Steven Smith, Head of Protocol at Tools For Humanity.
Every day seems to bring another data security breach. Despite organizations spending more money than ever on cybersecurity, breaches are still increasing year after year. According to research from MIT professor Stuart Madnick, data breaches increased 20% from 2022 to 2023 while the number of victims of such breaches worldwide doubled over the same period.
Even the world’s largest companies are struggling to fend off increasingly sophisticated hackers. In just the first half of 2024, AT&T, Microsoft and UnitedHealth experienced cyber attacks exposing customer data. These breaches affect us as internet users and consumers, whether it’s the potential for financial loss, identity theft, damaged credit scores or a myriad of other devastating impacts.
In our busy daily lives, privacy is often an afterthought. Many of us check the terms and conditions boxes without thoroughly reading what we’re actually agreeing to. We give companies extremely sensitive information ranging from social security numbers to birth dates and home addresses because it often doesn’t feel like there are other options if we want to operate online. This all results in a huge number of custodians of our digital data, even as we have little choice and control ourselves.
We must start advocating for increased consumer privacy. While there has historically been a tradeoff between reducing friction and maintaining privacy online, there doesn’t have to be. With innovative technology emerging rapidly, technology leaders and companies have clear choices about how they secure and protect customer data. And consumers have an opportunity to decide which ones to engage with.
How Centralization Plays A Role In Security Issues
Core to this privacy challenge is the concept of centralization versus decentralization. Over the last 20 years, as online data collection has evolved, breaches have occurred due to the centralized nature of most companies that store large amounts of sensitive data. Regardless of how robust an organization’s security team is, security incidents are bound to occur when such large amounts of information are with one party in one place.
Decentralization, on the other hand, removes many of the security vulnerabilities of centralized systems. Information is distributed across multiple locations, making it more difficult to hack or compromise. Users have much more control over their personal data, helping reduce the risk of unauthorized access and security breaches. Decentralized storage systems also tend to use strong encryption techniques to protect data.
The “Finternet” provides an example of how decentralization can be used to successfully strike a balance between user experience, privacy and security. Proposed by economists Nandan Nilekani and Agustín Carstens, the Finternet is a new model involving multiple financial ecosystems interconnected with one another, much like the internet. Individuals and businesses could transfer any financial asset to any other party anywhere in the world, creating an inexpensive, secure and near-instantaneous financial system that reduces friction while maintaining security.
How New Tech Provides New Protections
New technology solutions are emerging to provide new protections for internet users and consumers, particularly with advanced cryptography. For example, breakthroughs in secure multi-party computation (SMPC) research have enabled new applications that would have been previously inconceivable.
Zero-knowledge proofs (ZKPs)—an innovative solution to preserve privacy—are also becoming more popular, especially in the area of blockchain technology. ZKPs enable one party to prove the authenticity of information without revealing the actual data. This cryptographic technique ensures that transactions can occur without disclosing sensitive details. ZKPs can be used across a variety of use cases in many different industries, including financial transactions, machine learning algorithms, online voting and user authentication, among others.
Personal custody provides another tool we can look toward. This takes the concept of custody that we’re used to (leaving our assets in the custody of others) and flips it on its head. Personal custody means that you have full control and responsibility over your data and no one else does.
For example, instead of storing money in a bank account, a self-custodial wallet gives users total control over digital assets. Because self-custodial wallets are decentralized and do not rely on third-party custodians, they offer enhanced security and control compared to centralized banks or exchanges. Users can maintain anonymity and privacy because they are not required to provide personal information to any third parties.
While these emerging technologies offer important benefits, they also come with their own set of challenges and risks that must be addressed. For instance, the implementation of SMPC and ZKPs requires a high level of expertise in cryptography and computer science. This complexity can make it difficult for organizations to integrate these solutions effectively without substantial investment in skilled personnel and resources. Additionally, the computational overhead associated with these technologies can be significant, potentially leading to performance issues and higher operational costs.
Moreover, the shift toward personal custody presents its own set of challenges. While it empowers individuals by giving them control over their data, it also places the burden of security squarely on the user’s shoulders. This can be particularly troublesome for individuals who may not have the technical knowledge or resources to manage their data securely. The risk of data loss or theft due to inadequate security practices or accidental mishandling becomes a critical concern. Furthermore, the legal and regulatory landscape is still evolving to catch up with these technologies, creating uncertainties around compliance and the protection of user rights.
Conclusion
These solutions (and many more on the horizon) can help companies and technologists strengthen security protections. It’s critical to advocate for consumers and push companies and the organizations they partner with to adopt these changes.
As companies wield enormous responsibility and influence, I believe they should be at the forefront of consumer data privacy. The choices they make will speak volumes about how they view consumer security and well-being.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?