David Tolfree, VP, Micro, Nano and Emerging Technologies Commercialisation Education Foundation (MANCEF)
The answer to the question posed in the title is no. In this feature, past, present and future issues involved in securing and protecting data in various forms are reviewed.
Advances in communication systems, particularly mobile phones, have brought about exponential growth in global connectivity. We live in a very connected world driven mainly by the Internet. Data and information are continually exchanged, and this exchange is the life blood of the digital economy. The world is awash with data; some might say that we have a data revolution on our hands.
Every time a Facebook or Twitter user goes online, data is supplied, stored and can then be recalled. Social media and many other communication systems are, by design, invasive. They have given rise to huge issues surrounding data security and protection, thus posing significant challenges for the businesses and governments that depend on data integrity. Furthermore, these issues have a profound impact on the operations of businesses and governments, not to mention the freedom of individuals, in the event that they put national security at risk of terrorist attacks.
However, the data security and protection problem is not new, since safeguarding systems and measures have been developed and put in place over many decades, even before computers. During my early career, back in the 1960s when technology was much less sophisticated, I had to tackle data security at the highest level. It was the time when spies left messages under stones and tapped into telephones to extract classified information. The same kind of people exist today, but their ranks have expanded and they now constitute a growing criminal fraternity that operates on a global scale. Such people now have access to a variety of sophisticated equipment and intelligent devices that increase the threats. Their prey are not just the likes of banks and secret research labs, but individuals who unwittingly part with their personal details on social media.
We are seeing the beginnings of a cyber war that, fuelled by the emergence of new disruptive technologies and their use by the wrong people, could produce chaos in the world. The Cambridge Analytical scandal, involving the use of people’s Facebook data for commercial gain, is a recent example of the public’s vulnerability.
The growing concerns over data theft and the abuse of the rights of individuals has pressurised the EU into updating its data protection directive, first implemented in October 19981. It was based on the EU Charter for Human Fundamental Rights that stipulated that EU citizens have the right to protection of their personal data. This first directive has been replaced with a new one that came into effect on May 25, 20182 under the European Union General Data Protection Regulation (GDPR). When GDPR is enforced, people will have more control on how their personal data is used by businesses and public bodies.
I expect everyone reading this has been contacted by at least one company holding their personal data and given the option for it to be kept, updated, or deleted. On one day alone, I received emails from six companies holding my data, but three I had not heard of. I can only assume that these companies obtained my data from the retail and travel companies of which I am or have been a customer. The new regulation will have an impact on EU businesses that have until now been free to exploit such data for marketing purposes.
The aforementioned is basically concerned with data protection for individuals, but the data security and protection problem extends beyond individuals. There are wider issues relating to national security, businesses and commercial interests. It is a huge subject on which much has been written and so for this short piece, I will restrict myself to those areas that I consider particularly important. Those readers of CMM involved in developing software and manufacturing equipment for the security industry now face the challenge of meeting the provisions of new data protection laws. However, at the same time, this challenge should be viewed as an opportunity for the design and development of innovative products and new business.
Protecting national security
It is the first responsibility of government in a democratic society to protect and safeguard the lives of its citizens against acts of terrorism and attacks from potential enemies, and this extends to their personal property. Governments have always reserved the power to monitor communications and to collect data about individuals who are considered a possible threat. There must be, however, a balance between individual freedom and the interests of national security for the wider population. Too many suspects escape by invoking the Human Rights Act.
We are increasingly living more of our lives online. The Internet is largely an uncontrollable space and therefore a safe haven for terrorists and criminals who have access to malicious software, or malware, and an array of new hacking devices. Such people are often skilled and clever enough to be one step ahead of the police and security agencies. Banks are supposed to be safe places for our money but are often the primary target for criminals.
Protecting intellectual property
Innovators and inventors only succeed in commercialising their products if they protect their intellectual property (IP). Patents and copyright law help but cannot guarantee total protection from theft, particularly from countries that do not respect them. Numerous examples could be given where the UK has lost valuable commercial advantage to Asian countries because companies have failed to protect their IP.
Knowledge gives power and commercial advantage, so it is not surprising that competitors want to acquire it by any means possible. The big question is how do you safeguard IP when so much is stored and exchanged online? It comes back to having a high level of protection software that can encrypt data. Many anti-virus and anti-malware programmes exist, but there are gaps in the availability of tailor-made encryption software because of the gross shortage of skilled software developers. In Europe, millions of vacancies for IT software specialists exist.
Advanced detection and protection software has been and is being developed by the security services in different countries, particularly the UK and US, but the recent thefts of sensitive data mean that criminals are able to modify it for their own use.
Protecting health records
Medical records contain lots of personal information. Normally they include a person’s full name, address, contact information, social security number, insurance details, the name of treating physicians, diagnoses, prescriptions, treatments and more. The medical sector has been the biggest target for hackers since 2012.
In 2014, nearly 9 mn patient health records were breached in 164 reported incidents3. By March 2015, this number had increased tenfold, and during 2016, it is estimated that one in three health records were hacked.
In 2017, Accenture—an Ireland-based global company that provides strategy, consulting, digital, technology and operations services—undertook a survey that showed 13 percent of the UK’s population as having their personal medical information stolen from databases4.
