Tech companies aren’t shy about how much they know about us. In fact, it’s right in my face every time I log on to my accounts: advertisements for running shoes I looked at online last week; condo rentals for the post-pandemic trip I’ve been quietly planning for months; and recommended dachshund Facebook groups likely based on the many pics of my pups I share. Big data — and the big data monopolies that cause it — open up problems for users and doors for threat actors.
While it’s always bugged me and felt a bit like I was being stalked, I had only worried about the data collection in terms of privacy. I don’t like that companies know more about me than most of my friends do. But, this problem isn’t new. Yet, each day it becomes bigger. Let’s take a look at what this means for security experts and break it down into more chewable parts.
Why Big Data Monopolies Are a Problem
In 2018, Harvard Business Review explained that while tech monopolies like Facebook and Google have been targeted (and fined) by European regulators, they have escaped U.S. antitrust regulations. These data monopolies open up many intriguing and worrisome risks. For example, they can make surveillance and security difficult, hoard wealth and affect the public debate, including our perception of right and wrong.
After I was affected by several large breaches in the past, including those of Experian and Target, I recently had an even more worrisome thought. What happens if one (or more) of these data monopolies suffer data breaches? The damage caused by the amount of data compromised with a single attack would be terrible. And, the effects would likely spill over to many other industries and businesses. So what can we do to reduce the risk?
The problem is somewhat simple. Too much private data is controlled by single companies and stored in one location. But the solution is very complex. From where I sit, I see a twofold approach working best: preventing other data monopolies from emerging in the future and lowering the risk of our current data monopolies.
In truth, preventing more data monopolies from beginning or current ones from growing involves government decisions and oversight of mergers. Let’s take a look at solutions closer to home. How can security experts work with our current data giants to reduce risk as much as possible?
Is Data Portability the Answer?
Data portability is part of the solution. Increasing users’ control of their own data is a great step in the right direction. Most importantly, consumers need the ability to actually remove their information from the data monopolies’ data collections. This reduces their own personal risk of a breach. And each person who takes this step and actively manages their data reduces the collective risk and impact of a single breach.
However, consumers can only take this step if they know about the risk and know how to perform these actions. So, who is going to lead the effort to educate consumers? Data monopolies are likely only going to publicize these features as much as required by law. The task will likely then fall to the cybersecurity world to get the word out.
Interoperability Between Big Data Monopolies
Interoperability is often brought up in the conversation about data monopolies, with good reason. The Electronic Frontier Foundation proposes multipart legislation changes that require data monopolies to open up their systems to share data with competitors. While this effort is key to getting rid of data monopolies in the future and reducing current ones, in some ways it actually creates more risk.
With true interoperability, many smaller companies that may not have the same expertise as the top tech companies have access to sensitive data. Instead of a single huge breach, there could be an increase in moderate to large breaches overall. The answer lies in creating a security framework for storing and managing data for all companies. By focusing on interoperability without security, we are only solving a part of the problem.
Does Encryption in Use Help?
Yes. Encrypting data while at rest and in transit is becoming standard for more and more companies. But both of these strategies overlook something: data in use. Encryption in use means businesses can actually get insights from data while it remains encrypted, which keeps all personal user data safe.
By working with giant tech companies to encourage and possibly require this level of protection, we can reduce the likelihood of a breach, or at least reduce the impact. And, this path doesn’t interfere with using data in the right way. Instead, it protects consumers from the negative impact. In addition, making this level of encryption standard practice improves data security overall.
Big Data Monopolies Working Together
To help solve both the short- and long-term issues, IBM partnered with AWS to create a mutual compliance framework. By working together, the two companies determined security measures that both can agree on and adhere to. By focusing on how tech companies can work together, partner with consumers and work with regulators and government oversight committees, the security industry can make great strides toward reducing the weaknesses inherent in tech monopolies.