Do you think it could be possible at some point to add a zero knowledge encryption to all the historical data in Monzo? This will go miles in improving financial privacy for people.
What I’m thinking about is basically this - Setup
Account is provided with a public-private key pair (can be generated in the app, ideally would also have an option of importing your own). The public key is uploaded to Monzo’s servers.
I buy something using my Monzo account (card, direct debit, whatever)
Monzo processes my transaction.
Monzo uses my public key to encrypt the transaction details (merchant, amount, etc)
The encrypted transaction is saved to my account. Monzo deletes the unencrypted details from the server.
When I access my account through the app, my phone would download the encrypted data from the servers, and decode them client-side using my private key.
OK… from what? What risks are you trying to protect against that requires zero knowledge encryption to keep your data private?
You’re going down a rabbit hole full of holes you are wilfully blind to. I know lots of people who pick up and run with similar ideas only to have not considered any of the problems associated with it and the fact that what they end up with is the feeling of privacy because they think they’ve covered their backs.
zero knowledge encryption on your bank isn’t enough and won’t keep your data private. Sorry.
Not to mention the whole host of problems associate with it. If you lose the keys your money is gone, if your investigated those keys need handed over to someone, if you die your money is gone, if you can’t authenticate your self your money is gone. And there’s no actual privacy in any case because all transactions have a second agent involved, that agent will know and record the details of that transaction, meaning your banking while using zero knowledge encryption is completely transparent anyway, you just think its private.
And that’s just the start.
What you actually need to do is understand the threats you are looking to protect yourself from, the risks involved and then look at appropriate solutions that cover those specific threats.
Let’s keep our discussion about the topic, ok? We’re just talking. Saying I’m wilfully blind to things is a pretty pointless well-poisoning and doesn’t really help either of us.
To the point -
Good question. A couple of things:
A. The big one is basically mistakes. I trust Monzo are doing their best to be secure, but if they get breached and the transaction DB gets dumped, I’d love it if as much of my data as possible was unintelligible.
B. You’re alluding to government. Yeah, that too. If there’s a subpoena for my data I want it to go to me, not Monzo, because I trust myself to fight it better. Might fail, that’s ok too. At least I’ll know something’s happening.
C. Unknown unknowns. As always with security and privacy. I’d prefer to stay safe from risks that won’t manifest than wishing I did when they do.
Like everything with privacy and security - it’s a layer. There is never a single measure that will keep all the things safe all the time. It’s always some of the things some of the time. So you add layers.
You have two contradicting claims here.
A. If the keys are gone everything is gone forever (money and all).
B. You’re not gaining anything in privacy anyways.
They can’t co-exist. And actually, neither are true in what I purposed as well.
A. I suggested encrypting transaction data. Account balance was not part of the proposal (for basically that reason). All you lose if you lose your keys is historical data, nothing else.
B. In the proposal Monzo deletes the unencrypted data. Sure, I trust them to do it, but it’s better than knowing they don’t.
As others have mentioned this is probably not compliant with regulation anyways so this is all theoretical
You could make it compliant with significant work, but I think your reasons for doing so are the reasons it won’t happen.
On C. You can’t mitigate an unknown risk, its just not something people do otherwise you’d spend an infinite amount of money attempting to do so.
For b. Theres an argument to be had about the government going to you, but its not you that holds the data, its other people, the solution here would be not to use your bank for criminal activity.
For A. They do this already, for protecting against breaches and accidental disclosure there are already well established significant controls and regulation in place for this. Attempting to put in place the type of encryption suggested doesn’t really make anything safer. This is down to applying appropriate controls to mitigate a risk, and while you could throw infinite money at it, you don’t, because you’d be bankrupt.
Its the same reasons you have a basic lock on your house, you could have a 6" steel door with high security locks, but you’d have no money left and the risk you were trying to mitigate it never required one.
If I’m understanding you correctly (and please correct me if I’m wrong), your arguments against this idea are boiling down to these:
A. You have nothing to fear if you have nothing to hide.
B. The cost of implementation exceeds the benefits.
Good point about person would put up a bigger fight against the gov.
But, MasterCard would have a copy of all your transactions anyway, ( for Law enforcement to subpoena,)
Plus, if you think about there isn’t really a bad actor that wants your actual spending history, there’s nothing they can do with it, (maybe spear phishing , but they wouldn’t have other info like order number for e.g.) they want your name , d.o.b. address and card numbers etc, which isn’t (zero knowledge) encrypted . If a bank did get massively hacked , I don’t think the hackers would even dump the transaction history, it’s basically worthless.
(Not sure if my points have been brought up above)
It’s the same reason your house isn’t Fort Knox or your records aren’t (or maybe are) in a fire safe. You’ve come to the conclusion that the security you’ve put in is sufficient to deter or stop the threats your protecting against.
It’s the same here, you could put in every protection known to man, but it would be so overly complex it would make banking almost impossibly difficult, and it would bankrupt the bank.
You always put in controls which sufficiently protect against identified threats, and banks do this. So if banks were to implement this suggestion the question would be why? What are we protecting against that we aren’t already, how real is the threat, and does it make sense to put a control like this in place.