Centralised silos, hack magnets and our personal freedom
How much is an Indian citizen’s personal identity worth? Well, after the Indian identity system (Aadhaar) hack last week, it appears to be around £6 ($8) per citizen.
The Aadhaar system is fantastically ambitious and incredibly important. It seeks to create an open and interoperable ID system to enable all Indian residents to access government services. This is to happen in the space of just a few years. Once an Aadhaar ID is set up, residents can use it to access an array of services from social security to education, healthcare and housing.
Do these systems work?
This has been setup successfully elsewhere, but on a far smaller scale. In Singapore, four million people use their Identity Card (IC) across the city state to digitally access public and private services. With the establishment of Aadhaar, India is attempting something similar for a highly diverse, and still largely rural, population of over a billion citizens. Amazing right? Of course, there have been unforeseen consequences during the roll out, both positive and negative. The system is having a profound impact on wider Indian culture, some of which was documented in the excellent Identities Project carried out by Caribou Digital last year.
However, the revelation last week of the extent of the system wide hack points to a far deeper structural issue with Aadhaar and the handling of personal data globally.
Storing identity data in huge centralised silos is an increasingly catastrophic architecture for handling our most personal of human information. And it’s obsolete for a number of reasons.
Centralised silos: easy targets
Firstly, there is an unsolvable security flaw in a siloed approach. The obvious issues concern the security of a massive centralised silo handling thousands of external interactions a second. However there’s a deeper, innate flaw. The architecture sets up a market dynamic which makes hacking inevitable.
In the Aadhaar example, if a hacker can access one billion records worth $8 each, it’s worth expending considerable time and effort to ‘rob the bank’ and earn up to £8 billion dollars. However, if the same data is distributed and held by the individual, the return for the hacker is a mere $8 per hack. To make the same return they would by compromising a centralised silo, a hacker would have to repeat this process a billion times. It’s literally not worth the effort. Unfortunately, all industrial era companies use this same centralised data store model. And they’re all likely to be hacked, the bigger the silo the bigger the hack magnet.
Centralisation – a cost for everyone
Secondly, there’s an obvious issue with resilience. Hosting billions of records on a centralised platform costs the organisation financially and costs us all environmentally. Hosting data on individual smartphones uses smartphone CPU’s, reducing the financial cost of running the system and environmental costs to the society that it runs in.
Dirty data: centralisation makes data not so fresh and clean
Thirdly, centralised data will always be stale, inaccurate and incomplete. Stale because the data will always be a historical record of a person. It doesn’t represent who they are in the moment, based on context and interactions. Inaccurate because, no matter how many cross checks are made, there will always be discrepancies and data key issues. And incomplete, because no human will freely trust a third party with *everything* about them. This is the very definition of freedom. The only place where we are possibly able to hold all everything about us digitally, is securely on our own device and on our own person – a smartphone.
Flawless? No, not really
Finally, and most importantly, the system is flawed conceptually. It reinforces a industrial era dynamic of the data controller and the data subject (or more correctly, the digital surf). These old industrial systems are comprised of large ‘trusted’ organisations. They hold and manage our information on our behalf as trusted service providers. This obsolete, industrial era, centralised design ethos, from mass produced cars, to big banks to centralised power stations and siloed social networks like Facebook. The common, high-level, design is based on big organisations building expensive capital intensive businesses to serve the great unwashed masses.
In the 21st Century digital era, systems are now capable of being built rapidly with low capital input. From internet communications, to renewable energy, the value and smarts are distributed and atomised out across the network by default. Personal data – the intimate digital image of who we are and our most precious of personal assets – naturally wants to be distributed and owned across the network of humanity, by us.
StJohn founded CitizenMe with the aim to take on the biggest challenge in the Information Age: helping digital citizens gain control of their digital identity. Personal data has meaning and value to everyone, but there is an absence of digital tools to help people realise its value. With CitizenMe, StJohn aims to fix that. With with a depth of experience digitising and mobilising businesses, StJohn aims for positive change in the personal information economy. Oh… and he loves liquorice.All stories by: StJohn Deakins