Happy Monday and welcome to Patent Drop! 

Tech companies have more of your data than you probably realize. Today, we’re checking out some of the emerging ways those firms are handling their data stockpiles. Amazon is getting to know the nature of its clients’ data; Coinbase is figuring out an emergency escape plan; and PayPal wants to quit being a hoarder. 

Let’s get after it. 

#1. Amazon’s data hound 

Amazon wants to handle your data with care… or at least nag its AWS customers to do so. 

The company is seeking to patent “statistical techniques” for detecting sensitive data. Essentially, this tech uses machine learning to determine the probability of whether or not a dataset includes sensitive information, such as addresses, IP addresses or phone numbers. 

If the machine learning model predicts that a dataset may contain sensitive data, the system will inform the owner of the dataset and suggest that a sensitive data handling policy be enforced, such as “an encryption policy, or a policy that results in the isolation or deletion of the sensitive data.” If the owner of the dataset claims that the system falsely detected sensitive data, that information is used in turn to train the model to be better at detection.  

Given the rapid rate at which data is being collected, Amazon said, detecting the presence of sensitive data to keep it safe from security breaches and ensure compliance with privacy regulations remains a “non-trivial technical problem.” 

“The sophistication of network-based attack mechanisms has increased,” Amazon said in its filing. “Hardware and software engineers keep enhancing the built-in safety mechanisms of computer systems, while attackers keep discovering new avenues for penetrating the defenses designed by the engineers.”

Millions of people have been affected by breaches of AWS clients in recent years. In a notable instance in 2019, a former Amazon employee stole the personal information of 100 million CapitalOne customers by exploiting the credit card company's systems in 2019.

After the incident, AWS and other cloud infrastructure companies invested heavily in security tools and support, Ari Weil, VP of marketing of cloud data security firm Cyera, told me. But they also doubled down on the idea that companies are responsible for their own data, he noted

“Today, the definition of ‘good enough’ tooling, education, and support is changing, and so it is no surprise that these vendors are investing in technology that can effectively stop customers from running with scissors when it comes to data security,” Weil said. 

Data control like this matters even more in the age of AI given the sheer amount of data needed to train models, said Arti Raman, CEO and founder of cybersecurity firm Titaniam.io. And with Amazon’s plans to add a generative AI chatbot to its e-commerce marketplace for a “conversational experience,” proper data storage is even more poignant.

“When you use AI, you're kind of like feeding the beast when you're feeding the model,” Raman said. “And if you put sensitive things in there, it’s not just for your use. It’s for everybody's use.” 

One other consideration: The tech in Amazon’s patent would likely be applied as another feature with the AWS environment, potentially to keep hold of their trust and draw in interest. But, if patented, Amazon could license this tech as an individual product, opening up another cloud-related revenue stream for the company, said Patrick Juola, Ph.D., professor of computer science and cybersecurity studies coordinator at Duquesne University. 

“The reason that any company patents anything is generally to gain a competitive edge over other companies in that space,” Juola said in an email. “There are a lot of cloud computing and B2B companies out there that want to be able to process client/customer data (which inevitably involves collecting and storing it), but do not want to expose ‘sensitive’ data.” 

Correction: The original piece stated that the 2019 CapitalOne breach was due to AWS systems. This has since been updated. Patent Drop regrets this error.

#2. Coinbase’s escape hatch

While the best case scenario for cybersecurity is to stop attacks before they happen, Coinbase is planning for the worst. 

The company is seeking to patent a system for “database recovery” in the event of a failure. Basically, if a database fails, this tech allows Coinbase users to access their data on a remote device. 

Here’s how it works: First, Coinbase encrypts the user’s data in a database. If a database failure happens, the data is sent – still encrypted – to the user device or account. The system then sends the encrypted data, signed by the user with some form of digital signature, to what Coinbase calls a “recovering server.” The server verifies the validity of the digital signature, decrypts it with a recovery key and sends it back to the user. 

Coinbase defines a failure as more than just a cyberattack, noting that a failure could be anything from a power outage to a disc or hardware crash. The company said its tech is particularly effective when a database is updated frequently and “old data becomes useless.” 

“Distributed database recovery saves the need to manage an expensive centralized backup system by storing/updating the database user record on the user's machine,” the company noted. 

Like any consumer-facing fintech, Coinbase deals with a large amount of personal customer data and a large number of transactions per day. But helping customers keep hold of their data may be a priority given some of the security breaches the platform has faced over the years. In February, a hacking group that has targeted more than 130 other tech companies went after Coinbase, stealing the login credentials of one of its employees to try and gain access to its internal systems.

“These days, the benefit (of Coinbase’s patent) is basically ransomware attacks,” Raman noted. “That's the big, topical reason. What they're patenting is a specific method to make sure that only the right person can unlock from backup.” 

