The Attorney General of the United States announced that the government had confirmed that the Equifax hack was the work of the Chinese military. You can find both red and blue flavors of this story all over the interweb, so I won’t get into the politics of it here. But, as we enter the age of AI-assisted warfare, it’s important to unpack some of the underlying issues.
Quick History of the Equifax Hack
In September 2017, Equifax announced that roughly 150 million customer profiles were either fully or partially hacked. The hack occurred in March 2017, but Equifax waited until September 2017 to own up to it. From the perspective of scope and scale, it remains one of the largest and most serious data breaches to this day.
What They Got
The information that the hackers got was actionable from March to September 2017. The credit card numbers were fresh, the passwords still worked, etc. None of that is true now. Every credit card has been replaced; all passwords have been changed. Back in 2017, a hack like this was economically motivated. Credit card fraud and minor identity theft crimes are victimless. Unless the crime is over $2,500, it is not a felony, and you and the credit card companies are insured for the loss. Through the lens of the 2017, this was big and sad, but only devastating to Equifax’s share price, public trust, the company’s reputation, and a few insurance companies that had to cover the losses. That was then.
The Equifax Hack in the Age of AI
Fast forward to today. What is the value of the Equifax information to any hostile party? To answer this question, you need to know what kind of information Equifax aggregated. What did your enriched profile at Equifax contain in 2017?
Data is more powerful in the presence of other data. The more you know about someone or something, the more actionable the data set becomes. If I know your name, it’s useful at a party or when we meet, but it doesn’t do much more for me. Adding your address means that I can send you stuff, pick you up, drop you off. Add your email address, I can contact you. Add your insurance company, I can send you an offer to buy more, better, or cheaper insurance. Add your car, your mortgage, your credit card debt, your payment history, the make and model of every car you’ve purchased or leased… The more data you have, the more actions you can perform.
Now, multiply this by 143 million people, and two things come to mind. First, this is the definition of “big data.” This data set is gigantic. Unless you know what you’re looking for (credit card numbers, passwords to bank or brokerage accounts, etc.), it’s not super useful in 2017. Second, it’s not 2017; it’s 2020. In 2020, I can use machine learning to find patterns that were not findable in 2017.
The Real Danger of Aggregated Data
In 2017, only the most cutting-edge computer scientists could have imagined the capability you would have in 2020 to weaponize the Equifax data from 143 million Americans. (Yes, if you have a valid credit card and a laptop, you can rent the AI you need to make 143 million profiles actionable from Amazon, Google, Microsoft, IBM, and Salesforce, and find all of the code you need on Github; it’s a fun morning project.) Considering what you can do with a Starbucks card (free Wi-Fi) and a laptop, imagine what the AI capabilities of China (or any other nation-state) might be.
For example: the time series of your payments tells a story. The amounts you pay. The things you are paying for. What you already own. What you have not been able to purchase (due to your credit history). Modern pattern-matching algorithms can make predictions about consumer trends, economic conditions, aspirations, etc. If a hostile government wanted to do super-targeted propaganda campaign to incite people who felt oppressed by the realities of the financial system, but were making enough money to join together and empower each other… well, you get the picture. This is a treasure trove of data for AI, and you don’t need to know much about AI to understand the ramifications.
Data Privacy is the New Black
I’m not scared of Chinese hackers. I’m not worried about what has been done with the Equifax data. I’m worried about what will be done with all of our data. We create so much of it every day, and we openly share it with half the world. Here are my questions for you: What data should absolutely be private? What data should be private, but if hacked would be OK? What data doesn’t matter?
Take the Survey
If the survey is not visible, click here.
Author’s note: This is not a sponsored post. I am the author of this article and it expresses my own opinions. I am not, nor is my company, receiving compensation for it.