Episode Notes
Mike Chapple is academic director of Notre Dame’s Master of Science in Business Analytics program and an associate teaching professor of IT, analytics, and operations at the University’s Mendoza College of Business. In addition to business analytics, his areas of expertise include cybersecurity, cloud computing, IT compliance, and data privacy.
Prior to joining the Mendoza faculty, Mike served for six years as senior director for IT service delivery at Notre Dame. He came to the University in 2005 from the Brand Institute, a Miami-based marketing consultancy, where he was executive vice president and chief information officer. A Notre Dame alum, he also spent four years in the information security research group at the National Security Agency and served as an active-duty intelligence officer in the United States Air Force.
He and host Ted Fox got together this summer to talk about cryptocurrency, including one called Libra, which was announced this June by a group led by Facebook. Since we talked with Mike, the proposal for Libra has garnered increased scrutiny from governmental regulators around the world—on top of what was some healthy skepticism to begin with. But in the course of our conversation with him, he noted that while he’s unsure whether Facebook will be successful in developing a mainstream cryptocurrency, he expects some group will be in the not-too-distant future.
For that reason—not to mention the layperson’s guide to cryptocurrency, blockchain, and Bitcoin that he shared—this discussion is as topical as ever, as are his thoughts on how to address broader issues related to data security and privacy.
Hint: Social Security Numbers are a problem.
Episode Transcript
*Note: We do our best to make these transcripts as accurate as we can. That said, if you want to quote from one of our episodes, particularly the words of our guests, please listen to the audio whenever possible. Thanks.
Ted Fox 0:00
(voiceover) From the University of Notre Dame, this is With a Side of Knowledge, the show that invites scholars, makers, and professionals out to brunch for an informal conversation about their work. I'm your host, Ted Fox. With a Side of Knowledge is supported by Sorin's restaurant inside Notre Dame's Morris Inn, which serves breakfast and lunch seven days a week and dinner Tuesday through Saturday. If you see us recording, feel free to stop by and say hi--preferably not when we're chewing. And when we're not recording, or chewing, you can always find us on Twitter, where we are @withasideofpod.
Mike Chapple is academic director of Notre Dame's Master of Science in Business Analytics program and an associate teaching professor of IT, analytics, and operations at the University's Mendoza College of Business. In addition to business analytics, his areas of expertise include cybersecurity, cloud computing, IT compliance, and data privacy. Prior to joining the Mendoza faculty, Mike served for six years as senior director for IT service delivery at Notre Dame. He came to the University in 2005 from the Brand Institute, a Miami-based marketing consultancy where he was executive vice president and chief information officer. A Notre Dame alum, he also spent four years in the information security research group at the National Security Agency and served as an active-duty intelligence officer in the United States Air Force. We got together this summer to talk about cryptocurrency, including one called Libra, which was announced this June by a group led by Facebook. Since Mike and I talked, the proposal for Libra has garnered increased scrutiny from governmental regulators around the world on top of what was some healthy skepticism to begin with. But in the course of our conversation, he noted that while he's unsure whether Facebook will be successful in developing a mainstream cryptocurrency, he expects some group will be in the not-too-distant future. For that reason, not to mention the layperson's guide to cryptocurrency, blockchain, and Bitcoin that he shared, this discussion is as topical as ever, as are his thoughts on how to address broader issues related to data security and privacy. Hint: Social Security Numbers are a problem. (end voiceover)
Mike Chapple, welcome to With a Side of Knowledge.
Mike Chapple 2:29
Thanks, Ted, it's nice to be with you.
Ted Fox 2:31
So I approached you about doing this episode after I read a Notre Dame News story where you were quoted talking about kind of some of the benefits and drawbacks of this new cryptocurrency from Facebook called Libra. And that story was a really good reminder to me of how little I actually know about cryptocurrency and Bitcoin and all these other terms that get thrown around all the time. And I'm hoping I'm not alone in that because some of what I want to ask today draws on your expertise in cybersecurity issues and things like that to hopefully give us more of a lay of the land of what all these things are that we're talking about. So if we could, I'd kind of like to just start with the 30,000-foot view of, What is cryptocurrency? And what in our present-day security environment, where we hear about breaches and these things all the time, what makes cryptocurrency appealing? What's its reason for being, I guess?
