Fake news has been a popular topic for a few years, especially how it impacts politics and elections. Fake videos are becoming more relevant too, especially when technology enables the creation of videos where faces and voices can be seamlessly implanted. The most recent Mark Zuckerberg fake video was a reminder that this is really happening.
However, a potentially more dangerous threat comes from fake data in all formats and why it is also a bigger personal risk than data leakages.
The idea of fake news, videos or data more generally is to have something that people believe to be authentic or valid, even though it is not. The fake material is then used to change people’s opinion, sway decisions or cast a slur on someone. They are used frequently in politics but can also be used in business, for example, to cause trouble for a company, manipulate stock prices or create support for competitive businesses or companies.
At both business and personal levels, stolen data and misuse of confidential data have been the main issues, e.g. someone uses a company’s business secrets, steals an identity, or reveals personally sensitive information. As we know, this can cause all kind of business and personal issues, but it is not always the worst option – what if data was fake?
Someone can create fake rumors about a person, or a company and they are a kind of fake news. Fake rumors are probably a very old model to cause harm to someone and it is very hard to fight against them, if they are good stories. How about going deeper into your data. What if someone could create a new credit history for you, new family details, a criminal record or health records. Basically, many parties have a lot of data about us and it has a lot of impact on our lives, but if that data was modified, it could really cause trouble.
Let’s imagine a storyline for a thriller where a person’s entire historical information is changed. He doesn’t work in his workplace anymore, he doesn’t live in his house, he isn’t married to his partner, isn’t the parent of his children, doesn’t have access to his bank account and isn’t the person in his passport. Basically, the person would longer be the person in his or her life. The scary part is that this is no longer a fictional plot for a TV series – it could actually happen to someone.
You might say this fake data was easier to create before the digital era with paper documents. While it may be true, with digital information the impact of fake data can be much greater, and it can be generated at a much larger scale. The fake data can be distributed to many places quickly. There are already examples, how a simple error in one master system changed the name of a person, the new name is distributed to all relevant places, including the passport office, health care service and banks. Suddenly the person cannot use any services with his real name and his ID is no longer valid. If your fingerprints and face don’t match the government’s passport and ID database, which is considered to be the real one?
Fighting against fake data needs other means than just protection of data from leaks and theft. We can say there should be enough safe places where the information is hard enough to change. There should also be models on how to handle information that seems to be incorrect. In practice, this requires complex models, with no system totally safe it is hard to know what information is really correct, or if some information has been modified.
This requires planning on how to handle this risk. Some organizations and people might still say it is enough to have safe authority, bank and health care organization databases that have the master copies of the data, but this is naïve thinking. We have seen enough cases that prove no system is totally safe.
An important aspect is also the legal protection of individuals. If your digital data is only stored and managed by the government, banks, health care organizations and big companies, how can you prove that your data is correct or even know if it is correct in those systems. Individuals should be able to protect against criminals but also against government, authorities and big businesses. But how do you do it if they manage all your data?
We are starting to see possible solutions to prevent this threat. For example, solutions to control personal data, blockchain type solutions to track all transactions and history of changes and models to check data from reliable sources and verify its integrity. But we are still in the very early stages. The first step is really to recognize the risk and include it in the design and regulation of data systems. Data already plays a central role to drive our daily life. We must be able to guarantee that our data is correct, and that it is me who defines my data and not that the data makes me someone else.