To Solve Cybercrime, Some In Silicon Valley Ditch The Data
MELISSA BLOCK, HOST:
When we hear about a big heist these days it's not usually the result of bank robbers or art thieves. It's some hackers stealing data - credit card numbers, income tax records. This week, it was news of Russian hackers making off with a billion passwords. Steve Henn from our Planet Money team reports on how this crime spree is making some in Silicon Valley rethink their big data obsession.
STEVE HENN, BYLINE: If you want to know how valuable your data has become, think of it this way - it's bigger than Bitcoin, accepted in places where your dollars aren't welcome. And look at what your data buys. Gmail, alone, is amazing and free. Facebook, Twitter, Google - all free. YouTube, including videos of ranchers serenading cattle with trombones - you can't buy any of these services with real money.
CHRIS SOGHOIAN: It's actually pretty tough to write a check to Google or Facebook or Twitter. What they want is your data.
HENN: That's Chris Soghoian. He studies data security and privacy, and he now works for the ACLU. These companies, he says, collect your data, combine it, manipulated it, use it to target ads and make predictions about your behavior.
SOGHOIAN: When a company's profit depends upon the amount of data that it collects, all of the incentives are aligned for it to collect as much data as possible.
HENN: Today Google and Facebook combined are worth more than half a trillion dollars. And the giant piles of data about us that they've collected - they're a honeypot. That data attracts hackers, identity thieves, cops, courts, stalkers, Chinese military hacking collectives, Russian mobsters and intelligence analysts from the NSA. Stores like Target and Neiman Marcus can't keep this stuff safe. Even the NSA - the NSA - couldn't stop Edward Snowden from walking out the door with big, huge piles of its most sensitive secrets.
MOXIE MARLINSPIKE: The one thing that we've learned in the security industry, at least over the past 15 years, is that the attackers always win.
HENN: That's a hacker and computer encryption expert. He goes by the name Moxie Marlinspike.
MARLINSPIKE: If what you do is have a lot of really valuable information in one place and you try to secure that, you're going to lose. You know, like, you lose every time. If you have the data, someone's going to get it.
HENN: Now, if you had a bank and guys in ski masks kept coming in and stealing your cash, there are a couple of things you could do, right? You might hire more big, burly security guards or you might decide to keep less cash lying around. And today in Silicon Valley there is a dawning awareness that perhaps big vaults filled with sensitive data are not the best way to go. There is a small movement of developers and entrepreneurs who are trying to change the way the Internet works. They're trying to build systems that collect as little data about you as possible.
NICO SELL: I look at the companies that are making money off of personally identifiable information. They need to find another way to make money because that's nuclear waste.
HENN: So Nico Sell has cofounded a social network that allows people to connect without collecting tons of personal information. Her company, Wickr, doesn't even know your password. This might sound fringy, but Wickr just landed a $30 million investment from one of the first people to back Facebook.
SELL: Will I kill those business models - the business models of making money off tons of little pieces of personal information? I hope so.
HENN: In most cases, folks will use Wickr for free. But Sell believes in certain circumstances privacy and security are so important that people and companies would be willing to pay for it the old-fashioned way - with real money. And she's not the only one searching for ways to limit the use of data as a digital currency. Moxy Marlinspike has launched a series of free open-source apps that use end-to-end encryption to keep the content of messages or phone calls secret.
MARLINSPIKE: The point of cryptography is to trust algorithms and not people. You know, we shouldn't have to trust an individual or an organization to keep us safe or to behave appropriately. You know, we should be able to put our trust into math itself. I don't think we can expect, you know, an individual or an organization to go to jail for us. But, you know, math doesn't have that problem.
HENN: You can't put math in jail.
MARLINSPIKE: No, you can't.
HENN: He says if the government served him with a subpoena or a hacker held a gun to his head and demanded the contents of your calls, he couldn't help them out. There would be nothing he could do. And he's saying to companies everywhere, go ahead, use my technology. I'm not even going to charge you for it. And maybe you'll be better off if you have less data lying around. Steve Henn, NPR News, Silicon Valley.