Mike Chapple 3:29
Sure. So cryptocurrency at its most basic level is just digital money. We're just taking the concept of currency that we've had for thousands of years and trying to move it into the online world. And I think the most common cryptocurrency that people are familiar with is Bitcoin because it was one of the first, and it's the one that's gained the most traction. The driver behind cryptocurrency is having a form of money that's decentralized and anonymous and not counterfeitable. So we're taking all these key attributes of things that we wish would be true about our real money and applying it in the digital world. And I think when we transact online today, we know that we're being tracked so many different ways, right? We don't really have privacy when we're buying something online. We have cookies in our web browser that are tracking us, we have to use a credit card that's being tracked, and we're creating this digital trail. When we purchase things in the physical world, we can walk into a store and use cash and not necessarily have a record of that transaction, right? So what cryptocurrency is trying to do is build that same type of currency that can be used anonymously and securely in the online world.
Ted Fox 4:44
That's a really--that makes a lot of sense, and I feel like I already have a better understanding of it than I did two minutes ago. So the term "blockchain," I think, is the technology that makes a lot of these cryptocurrencies possible. And I loved this, because I looked this up in Wikipedia, and the start of the Wikipedia entry was: "A blockchain ... is a growing list of records, called blocks, that are linked using cryptography. Each block contains a cryptographic hash of the previous block, a timestamp, and transaction data (generally represented as a Merkle tree)." So I was a little lost. And that was even before we got to Merkle trees at the end. I know it'd probably be beyond my grasp, a real technical explanation. But you talk about cryptocurrency trying to almost replicate that experience of cash in a digital world. What does blockchain do that it allows it to approximate that?
Mike Chapple 5:38
Sure. So everything you just read from Wikipedia there is true. I think I could sum all that up ...
Ted Fox 5:42
Yes.
Mike Chapple 5:43
As blockchain is cryptography being used to create a ledger. And cryptocurrency does rely on blockchain. I think it's important to draw a distinction between the two things. Like, blockchain is a foundational technology; cryptocurrency is the first major application of that technology, but we're going to see many others, as well. What the blockchain allows us to do is to create essentially a database that anybody can add to, and nobody can change. So in the computer science world, we term this a distributed, immutable ledger. So it's immutable because nobody can change it. And it's distributed because it's spread all over the place. When we use a blockchain, we're spreading the data across many systems around our company, around the country, around the world, in order to make sure that the data can't be destroyed, either intentionally or accidentally.
Ted Fox 6:37
And you mentioned right there that cryptocurrency is kind of the first application of blockchain. Is it on the horizon other ways that might be used?
Mike Chapple 6:49
There are. There are a lot of other potential applications of blockchain. And I'd say the research and development team at every company in the world right now is trying to think about how blockchain could change their business. There are some obvious applications; one of them is property records, right? You look at the chain of custody of property. And this is something that's plagued attorneys and realtors for title companies for decades, for centuries, of being able to trace the ownership of property over time. And what we need to do that is a ledger, and wouldn't it be great if that ledger was distributed and immutable, right? So this gives us an opportunity to apply blockchain. Cook County, Illinois, where Chicago is located, did a pilot project of this trying to track property records for their area, and they did this in conjunction with some other recorders offices throughout Illinois. And, you know, they found that the technology seems to work for applications like that. Other examples are supply-chain management. So for companies trying to track the components that are coming in from different suppliers and how they're being assembled in the products, they can use blockchain for that to keep those records. In the grocery store, we're seeing blockchain appear where people are using blockchain to trace the origins of produce and meat and be able to, when there's a salmonella outbreak or something, trace it back and figure out where those products came from and locate other products that came from that same source. So we're going to see dozens and dozens of applications of blockchain technology over the next decade.
