Privacy is one of those nebulous ideas that everyone loves. Delivering it, though, is a job thats full of nuance and tradeoffs.
Turn the dial too far to one side and the databases are useless. Turn it too far in the other direction and everyone is upset about your plan to install camera arrays in their shower to automatically reorder soap.
The good news is that there is a dial to turn. In the early days, everyone assumed that there was just a switch. One position delivered all of the wonderful magic of email, online ordering, and smartphones. The other position was the cash-only world of living off the grid in a cabin wearing an aluminum foil hat.
Privacy enhancing technologies let you control how much privacy to support but limit that control to preserve functionality. They mix in encryption functions with clever algorithms to build databases that can answer some questions correctly but only for the right people.
In my book, Translucent Databases, I explored building a babysitter scheduling service that could let parents book babysitters without storing personal information in the central database. The parents and babysitters could get the correct answer from the database, but any attacker or insider with root privileges would get only scrambled noise.
The field has grown dramatically over the years and there are now a number of approaches and strategies that do a good job of protecting many facets of our personal lives. They store just enough information for businesses to deliver products while avoiding some of the obvious dangers that can appear if hackers or insiders gain access.
The approaches all have their limits. They will defend against the most general attacks but some start to crumble if the attackers are better equipped or the attacks are more targeted. Often the amount of protection is proportional to the amount of computation power required for the encryption calculations. Basic protections may not add noticeable extra load to the system, but providing perfect security may be out of reach for even the cloud companies.
But these limits shouldnt stop us from adding the basic protections. The perfectly secure approach may not be out there, but adding some of these simpler solutions can protect everyone against some of the worst attacks that can be enabled by the new cloud services.
Here are nine strategies for balancing privacy with functionality.
Use the features
The cloud providers understand that customers are nervous about security and theyve slowly added features that make it easier to lock up your data. Amazon, for instance, offers more than two dozen products that help add security. The AWS Firewall Managerhelps make sure the firewalls let in only the right packets.
AWS Macie will scan your data looking for sensitive data thats too open. Google Cloud and Microsoft Azure have their own collections of security tools. Understanding all of these products may take a team but its the best place to start securing your cloud work.
Watch the secrets
Securing the passwords, encryption keys, and authentication parameters is hard enough when were just locking down our desktops. Its much trickier with cloud machines, especially when theyre managed by a team.
A variety of different tools are designed to help. Youve still got to be careful with source code management, but the tools will help juggle the secrets so they can be added to the cloud machines safely. Tools like Hashicorps Vault, Dopplers Enclave, AWSs Key Management System, and Oktas API management tools are just some of the options that simplify the process. All still require some care but they are better than writing down passwords in a little notebook and locking it in someones office.
Consider dedicated hardware
Its hard to know how paranoid to be about sharing computer hardware with others. Its hard to believe that an attacker may finagle a way to share the right machine and then exploit some of the different extreme approaches like rowhammer, but some data might be worth the hard work.
The cloud companies offer dedicated hardware just for occasions like this. If your computing load is fairly constant, it may even make economic sense to use local servers in your own building. Some embrace the cloud companys hybrid tools and others want to set up their own machines. In any case, taking complete control of a computer is more expensive than sharing, but it rules out many attacks.
One of the simplest solutions is to use a one-way function to hide personal information. These mathematical functions are designed to be easy to compute but practically impossible to reverse. If you replace someones name with f(name), someone browsing the database will only see the random encrypted noise that comes out of the one-way function.
This data may be inscrutable to casual browsers, but it can still be useful. If you want to search for Bobs records, you can compute f(Bob) and use this scrambled value in your query.
This approach is secure against casual browsers who may find an interesting row in a database and try to unscramble the value of f(name). It wont stop targeted browsing by attackers who know they are looking for Bob. More sophisticated approaches can add more layers of protection.
The most common one-way functions may be the Secure Hash Algorithmor SHA, a collection of functions approved by the US National Institute of Standards and Technology. There are several different versions, and some weaknesses have been found in the earlier versions, so make sure you use a new one.
Good encryption functions are built into many layers of the operating system and file system. Activating them is a good way to add some basic security against low-level attackers and people who might gain physical access to your device. If youre storing data on your laptop, keeping it encrypted saves some of the worry if you lose the machine.
Regular encryption functions, though, are not one-way. Theres a way to unscramble the data. Choosing regular encryption is often unavoidable because youre planning on using the data, but it leaves another pathway for the attackers. If you can apply the right key to unscramble the data, they can find a copy of that key and deploy it too. Make sure you read the section above about guarding secrets.
