As you may have heard, Peter “Mudge” Zatko raised issues as a whistleblower at Twitter, where he worked as head of security. He was brave to do this, and I applaud him for raising awareness of this critical issue. I’ve seen it in almost every company I’ve ever worked with (across 16 industries).
He used a simple analogy: On an airplane, if the cockpit doesn’t have a lock on it, everybody on the plane has access to the controls of the plane.
Let’s dive into this a little deeper.
In a tech organization, or really any business, there are multiple pieces of software that run different functions inside the company — marketing, sales and operational systems to process orders (or tweets in this case), and so on.
Your data, more often than not, ends up sitting in more than one place, copied on an ongoing basis when updated, across these systems. In an ideal world, your data would sit in one place and be accessed with proper security, etc. However, we do not live in an ideal world.
One of the main things that Mudge said was over a thousand people had access to the personal information of the users. Incredible, right? The problem is totally obvious to those of us in the industry.
In reality, many people – business folks, technology support folks, administrators of the databases and others – have access to this data. Proper organizations severely limit this, but even in most companies, administrators have full access to your data and those roles are often outsourced to the lowest bidder. While many of these outsourced positions are held by reputable individuals, many aren’t; this represents what we call an “attack vector” in the security industry.
This goes further, right to the core of the way these software platforms are written. When you sign up for Twitter, you provide a bunch of personal information. We all do this so much that many people don’t even think about it. It’s necessary…. unless there’s an identity service that can provide assurance of who you are to Twitter, so they don’t have to ask for all that info.
There is something that makes this even worse.
You can go to your profile, see your current information, and edit it; maybe change your home address, or your phone number, or even your credit card or bank account information. For that web page to allow that, there has to be an interface from the web page through the back-end software systems to the database, in order to retrieve all that info that it’s showing you on the profile page and allow you to change it.
That’s a giant point of attack. TrueNews, and really the underlying MeUs Identity platform, does it differently.
When you define your address, you give it an alias (i.e. homeInFlorida), or a credit card (myAmex), etc. There is NO webpage where you can view this information. The information is held in one place, with proper encryption, so that even administrators of the system (which are very restricted in number) can’t see the data either.
If you want to change your address, we show you the list of aliases that you defined, and you can delete one, or change it by providing new values. And that data is encrypted immediately after you submit it.
Seems simple, right? But no one does it.
There are lots of other ways that your data is copied (often for testing) without being properly obfuscated, and sold to other companies without your knowledge, etc.
Over a decade ago, I recognized these issues and began work on the MeUs Identity platform to fix this.
These are critical issues that companies need to deal with if they have the stomach to spend the money, simplify their infrastructure, and respect their customers.