Ted Fox 8:17
You've already used the word, so I'll bring it up: Bitcoin. I've often heard people--for instance, characters on The Big Bang Theory--talking about mining it. I was reading a story yesterday about people trying to crack a puzzle where they needed to basically crack these private keys to open a collection of wallets that contained what was a million dollars worth of Bitcoin that was only like 102 coins, but it was worth a million dollars. And from what you've said already, what I've read, I know that Bitcoin is a type of cryptocurrency, it's probably the most well-known cryptocurrency. What are people talking about, for instance, when they "mine" it? What does that mean when you talk about mining Bitcoin?
Mike Chapple 9:04
Sure. So the way that Bitcoin is designed, it's designed around hard math problems. And those hard math problems are what makes Bitcoin secure and gives it all those properties of being immutable and being secure. So mining is how new Bitcoin are created. And what the mining process is doing is using computing power to solve those really difficult math problems. And so if you want to go get a new Bitcoin, you have to contribute computing power to the Bitcoin process. And when you do that, you're rewarded with a very small piece of a Bitcoin or even an entire Bitcoin every once in a while. So that's what the mining process is, and it can take tremendous amounts of computing power; people have built businesses now around Bitcoin mining. So I think the days are long gone where you or I could sit down with our laptop and run some software and create some Bitcoins. Ten years ago, you could do that; today, you need to have very special-purpose computers that are designed specifically for the purpose of mining Bitcoin in order to have any type of financial success doing that. I think the amount of electricity that's required is also one of the limiting factors, right? You have to make sure that the mining you're doing is going to be profitable and that you'll mine more Bitcoin than you're going to spend in electricity. So for this reason, people who are doing these Bitcoin mining operations are putting them in all sorts of strange locations. In Iceland, near power plants, places wherever power is cheap, you find Bitcoin mining happening.
I think one of the other issues that this electricity consumption brings up is an ethical issue, right? Is this a good way to be using our world's resources? The amount of electricity that's being used for Bitcoin is staggering. There are some stats out there that say just processing one Bitcoin transaction--so that, like, if I give you a Bitcoin, that transaction consumes as much electricity as 400,000 credit card transactions.
Ted Fox 10:58
Oh, wow.
Mike Chapple 10:58
It's the same amount of electricity that could be used to power 20 households in the United States for an entire day.
Ted Fox 11:04
Wow.
Mike Chapple 11:05
The statistics are just astounding. Current estimates are that Bitcoin alone is currently consuming three-tenths of a percent of the world's electricity. And if Bitcoin were a country, it would be the 40th largest country in terms of electricity use. So this is something that's really important for us to think about, right? While Bitcoin and cryptocurrency are creating all these potential benefits in the online world, there's a real impact here in the physical world today, and we have to decide if this is really a good use of resources
Ted Fox 11:34
That leads naturally into Libra because it does seem like a different kind of cryptocurrency than something like Bitcoin. One of the differences I know that you noted, and maybe this will shed some light, too, because when we talk about Bitcoin with these really difficult math problems that take all this computing power to solve--because where's the value coming from?--I know we talk a little bit with Bitcoin about market demand driving value. One of the things you pointed out about Libra is that it's going to be backed by financial securities, which is something different. Can you talk some about that, and what else so far--I know they announced Libra, it was like a month ago or something when they did kind of this big rollout--what are some other ways we know at this point that it's going to be different than our experience with crypto so far?
Mike Chapple 12:21
Sure. So Libra is still just an idea is one of the important things to look out for. You can't get a Libra coin right now, it's still an idea that's under development. And I think it's one that's very promising. It has a lot of benefits; it also has some drawbacks. The benefits are that it, first of all, it doesn't use all the electricity that Bitcoin uses, it's designed to use much less power because it's not designed around difficult math problems. Instead, it's designed around a little bit of trust. It's being put together by a coalition of companies, universities, and nonprofits, led by Facebook, that are looking to create a system that's maybe a little more centralized than something like Bitcoin is. So instead of having trust in the difficulty of math problems, we're putting trust in these organizations to run a secure infrastructure. So we'll have less power consumption. There's a couple of other major benefits to this approach. One is that because it's being led by companies like Facebook, it's likely going to be very easy to use, where Bitcoin is very difficult to use. If you want to go buy a Bitcoin, it's hard.
