. This will come to personal identity and digital safety. GDPR was an attempt, albeit a bad one, at giving people more control. There’ll be others, and they will be much improved. I ultimately believe that the solutions will come from individuals who create nameless, faceless, no-skin-in-the-game innovations versus politicians.