Part of this increase in data theft can be attributed to the recent digitisation of medical files to offer clinicians and patients easy online access, but the computers in many hospitals and medical centres have not been updated and protected using the latest software. In the US, the theft of medical data has exceeded the theft from bank accounts.
We are entering the era of personalised medicine. People who can afford it will have access to personalised medicine and receive drugs specifically designed for their genetic makeup. DNA and biometric data will therefore need to be obtained and held in databases, necessitating investment in much more vigorous data protection systems.
Mobile device and network security
Mobile devices such as smart phones have become the main targets for data manipulation, fraud and theft because they now run more applications, store more private and sensitive data, and connect to more corporate, private and social networks than any other device.
Infineon—a Germany-based international provider of security solutions—has compiled an infographic stating that the number of smart phones in use reached 1.5 bn at the end of 2016 and that more than 50 percent of e-commerce traffic is from mobile devices5. It is a trend that is most apparent on the streets of city business districts, since almost everyone appears to be glued to their handsets.
However, the bad news is that more than 75 percent of mobile applications are said to have failed basic security tests, thus making mobile devices vulnerable to malware attacks. Indeed, it is claimed that over one million instances of malware are created every day.
There has been a number of attacks on public-sector bodies such as the UK’s National Health Service (NHS) and on certain banks by criminals using a type of malware known as ransomware; this automatically encrypts users’ data and requires them to pay a ransom fee for its release key.
The increasing use of interconnected networks and the Internet of Things (IoT) presents added security and safety problems. Transport systems, particularly automobiles, have increased connectivity via mobile networks. In the interest of safety, these networks require more effective encrypted security systems in order to prevent hackers causing mayhem, although even these may not be effective enough once the next generation of computing becomes established.
Quantum computing—the future
As a physicist who once worked in the field of quantum physics relating to nuclear particle research, I learned that our understanding of the nature of matter at the atomic level was lacking. I say this because when the behaviour of matter and energy is studied at that level, everything changes. Quantum physics helps to improve that understanding, but the concept is not easy for non-physicists to appreciate. After years of research, it can now be applied in a practical way to protect and secure data through the use of quantum computing.
In practical terms, quantum computing is now at the frontier of emerging technologies, with developments being carried out by major research institutions around the world. Like so many new disruptive developments, it is likely to produce a giant leap in the field of cyber security for data transmission and protection. This is evidenced by the interest shown and investment made by major companies and government security organisations in the UK and US, for example, AT&T, IBM, Infineon, Lockheed Martin, Microsoft, the CIA, the FBI, MI5, MI6 and the NSA. There are many others in Asian countries also actively pursuing the development of quantum computers. The US Congress itself intends to establish the National Quantum Initiative Act, the main objective being to accelerate quantum information science (QIS) research and development in the US6.
The reason for this sudden upsurge in interest is the concern about the impact that quantum computing will have on encryption systems, since the breaking of even the most complex encrypted codes would be relatively easy using a quantum computer thus making encryption less effective.
This is not the place to give a full scientific explanation of quantum computing. Readers who are interested can find many good articles and papers on the subject both online and in print. A simple explanation, however, of the difference between conventional digital computing and quantum computing can be visualised using a simple example. A powerful digital computer, endowed with the right software and given basic parameters, can find a specific grain of sand in a box containing millions of grains of sand, but it takes time as every grain has to be examined. It is a step-by-step process, since the computer operates on a logic based on two states called bits 0 and 1. A quantum computer, however, uses qubits, so can look at all the grains simultaneously and therefore carry out the investigation more quickly and accurately. Qubits can be 0, 1 and both 0 and 1 at the same time, a process known as quantum superposition.
A qubit can be thought of as an imaginary sphere; so, whereas a classical bit can be in two state, namely at either of the two poles of the sphere, a qubit can be at any point on the sphere. This means a computer using qubits can store and locate a massive amount of information using less energy than a digital computer.
The impact of quantum computers across the whole spectrum of human endeavour could be even more significant than the discovery of electricity or the transistor. Combined with artificial intelligence (AI) and robotics, quantum computers will bring unimaginable changes to our world within the next two decades; they could even be the ultimate disrupter.
MANCEF
References
1The European Union (1995). Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Official Journal of the European Communities, L281; volume 38, paras 31–50.
2The European Union (2016). Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA. Official Journal of the European Union, L119; volume 59, paras 89–131.
3Foley, T. (2017) Medical identity theft: problems and prevention [press release]. Healthcare IT News. February 20. Available at: https://www.healthcareitnews.com/sponsored-content/medical-identity-theft-problems-and-prevention
4One in eight consumers in England have had their healthcare data security breached, Accenture survey reveals (2017) [press release]. Accenture. April 25. Available at: https://www.accenture.com/gb-en/company-news-release-healthcare-data-breached
5Mobile security [infographic]. Infineon. Available at: https://www.infineon.com/dgdl/IFX_MobileSecurity_Infographic.pdf?fileId=5546d46152efa540015308c733fe0417
6Smith announces intent to introduce National Quantum Initiative Act, hosts first quantum computer on Capitol Hill (2018) [press release]. Committee on Science, Space, & Technology. June 12. Available at: https://science.house.gov/news/press-releases/smith-announces-intent-introduce-national-quantum-initiative-act-hosts-first