Credit bureaus as fundamentally dangerous businesses

I received a lot of push back against my suggestion that Equifax should be shutdown in response to the massive data hack that has been described as the worst leak of personal info ever. Many people thought that this was too drastic: one comment was that it “would shake the ground under capitalism.” Some thought that all computers can get hacked and we cannot keep shutting down a company whenever this happens.

I think of this in terms of the standard legal maxim of “strict liability” which is described for example here:

A strict liability tort holds a person or entity responsible for unintended consequences of his actions. In other words, some circumstances or activities are known to be fundamentally dangerous, so when something goes wrong, the perpetrator is held legally responsible.

I regard credit bureaus as fundamentally dangerous businesses that ought not to exist in their current form. When something goes wrong in these businesses, the liability should be absolute and punitive. What has happened in Equifax is so bad that imposition of a reasonable liability would simply put them out of business. Simultaneously, we start building modern, safer alternatives to this fundamentally dangerous business.

I see the past, present and future of credit bureaus as follows:

1. Past: Credit bureaus were first formed more than a century ago in the age of paper records and manual systems, and the business was relatively safe at that time. Society therefore encouraged the growth and development of these institutions.

2. Present: With the emergence of the internet, the business has rapidly become a systemic risk to the entire financial system, but till now we have tolerated them because there seemed to be no viable alternatives.

3. Future: Recent advances in cryptography today provide much safer alternatives to the credit bureaus in their current form.

We are today at the cusp of the transition from the second to the third stage:

• Credit bureaus are fundamentally dangerous businesses.

• They have become large, profitable and powerful and see no need to change. Change will have to be imposed on them by forcing them to internalize the negative externalities that they create for consumers.

• It is possible to move quickly toward safer alternatives that use homomorphic encryption and other tools of modern cryptography.

I plan to write a separate blog post on how homomorphic encryption can solve the problems that plague current credit bureaus.

Posted at 4:44 pm IST on Mon, 16 Oct 2017         permanent link

Categories: bond markets, fraud, risk management, technology

Comments