Well. I can’t not write something about the Ashley Madison hack. Massive data breaches that spew people’s credit card information all over the Internet are one thing and I’d sort of given up paying any attention to them. After all, if someone gets hold of my credit card information and uses it to make unauthorised charges against my account, then it’s the bank’s problem and not mine so I don’t really care. That’s the whole point of using credit cards, that it’s not your problem.
But this is different. We’ve all had fun with the story on Twitter, but it’s really no laughing matter. Some people’s lives are going to be made a misery because of this. It’s all very well to take the moral high ground and say that people shouldn’t have registered for the site in the first place but that misses the point. The 28 million men and five million women who registered their sensitive personal details at the site were acting legally and I imagine that they thought they had a reasonable expectation of privacy. It doesn’t seem to be hyperbole to say that someone might well die because of this personal data Chernobyl.
So what should be done? There are really two quite distinct problems here. There is the problem of online payment and then there is the problem of online identity. I haven’t actually registered for Ashley Madison (although somebody else did, using my email address, which is why I periodically get emails asking me if I’m interested in women in Birmingham – see below) but I imagine that they use the credit card information for two purposes: one of which is to establish who you are and that you are over 18, and the other of which is to collect money from you. Note the pernicious interrelationship between the two use cases: using the credit card information to prove who you are means that you are giving Ashley Madison your name and address, which is really none of their business, and that if anything happens to breach their undoubtedly impressive security procedures, your real name and address could be disclosed.
Is there some insurmountable technological barrier to delivering security and privacy to people? I don’t think so. Emma Lindley, who knows what she is talking about (you can hear my podcast with her here) says that we know what the solution to this problem is, and she is right.
We’re finding that cryptography enabled personal digital identities will increasingly become the answer to this endemic data breach problem[From Hacked Off? | Emma Lindley | LinkedIn]
You can do things with digital identities that you can’t do with physical identities. One such thing is to partially-disclose: you can prove that you are over 18, for example, without disclosing your age. There are well-known and well-understood techniques that mean that I can prove to Ashley Madison that I am male, resident in the UK, over 18, solvent and known to the authorities without having to give Ashley Madison my name and address. So why don’t we use them? This is a really interesting case of a problem that we know how to fix but don’t because the co-ordination problems are too great. Other than the Apple sheepdog coming along to corrall the stakeholders, I’m out of ideas.
I did see a tweet from Marc Andressen, who you have to take pretty seriously on this stuff, saying that the Ashley Madison hack would stimulate the use of Bitcoin in order to reduce the privacy consequences of such a hack, but I disagree. You could pay Ashley Madison using Bitcoin but you would still have to give them your credit card details in order to prove that you are a real person and over 18. Or give them a photo of your driver’s license or whatever. Solving the payment problem doesn’t solve the identity problem.
Wait. Maybe the Apple sheepdog is going to fix it.
Now, think what will happen at Ashley Madison in an Apple Pay world. You pay online at Ashley Madison using Apple Pay on the web. So you enter your pseudonymous Apple e-mail address and your Apple Wallet pops up on the phone and you put your thumb on the scanner and… done. Instead of getting your real credit card number, Ashley Madison get a token. The bank has implicitly tokenised certain of your personal details in the same way that they tokenised your credit card details. So, Barclaycard can give me a token that says I have a Barclaycard in the UK, and therefore must be over 18, and therefore Barclaycard know who I am, and therefore Ashley Madison don’t need to know who I am, and therefore provided that I can strongly authenticate to prove ownership of the token, there is no need for any of my personal details to be stored at Ashley Madison. All they need is pseudonymous email address and that’s that.