Safety in numbers

A cryptographer has three words for consumers who want to keep their personal information personal: change the system

Yesterday, the Boston Globe published what may be its best-read story in years.  Unfortunately for the Globe, the story was about the newspaper itself, its readers, and a delivery system snafu that mistakenly released the credit card numbers of 240,000 subscribers.

Exactly how that happened is as astonishing as the fact that it did happen: the financial data of the subscribers was printed on paper that had inadvertently been recycled and used for routing slips in 9,000 bundles of the Worcester Telegram and Gazette, which, like the Globe, is owned by the New York Times.

The Globe’s mistake is just one of several mishaps in the past two years that have allowed personal financial information of a company’s customers to fall into questionable hands. ChoicePoint, a data merchant, mistakenly sold the personal information of 145,000 people to imposters, and the Bank of America lost information about 1.2 million customers when tapes that were in transit mysteriously disappeared from a truck.

For many Americans, it’s beginning to seem that no personal information will ever be safe. BU Today talked to Leo Reyzin, a College of Arts and Sciences assistant professor of computer science, recent recipient of a National Science Foundation Career Award, and an expert on cryptography, about the vulnerabilities of our credit card system and what might be done to make our personal information more secure.

BU Today: The increasing number of security breaches that result from incompetence, rather than hackers, is a bit frightening. Is there any reason to hope that commercial interests will do a better job of guarding our personal information?

Reyzin: Humans are humans, and they will make mistakes. Packages with sensitive data will get lost in the mail. As the amount of information collected grows and as the number of people who share that information grows, the likelihood that it will be lost becomes very high. 

Is there anything we can do decrease the likelihood that it will be lost?

As a society, we need to provide stronger incentives to protect personal information. The way it is now, if you want to do business with anybody, you have to give away a very sensitive secret—your credit card number. Consumers don’t push for change because in the United States most credit cards protect you from fraud. Any loss is absorbed by the credit card companies and the merchants, and while those costs are ultimately passed on to the consumer, the incentives are so indirect that they don’t work. 

What kinds of things could we do to change that?

We could start to penalize companies for losing our information, but what we really need to do is redesign our system so we give out a lot less personal information. The premise of our credit card system is that the credit card number is an important secret, yet we share it with many people. A better-designed system would have a secret that you don’t give to anyone. For decades, computers have been verifying users’ passwords without having to store them: a computer performs a one-way operation that compares your password to a template that it stores that need not be secret. 

Could you explain what you mean by a “one-way” operation?

Imagine that there is a huge book of random characters—letters typed by monkeys. And imagine that my password is a page and line number in the book—page 301, line 14. The computer, instead of storing the page and line number, would store the line of letters that is in the book. Just knowing those letters tells you very little about my password unless you search through the whole book. So if someone were to steal that information from the computer it’s not a big deal. They still don’t know my password. It’s a one-way function because it’s easy to go from my password to the string of letters and it’s hard to go back.

What about biometrics?

Biometrics information is going to end up everywhere, and companies will lose that too. The trouble is, it can be replicated easily. If I have a template of your fingerprint, I could easily make a fake fingerprint just like yours and paste it over my own. However, I, and others are currently working on systems that would enable you to use biometrics for security without giving sensitive information to others.

What are the chances of switching to a more secure system?

Technologically, it is feasible, but for something like that to happen it has to have commercial and political support. Changing the infrastructure is very expensive; that’s why infrastructures tend to stay in place long after their usefulness. The big question is, how do you change the mindset. The amount of fraud is already tremendous, and that hasn’t changed anything. The problem is that no single entity can change things. There has to be a joint effort of credit card companies, merchants, and consumers. What we have is now a chicken and egg problem, which is too bad, because ultimately the cost of the change would be paid for by reduced fraud.