The half-life of personal information

Last year’s data loss incidents have sparked a fascinating discussion that compares personally identifiable information with radioactive waste – and who is supposed to pay to clear it up.

When describing HMRC’s woes last November, Microsoft’s identity guru Kim Cameron coined the phrase ‘identity Chernobyl‘. Kim is quite possibly the world’s most influential individual in the identity space – philosopher, researcher, technologist and businessman all rolled into one. He is the driving force behind CardSpace and his Laws of Identity are the acid test of whether an identity system is likely to succeed in practice.*

The analogy is an excellent one. Back in 1986, there was a tangible fear that we were in grave danger from nuclear fallout, and the Ukrainians are still suffering the consequences even now. In November the media fuelled an hysterical response to the loss of two CDs that had us running for privacy cover. Common sense and pragmatism have made a welcome return, but the fallout from HMRC is only now becoming clear.

Personally identifiable information (PII) can be compared with nuclear fuel: it needs to be mined, refined and protected. It’s value is determined by it’s quantity and quality, and these are in turn controlled by its age and how it has been used. When PII leaks, we are shocked that it could have been allowed to happen and expect the mess to be cleared up. And that’s where the analogy gets unpleasant, since it’s almost impossible to undo the damage once data is out in the wild. If your bank account is emptied by a fraudster tomorrow, could that be because they had access to the HMRC data? It will be impossible to know, but there’s a trail of unauthorised personal information out there, spread around like polonium-210 and it is only as the value of that data decays over time that we will have less to fear from its loss. For affected individuals, the only way to recover security is to accelerate the decay of that PII by changing bank account numbers, phone numbers and other identifying information so that the lost PII is rendered harmless.

In his essay on this topic, author and digital pioneer Cory Doctorow gives us a more creative solution to this problem. He proposes that just as companies are now taxed for the cost of disposing of old computer hardware in an environmentally-sound manner, maybe there should be a tax to cover the cost of securely disposing of unwanted PII. Payable by companies at the time they amass the data, such a tax could not only underwrite research and development of products and processes that would safely destroy unwanted data, but fund a public body to provide restitution for affected individuals when things go wrong. Is such an idea practical? Maybe, and maybe not, but it’s certainly worth exploring further before the amount of PII out there reaches critical mass and we’re all engulfed in a data meltdown.

* With apologies to the inevitable howls of protest from parts of the Liberty Alliance – I’m not sure whether ‘Laws’ is the most appropriate word to use, but the strength of Kim’s ideas applies equally to Liberty’s excellent offerings. Plenty more on Liberty in future articles.