Ted Fox 13:23
And I was gonna, just what you were--just even the idea of it getting its value from solving these difficult math problems. It's like, How would I ever even spend this? Like, it [Bitcoin] doesn't feel like the kind of thing ... that you would use to purchase something.
Mike Chapple 13:37
Yeah, that's a reasonable conclusion, right? You can, theoretically, use Bitcoin to purchase things. And there are companies that accept Bitcoin, but estimates are that the vast majority of transactions that take place today with Bitcoin are speculative in nature, right? It's people just trading Bitcoin as an investment, a pretty risky investment, but they're treating it that way, as opposed to transactions where goods or services are being exchanged.
Ted Fox 14:02
Right, right.
Mike Chapple 14:03
So I think one of the things that Libra will do besides making it easier to use cryptocurrency is eliminate the speculation because Libra is going to be pegged to the traditional world currencies; they're going to take the dollar and the euro and some other world currencies and create a financial reserve that will set the value of a Libra coin. So there won't be any point in investing in Libra because you're just investing in a big basket of the world's currencies, right? So with Bitcoin, there is no fixed value, so the price of a Bitcoin is set by demand for Bitcoin. And the demand for Bitcoin today is being generated almost entirely by speculation and the future value of Bitcoin, so it seems like it's a bubble that just building up and getting ready to burst.
Ted Fox 14:49
And I think when I looked--I mean, I know because it's market demand, it's gonna fluctuate--I think when I looked as of yesterday and kind of using that example of 102 Bitcoins being worth like a million dollars, I think it was like one Bitcoin was worth like $13,000 at the moment, like if you were to translate it. Whereas what I've read about Libra, it's supposed to be more like a currency more that we know.
Mike Chapple 15:12
Right, exactly. If you look at the history of the price of Bitcoin, it's incredibly volatile. It's more volatile than the S&P 500. So it's an incredibly risky thing to invest in. The companies that actually do accept Bitcoins for transactions, the first thing they do when they get a Bitcoin is liquidate it because they want to know how much money it's worth.
Ted Fox 15:32
Right.
Mike Chapple 15:32
And this price fluctuates all over the place, making Bitcoin impractical for use in commerce. I think what we'll see with Libra is the fixed value will make it something that people just keep money in, if it winds up building momentum and taking off. And most likely, they'll set the price of a Libra to be equal to some recognized unit of currency, right? So one Libra coin might be worth one U.S. dollar, or maybe worth one euro, we'll see. They haven't set that exchange rate yet, but it will be a fixed exchange rate that's tied to one or more of these currencies that are in the reserve.
Ted Fox 16:05
I mean, the idea being theoretically, if this gained broad adoption, and we can talk about that in a few minutes, but theoretically, I could, or someone could, go into Target or go on Amazon and see a price for something that--this gallon of milk costs four Libra. And that would be how I would pay for it as opposed to four U.S. dollars.
Mike Chapple 16:25
Right. I think that's the idea that everybody has. I think that day is probably quite some time away before you see it being used at Target.
Ted Fox 16:32
Right. So I think it's clear from everything we've been talking about--and at least for me sitting in this position--like Libra seems a lot, it seems a lot more intuitive than Bitcoin to someone who doesn't go around trying to direct massive computing power at solving math problems to generate value. And so for that reason, it might be more appealing, it's more intuitive to understand. I know there's drawbacks, and there's security concerns to something like this. I mean, I'm sure just when you say, "And Facebook's kind of heading this up," people's antenna kind of go off like, Okay, they've had some problem with data breaches and things like that. So what are the things we should be concerned about when we're hearing about this great new idea that's still just an idea at this point?
Mike Chapple 17:17
Right. So I think people do have some grave concerns about the fact that Facebook is leading this coalition. I mean, we're chatting today, the day after Facebook was just assessed a $5 billion fine, the largest fine ever assessed by the FTC against a company for anything, for this privacy issue they had with Cambridge Analytica. So I think the fact that they're the leaders behind this is a benefit and a drawback. It's a benefit because everybody uses Facebook, and everybody knows how to use Facebook. But it's a drawback because a lot of people don't trust Facebook. So we'll just have to see how this works. I think Facebook's response to that, besides "Trust us," is that it's not just them; it's a coalition of companies and nonprofits and educational institutions. But it's important to remember that Libra doesn't exist yet. It's still an idea that hopefully will be intuitive. And we'll just have to see as it begins to take off, if it does, how this coalition plays a role and what power Facebook retains in the operation of it.
