While I am less concerned with the emails, I am more concerned that each one reminds me of all the data breaches we’ve encountered these past years. Everything from your bank to your blood bank “losing” your private data such as your social security number or credit card number being stolen from a company laptop that an “authorized agent” left in their car’s front seat. Even the DOJ is getting in on the action by leaking it’s internal data to the press (couldn’t resist =), and we can’t ever forget the entire world being breached from Equifax itself. Wether it’s a legitimate breach, a negligent breach, they sell it or give it away, it’s still your data.
Opaque Customer Data
But seriously, I am doing my part by creating a new model that makes this obsolete. I hope others will join me and think along these lines too. Specifically, to design systems that assume it will be hacked externally, and assume it will be breached internally via negligence or theft, and assume that their customer may wish to withdraw (all) of its data, and assume a subpoena will arrive requesting information in a civil (or even a criminal) matter. The customer should be protected in all of these cases. A good design can also protect the holder of this data too.
No system is safe, except those systems that do not depend upon access to it’s customer’s data. The only way to compete with entrenched systems are to offer something they don’t have that is important enough to try an alternative. I predict that this will be a new system model — which doesn’t exist today. That is, we have just spent the last 10 years migrating the world’s systems to cloud-based “tenant” systems, so it won’t be easy, but it’s possible and there is a real use case for it. Yes, there are systems such as HushMail, but there’s always a backdoor, it’s just not available to you (most folks are unaware of that). This is what I am working on, securing the customer’s data which contradicts the “tenant” model, such that not even the administrators have access to the data.
Unfortunately, If we don’t pay for it, “we” are the product, but even when we do pay we still are the product. Who’s data is it anyhow?