But one bug (or, potentially, a feature) with Coinbase implementing this technique is that it could shift the blame for security breaches away from Coinbase, Ali Allage, CEO of BlueSteel Cybersecurity, told me. By giving the customer the ability to take hold of their data in the case of a database failure, the company could be putting the onus on them to manage the aftermath of a targeted attack. 

Coinbase attempting to point the finger wouldn’t be surprising, given the company is already claiming no responsibility for a recent security breach which cost one user $96,000 in cryptocurrency. (The user is suing Coinbase for the breach, alleging its handling of the matter violated state laws.)

“I'm a little skeptical, because it feels like it came about because they're looking for cost savings measures and a way of offsetting liability,” said Allage. 

SPONSORED BY THE JUICE

Boost Your Marketing Mojo 

If you run a business, you know marketing can be make-or-break. If you lose relevance with consumers, you lose…pretty much everything. 

So how to keep up with the latest trends and updates in the world of marketing? With The Juice, of course – a content hub that combines podcasts, videos, training, and other curated resources, all focused on sales and marketing. 

In other words, it’s your new secret weapon. 

The very best part is that, while a green juice at the fancy grocery store can set you back eight bucks, The Juice costs exactly zero dollars and zero cents. That’s right, this gold mine of marketing insight is free as a bird. 

Sign up for The Juice right here. 

#3. PayPal is [REDACTED]

While other companies are trying to figure out how to protect their massive reserves of data, PayPal is taking the “less is more” approach. 

The company filed a patent application for tech that reduces the “overcollection of unstructured data.” When PayPal receives a piece of unstructured data, it uses machine learning to determine which information is personally identifiable information like an address, social security number or a photo. 

The system then performs a process called “masking,” where it essentially blurs out the pieces of information that it deems unnecessary for whatever task it’s handling. It then presents the masked file to the user so they’re aware of what’s being protected, and saves this file in place of the original that the user uploaded. 

Basically, PayPal’s tech auto-redacts your personal information. For example, if you send PayPal a photo of your driver's license, but it only needs your address and name, it would blur out your photo, license number and other personal information. 

FYI, unstructured data stretches far beyond just photos. It can be any media, PayPal said, with “videos, text conversations, voice conversations” all falling into this bucket. This kind of data doesn’t follow “simple rules,” the company said, and often doesn’t align with organizational data privacy policies.  

“With such large volumes of data, it is increasingly difficult to analyze the received data and take actions to align with data privacy and computer security policies, especially when the data is in an unstructured data format,” the company said in its filing. “Unstructured data frequently contains data that is unnecessary for the purpose for which the unstructured data was collected.” 

Just from a data storage perspective, PayPal’s patent filing makes sense. Storing unstructured data is tricky, expensive and resource-intensive because it doesn’t follow simple rules and is generally complex in whatever form it comes in. PayPal also noted that storing this data comes with major security risks that can lead to data breaches that come with “heavy regulatory fines, loss of customer trust, and use of computing resources.” 

“You have to have a balance,” Raman noted. “Data is your biggest asset. It's also your biggest liability. Now, there's a strong movement to figure out what is necessary and what is unnecessary.” 

Having a minimalist approach to data collection is, itself, data security. Several years ago, the standard was once to collect as much data as possible and figure out how to manage it later, Allage said. But that unstable foundation has since shifted to a focus on security amid a regulatory push both in the U.S. and globally to protect consumer data privacy in recent years. 

“Everyone was so focused on having all this data, but I think they're beginning to understand that having it all is not necessarily a good thing,” said Allage.  “They should now focus on what it is that they really need, versus what they think they want.” 

Similar to Amazon, Coinbase and many of its fintech peers, PayPal is no stranger to a data breach. The company suffered a hack that impacted nearly 35,000 users in December, leaving personal data like birthdays, social security numbers and addresses vulnerable. The victims sued PayPal in a pending class action lawsuit in March, alleging the company’s treatment of consumer data was negligent. 

If this patent filing is any indication, PayPal has learned that the less it knows, the better. 

Extra Drops

Some other fun patents we wanted to share. 

• If you’re the kind of person to only read the headline, Adobe has you covered. The company wants to patent tech that determines a “headline incongruence score” between the headlines and the body text of a document. 

• Apple wants to keep you from getting lost in the arena. The company is seeking to patent a system for mapping the physical structures within venues, including shopping centers, airports, and concert venues. 

• Twitter wants to curate elevator music. The company wants to patent a method of playing background music in “audio conversation spaces on social messaging platforms,” a.k.a Twitter Spaces.

What else is new? 

• Meta was slapped with a $1.3 billion privacy fine by EU regulators and given a deadline to stop shipping European users’ data to the U.S.

• Ford expects auto prices to fall by more than 5% this year and next year, with CEO Jim Farley claiming Tesla will see “a lot more pressure” in the coming years.

• Amazon’s pay with your palm tech can now verify your age. The first venue to add this feature will be Coors Field in Colorado.

Have any comments, tips or suggestions? Drop us a line! Email at admin@patentdrop.xyz or shoot us a DM on Twitter @patentdrop.