While some complain about fake news corrupting the world, fake data has the potential to protect us. Instead of opening up the real data set to partners or insiders who need to use it for projects like AI training or planning, some developers are creating fake versions of the data that have many of the same statistical properties.
RTI, for instance, created a fake version of the US Census complete with more than 110 million households holding more than 300 million people.
Theres no personal information of real Americans but the 300 million fake people are more or less in the same parts of the country and their personal details are pretty close to the real information. Researchers predictingthe path of infectious diseases were able to study the US without access to real personal data.
An AI company, Hazy, is delivering a Python-based tool that will run inside secure data centers and produce synthetic versions of your data that you can share more freely.
The term describes a general approach to adding just enough noise to the data to protect the private information in the data set while still leaving enough information to be useful. Adding or subtracting a few years to everyones age at random, for instance, will hide the exact birth years of the people but the average wont be affected.
The approach is most useful for larger statistical work that studies groups in aggregate. The individual entries may be corrupted by noise, but the overall results are still accurate.
Microsoft has started sharing White Noise, an open source tool built with Rust and Python, for adding a finely tuned amount of noise to your SQL queries.
Most encryption algorithms scramble the data so completely that no one can make any sense of the results without the proper key. Homomorphic approaches use a more sophisticated framework so that many basic arithmetic operations can be done on the encrypted data without the key. You can add or multiply without knowing the underlying information itself.
The simplest schemes are practical but limited. Chapter 14 ofTranslucent Databasesdescribes simple accounting tools that can, for instance, support addition but not multiplication. More complete solutions can compute more arbitrary functions, but only after much more expensive encryption.
IBM is now sharing an open source toolkitfor embedding homomorphic encryption in iOS and MacOS applications with the promise that versions for Linux and Android will be coming soon. The tools are preliminary, but they offer the ability to explore calculations as complicated as training a machine learning model without access to the unencrypted data.
Programmers may be packrats who keep data around in case it can be useful for debugging later. One of the simplest solutions is to design your algorithms to be as stateless and log-free as possible. Once the debugging is done, quit filling up the disk drives with lots of information. Just return the results and stop.
Keeping as little information as possible has dangers. Its harder to detect abuse or fix errors. But on the flip side, you dont need to worry about attackers gaining access to this digital flotsam and jetsam. They cant attack anyones personal data if it doesnt exist.
Error: Please check your email address.
- US Department of Justice reignites the Battle to Break Encryption - Naked Security - October 17th, 2020
- Five Eyes Call for Tech World to Weaken Encryption - ClearanceJobs - ClearanceJobs - October 17th, 2020
- Zoom Begins Rollout of End-To-End Encryption - My TechDecisions - TechDecisions - October 17th, 2020
- Could homomorphic encryption be the solution to big data's problem? - Siliconrepublic.com - October 17th, 2020
- U.S., UK and other countries warn tech firms that encryption creates 'severe risks' to public safety - CNBC - October 17th, 2020
- Is Signal secure? How the messaging app protects privacy - Business Insider - Business Insider - October 17th, 2020
- AeroVironment and Viasat to aim to improve radio encryption for Puma AE - Flightglobal - October 17th, 2020
- Encryption Backdoor? The Trump Administration Wants It. - The National Interest - October 17th, 2020
- How to use private conversations on Skype to send encrypted calls and messages - Business Insider India - October 17th, 2020
- AES Encryption Software Industry Market 2020: Potential growth, attractive valuation make it is a long-term investment | Know the COVID19 Impact | Top... - October 17th, 2020
- Trustifi Named Overall Encryption Solution Provider of the Year in 2020 CyberSecurity Breakthrough Awards Program - GlobeNewswire - October 17th, 2020
- ACLU and EFF Call DOJ's Encryption Dream a Nightmare - L.A. Weekly - October 17th, 2020
- Global Database Encryption Market Expected to reach highest CAGR in forecast period : International Business Machines Corporation, Symantec... - October 17th, 2020