Ted Fox 18:14
And I think I remember in reading that story, you talked about there's kind of this sense--at least the information that's been put out so far is, Oh, don't worry, we're not going to incorporate this with your Facebook contacts or anything like that. And I think you pointed out in that story, they're saying that; there's nothing that we know at this point that technologically would prevent them from doing that. It's just kind of, Okay, these are the terms of service, and we promise this is how we're going to do it. Which again, yes, especially with Cambridge Analytica and all those things can seem like kind of a scary proposition.
Mike Chapple 18:47
I agree. I think the reality is that Facebook has made promises in the past that they haven't kept, but especially when it comes to the exchange of information, right? We've seen them share information that they said they wouldn't share with people that they said they wouldn't share it with. So I think there's not a lot of trust out there in Facebook's ability to keep sensitive information private.
Ted Fox 19:07
Are there any other--I guess what we just talked about there with Facebook kind of heading this coalition, how secure is the data--are there any other kind of top-level concerns that you see with something like that? Or is the security of our personal data, is that the main thing we should be thinking about and asking ourselves about when we look at something like that?
Mike Chapple 19:24
Yeah, I think the main question is going to be one of privacy. I feel like that with the people involved designing this that it's most likely going to be designed in a pretty secure way. So I don't think it'll be put together in a way where people are going to be able to just steal your Libra coins; we'll see, that is a big problem with Bitcoin today, that they're basically just digital files, they're just bits and somebody gets those bits for your Bitcoin, then they have your Bitcoin, right? So we have to be careful about how we secure any of these technologies. But I think what differentiates Libra at least from the perspective of what we should be concerned about is the fact that it's not as decentralized and anonymous as something like Bitcoin. That's the tradeoff we're making to get something easier to use. But it also introduces these privacy concerns.
Ted Fox 20:13
One question that was asked to me actually by my wife when I was telling her about this interview and what we were going to talk about today--and I did some reading on the TechCrunch site, and I think I got a little bit of a sense of it--but when we talk about the use of something like Libra and these tradeoffs to make it more accessible and more usable on a day-to-day basis, what would be the reasons that someone would choose to use a cryptocurrency over traditional money? I know we talked about kind of replicating, almost replicating, that experience of cash in an online environment. But if my understanding's right, it's maybe not as relevant in the United States. But there might be, in terms of credit lines or sending money abroad or whatever, it seems like maybe some issues that we're not as familiar with in this country, but on a global scale, which is another reason why Facebook is so appealing, because it's a global footprint. But what are some of those things that would make cryptocurrency, Facebook's Libra, whatever it might be, more appealing for someone to use than a traditional currency?
Mike Chapple 21:14
So there's three things that come to mind for me. One of them is one you just touched on: the fact that a digital currency, a cryptocurrency, doesn't have to respect any national boundaries, right? If there was a fixed value for a Libra coin or some other crypto coin, there's no exchange that needs to be done, we don't have to have an exchange rate to send a coin from Switzerland to the United States or to someplace in Africa, right? It has a fixed value wherever it is around the world. So that's one piece of it. The second thing that this enables is people to engage in banking without necessarily having a relationship with a bank. So we think about this problem in the world of the unbanked populations and people not having a secure way to keep money because they just simply don't have access to a bank account. If something like cryptocurrency is available on a platform like Facebook that's accessible to everybody, then we have a banking system that's accessible to everybody without the barriers involved in opening a bank account. And then the third thing that might drive people towards something like this is sort of the darker side of cryptocurrency. A lot of the transactions that take place today for Bitcoin are for things that are a little shady, right? There are drug deals that happen on the dark web using Bitcoin, there are personally identifying information that's bought and sold as part of identity theft, these transactions are taking place with Bitcoin. So an anonymous currency is certainly something that's appealing to the criminal element. It's not much different, though, than somebody handing you a suitcase full of money, right? You certainly wouldn't want to charge drugs on your credit card, right?
