Need to understand data both as a strength and vulnerability
I RECEIVED a call from someone asking me to complete my Re-KYC for my credit card recently. He claimed to be from a company the credit card-issuing bank had outsourced to handle this task and he wanted to come and take my papers (Aadhaar, PAN, etc, I presume) and perform my biometry. I, undoubtedly, felt uncomfortable. Was the call genuine or was it fraudulent? Even if it was genuine, I had little interest in letting a stranger conduct my biometry. What is the assurance that the data won’t be unintentionally or intentionally leaked and what infrastructure does the company have in place to preserve security over the long and short terms? Right away, I decided not to allow it and even if my credit card is cancelled as a result, so be it.
I then realised that I had already provided all these crucial details in countless places over the years. Banks occasionally ask that we provide KYC, not just when creating accounts it’s sought also while opening a post office account, getting a SIM card, a landline or health insurance, checking into hotels, updating voter cards and passports, getting a pension and vaccines and changing one’s address, among other things.
A few years ago, one of my acquaintances living in the UK was not allowed into a cybercafe in Kolkata because he produced his photo ID but refused to provide a photocopy. Some bank personnel even request you to submit the data over WhatsApp! What about its safety?
Well, these collectors of personal data owe no responsibility to me or the service provider. Will I ever learn how these data are utilised, how they are stored and what assurances are there that they won’t be compromised either during the data-gathering process or later? Isn’t one aspect of the research in cryptology about how to break security? And don’t hackers constantly aim to undermine security across the globe? Importantly, we won’t even know when our security has been compromised.
Additionally, a gigantic amount of data is continuously generated with each of our footsteps because of the extensive use of social media and the Internet. And because nearly everything falls under the umbrella of the Internet of Things, we are divulging a boatload of information about every aspect of our lives and lifestyles. Also, many of us don’t hesitate in giving out our mobile numbers online, in stores, or anywhere else. In a 2019 piece, titled ‘I Shared My Phone Number. I Learned I Shouldn’t Have’, the New York Times’ lead consumer technology writer, Brian X Chen, with the help of security researchers, illustrated how a phone number exposes an individual. “Your phone number may have now become an even stronger identifier than your full name,” Chen commented.
What are the repercussions? Scott McNealy, Chief Executive Officer of Sun Microsystems, famously said in 1999, “You have zero privacy anyway.” Then, in 2010, Mark Zuckerberg declared, “Privacy is dead.”
The societal problem can be understood when an event like the Cambridge Analytica episode breaks out. And since our personal information is being shared in so many locations, is it impossible that some of these sources have already compromised our data?
Sometimes, ‘security’ and ‘privacy’ are confused as there may be a shadowy overlap. Data security and safety may be provided by any applicable personal data protection law within a ‘comprehensive legal framework’. However, such legislation might only offer limited control and it may include measures for punishment if data security is violated. But the laws can’t guarantee complete data security.
The most protection that can be given is against the known levels of expertise. How can the results of ongoing or future research to undermine these securities be guaranteed? Is giving up digital data storage the answer? That, however, is not possible.
Thus, data security is a sensitive and important subject for the authorities around the world. High-level technocrats and cyber-security specialists have crucial roles to play in continuously ensuring data security.
One thing that baffles folks like me is why we need to provide our data so frequently, to so many different locations, and in a form that is accessible to the primary recipient. Why would we need to submit Re-KYC on a regular basis if we hadn’t changed any major personal information? Perhaps it is for security factors that are beyond the understanding of a layman like me.
One thing is certain, though: everyone is obsessed with collecting data. They want to churn ‘big data’ to extract nectar, which can be used to plan for a variety of issues related to national interests, improving business prospects and, among other things, creating winning electoral and sporting strategies.
But a 2011 World Economic Forum (WEF) report titled “Personal Data: The Emergence of a New Asset Class” emphasises the necessity of “a highly reliable, secure and available infrastructure at its core and robust innovation at the edge” in the midst of the ever-increasing and increasingly complex domain of data.
As a statistician, I can say with conviction that our statistical expertise in this context is still in its infancy and we are not yet equipped to handle such colossal amounts of data. But our reliance on digital technology grows.
So, should the regulators exercise greater caution? Should the requirement to provide these crucial documents so frequently be changed to make it less onerous? In terms of the craziness of data collection and the ensuing data safety and security, society is undoubtedly at an inflection point.
“Yet, we can’t just hit the ‘pause button’ and let these issues sort themselves out. Building the legal, cultural, technological and economic infrastructure to enable the development of a balanced personal data ecosystem is vitally important to improving the state of the world,” the 2011 WEF report opined.
Data is a strength and could undoubtedly spark the fourth industrial revolution. Simultaneously, data is our vulnerability globally. Understanding that is beneficial for society as a whole.