The number and scope of data breaches over the past year has been breathtaking, including the largest retailer breach ever at Home Depot, and the largest ever at a banking institution, JP Morgan Chase.
The onslaught of breaches has transformed identity theft into the most feared crime in America.
So, what is the tech industry doing to fix the problem? Multiple panel discussions addressed the issue at the recent Privacy Identity Innovation 2014 (pii2014) conference held in Palo Alto, Calif.
The good news, according to Ragiv Dholakia, vice president of products for Nok Nok Labs, is that there’s “cause for optimism,” but he believes that security is too large a problem for any one company to solve, so Silicon Valley has to work together on the solution, making fixes that are open and scalable.
Some companies are pushing forward with products that put more control into the hands of consumers. Stina Ehrensvard, founder and CEO of Yubico, says that her company’s YubiKey became a best seller on Amazon within a few days of its launch in November 2014, shipping “hundreds of thousands of these devices” in a few weeks. “It’s amazing to see that there actually is a need for private individuals to control and own their own identity.”
The YubiKey generates a unique password each time you log onto a device, solving the problem of having your password stolen. It plugs into the USB port of devices. The YubiKey NEO retails for $50.
Joni Brennan, executive director of Kantara Initiative, is more cautious about putting the responsibility for identity protection and authentication onto consumers, “In the valiant push toward a user-centric environment, one of the things that we also have to consider is that there is a lot of burden that comes with managing all of this data that goes along with your identity.”
Brennan believes that many people would be overwhelmed by the responsibility, so she advocates for creating systems that allow people to be as engaged or hands-off as they choose.
Her bottom line, “Giving the user transparency for what’s happening with their data, accountability for what organizations are doing with their data and then manageability for them to decide how engaged they want to get with their systems.”
While finding solutions to locked passwords is one thing, consumers really can’t do anything about the corporate data breaches where your information is stolen from computer databases — that’s something the tech industry has to handle. And how close is the solution? Dholakia outlined specific initiatives and then concluded, “whether we can pull them together in a 3 to 5 year time span — the jury is still out.”