Ted Fox 22:51
(laughing) (attempt at a robot voice) "Purchase for drugs." (end poor robot imitation) No, that would not be good. I talked about reading that story on TechCrunch, which was like this 4,000-word treatment of the idea of Libra and what it was going to be. And it wrapped up, there was a sentence at the end that said, "Facebook just tried to reinvent money." And I'm just wondering, from your perspective, does that sentiment ring true? And do you think they will be successful? And what even would success look like? I'm not even sure I know what to look at--20 years or 10 years, whatever the time horizon might be--and say, Oh, that was a successful thing that we did in trying to reinvent money.
Mike Chapple 23:30
So I don't know if Facebook will be successful at this; I do think that somebody will be successful. I would say the world is actively trying to reinvent money right now. And Facebook and the Libra coalition are one of those groups that are attempting to do it. We will likely see one or more cryptocurrencies become mainstream in the next 10 years. I think it's a natural evolution of the way that we engage in commerce. Personally, I don't think Bitcoin will be the currency that does that. I think it has just some inherent problems. And we talked about the power consumption problem and the volatility, right? People do not want to hold onto a Bitcoin because when it's worth $13,000 today, it might be worth $6,000 tomorrow. So you're better off putting your money in penny stocks and holding it there, and maybe it'll be a little less volatile. So I think it will be one or more different currencies, I think the defining characteristics will be the things that are supposed to define Libra: that they're easy to use, and that they're backed by some kind of reserve. You know, when the U.S. dollar started, it was backed by the gold in Fort Knox, right? There was a reserve there to establish the value of that money. Now of course, over time, the dollar took on its own value, and the gold does not match the dollar dollar-for-dollar anymore. But I think for a cryptocurrency to start successfully, it's going to have to have that same stable base of value, and maybe that reserve won't be necessary forever, but it's certainly going to be necessary to get it established and off the ground.
Ted Fox 24:58
Kind of as we near the end here, I wanted to broaden the conversation a little bit because one of the things that we were talking about before we started recording--I mean, your expertise is not just in cryptocurrency specifically, but it's kind of a whole range of cybersecurity and issues along those lines. It's relevant to one thing--it struck me when you were just talking a few minutes ago about things going on on the dark web, like trading and selling of personal information and things like that. And you published a really, I thought it was a fascinating piece on CNN Business like a month ago, and it was about Social Security Numbers. Social Security Numbers, of course, are always--I mean, they always seem like they're at the center of these privacy concerns. And you made a point in that piece about, we're using Social Security Numbers for two different things: We're using them for identification, and we're using them for authentication. Can you unpack the issue with that? And it was really kind of a bold and novel different kind of solution you propose to this problem that really--I loved what you said in there about like, Yeah, you know, you get your letter from Equifax or wherever else saying like, Oh, you have credit monitoring services, and we just wait for the next breach to happen. And you had kind of a different take on how to address that.
Mike Chapple 26:15
Yeah. So let's talk about the core issue first, like what's wrong with Social Security Numbers? And we think back to the New Deal and why Social Security Numbers were created in the first place, right? We had Social Security established as a program for retirement security for people to be able to make payments into an account over time that were then invested in very safe and stable investments. And then it would pay them benefits when they were retired or disabled, right? So the Social Security Administration that was established to run this program needed a way to track all those contributions that people were making. So like most people when they needed to track money that was being paid by somebody, [they] gave them account numbers. And that's where the Social Security account number, which was the original name of the Social Security Number, was born as a way to just track those earnings. And employers would ask for your Social Security Number and then use that to report your payroll taxes to the government. And so that was the original purpose of Social Security Numbers, to identify people, and it was meant for others to have. You would give it to your employer; it wound up spreading in use, being used by financial institutions, even your dentist will ask for your Social Security Number these days as a way to uniquely identify you because it was an easy number.
