Privacy Vs. Security: Are You Ready?

Introduced by Nicholas Meyler

In my effort to invent new ways to extend and expand the range of possibilities available to Executive Recruiters/Management Consultants, I am currently working on a fascinating project with Inventor Doug Peckover who was awarded priority rights to the invention of “tokenization” security in 2005. Doug’s invention is now widely used (in various modified forms) throughout the secure payments industry, and companies like ApplePay, SamsungPay, GoogleWallet, etc. all use tokenization methodologies to prevent fraud and hacking.

The difference with the approach used by Doug Peckover is that he envisions a world where quantum computer hacking will be possible in the next ten years… meaning that ANY form of cryptological security will become obsolete due to vastly superior combinatorial computation power.

Doug’s 17 patents, which I am trying to find buyer(s) for, will protect against quantum computers as well as a multitude of other threats. I see my role in this effort as a logical extension of the duties of a Headhunter, in that it is not only candidates, but ultimately the Intellectual Property that they produce that is our most valuable stock-in-trade.

So, I refer all readers (and especially anyone involved in the industry of IoT, Data Security, Cybersecurity, or Online Payment) to take a look at Doug’s article. Please contact me if you have further interest!

Privacy vs. Security: Are You Ready? by Doug Peckover

Privacy and security are in the news every day, but these reports are long on the problems and short on any solutions. So what are the most urgent problems and how can we solve them?

First, some definitions because they are very different: privacy protects people while security protects companies and government agencies. Both are important but for very different reasons. Let's look at IBM's cognitive computing. Watson has superb technology but faces some real challenges.

It seems that the more tools we have, the more varied and complex the threats become. Whack-a-mole is alive and well in most companies. So with new threats like the GDPR regulations and quantum computing, how bad will things be in 5 or 10 years? Actually, not too bad at all. A single technology may solve both privacy and security.

As the original inventor of token security, I know that it can be used for much more than just securing Apple Pay and Google Wallet. In fact, solving privacy and security at the same time actually provides far greater control. Here's how this would help IBM's Watson (the features in red are probably needed first).

Some of the privacy features protect IBM from the hefty EU fines of €20 million or 4% of IBM's global sales (more details here), while others are needed because IBM is targeting the financial and healthcare industries.

Apple's needs are very different because it makes money by selling hardware and not customer data. Tim Cook uses privacy to differentiate from Google.

Google's needs are different again because of the way it uses personal data. The EU is making Google the poster child for non-compliance and the fines could be in the billions of dollars. But there's a silver lining - tokens would not only bring Google into compliance, but the "shared/sold data control" would also permit Google to - for this first time - sell data about individuals without compromising anyone's privacy.

Cloud apps like Office/365, Google Docs, Salesforce, etc. are mainly concerned about better control and security.

EU privacy laws are adopted by other countries like Canada, Mexico, Japan, etc. so Fortune 500 companies must be careful. Thankfully, there's a simple way for legacy databases to covert from encryption to tokens without having to make program changes. Tokens also enable retroactive data control which protects companies from new privacy regulations that are sure to be required.

DOD, Homeland Security, and other government agencies are all about security. If authentication or permission fails for any reason, "embedded forensics" logs the event, denies the request, and can even plant monitoring s/w on the requesting device (see figure 8 of this patent).

Some industries have special needs. For example, hospitality firms offer services to people on the move. Controlling the movement of personal data is one of the most stringent parts of the EU regulations, so these firms have special compliance requirements.

The biggest growth inhibitor for IoT devices is the lack of security, and tokens provide this because they are data centric and not device centric. IoT security is crucial to avoid problems like this and this.