The challenge is, society has shifted and started trying to use Social Security Numbers for a different purpose, for something called authentication, right? Not just identifying you, but proving your identity. So somewhere along the line, we made the shift and said a Social Security Number is not like your name meant to identify you; it's more like a password meant to prove who you are. But the problem was, lots of people know our Social Security Number, we've voluntarily given it to lots of people, like we just mentioned, and other people have stolen it from Equifax and other places. So there are a lot of people out there who know your Social Security Number, right? Anybody you have ever worked for, every school you have ever attended, lots of doctors and hospitals and banks, and almost anybody you have ever done business with knows your Social Security Number. If we allow that to be proof of identity, any of those people can then prove that they are you, right? So this is a fundamentally flawed system, where we're trying to use something that was meant for identification for the purpose of authentication. So that's the basic problem we have.
And the solution that I proposed that you mentioned is--it seems like a dramatic one. But it's actually, in my mind, the best way to solve this problem, and is that we just say, five years from today, we're going to publish everybody's Social Security Number. We're just going to print it in the Federal Register. Everybody will know everybody else's Social Security Number. We've been trained to keep our Social Security Numbers private, so this seems like a crazy idea. But in reality, what that does is it makes a Social Security Number completely useless for authentication. So we'll end our reliance on Social Security Numbers and force us to move to something else. And now that something else is tricky; what's that going to be?
Ted Fox 29:04
Sure.
Mike Chapple 29:05
How do we create a national digital identity and some sort of infrastructure to be able to prove who we are in a secure manner? That's the reason I say we should publish them in five years, right? Because industry can develop this, the technology exists to do it, there are a lot of political issues that we need to sort out to get it done. But if we set a little time bomb and say, five years from today, we're going to publish everybody's Social Security Number, that will force us to develop that technology and implement it before that time bomb goes off so that we still have a way to do authentication.
Ted Fox 29:36
I mean, would that be something where blockchain could potentially be useful in an environment like this? Or is that a completely different kind of ...
Mike Chapple 29:45
So I think technologies related to blockchain. So blockchain is built upon cryptography, and there are other elements of cryptography that make it easy to prove identity. And so this exists, and we prove our identity online all the time, right? We have passwords that we use to get into systems at work or our email or whatever. We have multi-factor authentication, right? So we have people sending text messages to our phone, we have other ways that we're proving our identity. So this all exists; we just have to put all these pieces together in the right way.
Ted Fox 30:17
Yeah. Is there anything else, just kind of again in the broad level--I mean, I know you wrote this piece about the Social Security Numbers, we talked about with cryptocurrency and kind of some of the benefits of being able to have more anonymous transactions--are there any other kind of broad areas cybersecurity-wise that you feel are kind of, I always hate to ask people to say "the most important" or "the most pressing," but anything else that kind of elevates to you above the pack?
Mike Chapple 30:49
I think the other major issue that we need to address as a country is privacy, right? And what we expect from businesses and other organizations when it comes to the privacy of personal information. So the European Union has already addressed this. You're probably familiar with the General Data Protection Regulation, GDPR, which is a broad and sweeping privacy law that basically says that if you have personal information about people in Europe or who are citizens of the EU, then you are required to treat that information as private and sensitive and not to share it without consent, to tell people how you're going to use it, to give them the right to delete the data that you have, and all sorts of other controls for any type of personal information. Here in the U.S., we have some privacy laws. Most people are familiar with HIPAA affecting your healthcare records, right? There are other very targeted laws and regulations that affect financial information and educational records and some other things. But what we lack is an umbrella law that just says personal information needs to be kept private. And in the absence of that kind of law, we have companies doing all sorts of different things. I think GDPR, at least for multinational companies, has shaped in many ways the way they do business around the world. But it has no teeth here in the United States because it's not a US law, it's an EU law. So what we need in order to fix these issues and drive change is a similar law here in the United States that just treats all personal information as private, and it's protected by default.
Ted Fox 32:20
That makes sense. Mike Chapple, this has been a pleasure. Thank you for making time for the show.
Mike Chapple 32:24
Thanks, Ted, my pleasure.
Ted Fox 32:25
(voiceover) With a Side of Knowledge is a production of the Office of the Provost at the University of Notre Dame, with support from Sorin's restaurant. Our website is provost.nd.edu/podcast.