- Feds, 'Five Eyes' Allies Take Another Swing at Encryption Policy Changes - MeriTalk - October 13th, 2020
- Homomorphic encryption tools find their niche - CSO Online - October 13th, 2020
- Mission Impossible: 7 Countries Tell Facebook To Break Encryption - Forbes - October 13th, 2020
- Dutton pushes against encryption yet again but oversight at home is slow - ZDNet - October 13th, 2020
- Western governments double down efforts to curtail end-to-end encryption - The Daily Swig - October 13th, 2020
- Fuse Analytics integration with StrongSalt offers Enterprise Information Archiving with GDPR protections - PR Web - October 13th, 2020
- Is Signal Safe? What to Know About the New Encrypted Messaging App - Parentology - October 13th, 2020
- Five Eyes alliance warning: 'Encryption creates severe risks to public safety' - New Zealand Herald - October 13th, 2020
- Privateness or youngster safety? 7 governments, together with US & UK, argue Fb's new encryption plan would profit PEDOPHILES - Editorials 360 - October 13th, 2020
- Optical Encryption Market Analysis And Demand With Forecast Overview To 2025 - Express Journal - October 13th, 2020
- Encrypted messages don't always stay private. Here's what that means for you - CNET - October 11th, 2020
- EARN IT Act a Dire Threat to Encryption, Speech Online, Critics Say - Decrypt - October 11th, 2020
- Analyzing Impacts of Covid-19 on Cloud Encryption Software Market Effects, Aftermath, Global Industry Challenges, Business Overview and Forecast To... - October 11th, 2020
- Parts of the Election System Are Ripe for Hacking: 'Encryption? We Don't Do That' - Josh Kurtz - October 6th, 2020
- WikiLeaks led the way for newsrooms to use encryption to protect sources, says Italian journalist - ComputerWeekly.com - October 6th, 2020
- Global Encryption Software Market 2020 Industry Size, Shares and Upcoming Trends 2025 - Reported Times - October 6th, 2020
- Encryption Software Market 2020 2027: Recent Trends, Growth Opportunities and Business Development Strategies By IBM, Trend Micro, Symantec, McaFee,... - October 6th, 2020
- Encryption Key Management Market Research By Growth, Competitive Methods And Forecast To 2026 - The Daily Chronicle - October 6th, 2020
- Global Hardware-based Full Disk Encryption Market Size, Share, Trends, CAGR by Technology, Key Players, Regions, Cost, Revenue and Forecast 2020 to... - October 6th, 2020
- Global Encryption Software Market 2020 | Know the Companies List Could Potentially Benefit or Loose out From the Impact of COVID-19 | Top Companies:... - October 6th, 2020
- Stay Tuned with the Epic Battle in the Encryption Key Management Market - The Daily Chronicle - October 6th, 2020
- Hardware-based Full Disk Encryption Market To Drive Highest Growth By 2027 With Leading Key Players: Seagate Technology PLC, Western Digital Corp,... - October 6th, 2020
- Encrypted USB flash drive you can unlock with your smartphone (or Apple Watch) - ZDNet - October 6th, 2020
- Global Mobile Encryption Market is slated to grow rapidly in the coming years: McAfee(Intel Corporation), Blackberry, T-Systems International, ESET,... - October 6th, 2020
- Cloud Encryption Software Market Potential Growth, Size, Share, Demand and Analysis of Key Players Research Forecasts to 2026 - The Daily Chronicle - October 6th, 2020
- Best Encryption Software in 2020 - Latest Quadrant Ranking Released by 360Quadrants - PRNewswire - September 30th, 2020
- 4 Reasons Why Encryption Is a Must for Data Protection - CIOReview - September 30th, 2020
- Prospective Node Operators Stake $125M in ETH to Participate in NuCypher Encryption Network - CoinDesk - Coindesk - September 30th, 2020
- Fortanix Partners with VMware to Enable Cloud Service Providers to Deliver Data Security as a Service - GlobeNewswire - September 30th, 2020
- SanDisks latest portable SSDs have boosted speed and security - The Verge - September 30th, 2020
- What Facebook users need to know about end-to-end encryption - Fast Company - September 30th, 2020
- Whats really up with your secure WhatsApp chats - Mint - September 30th, 2020
- Hardware Encryption Technology Market Trends Together With Growth Forecast To 2026 - The Daily Chronicle - September 30th, 2020
- Global Cloud Encryption Market- Industry Analysis and forecast 2020 2027: By Industrial verticals, Services, and Region. - Unica News - September 30th, 2020
- Global Hardware-based Full Disk Encryption (FDE) Market to Witness a Pronounce Growth During 2020-2026 - The Daily Chronicle - September 30th, 2020
- Global Cloud Encryption Technology Market with (Covid-19) Impact Analysis: Growth, Latest Trend Analysis and Forecast 2026 - The Daily Chronicle - September 30th, 2020
- Global Email Encryption Software Market Report 2020-2027: Production Capacity and Consumption Analysis by Regions and Country Wise - Crypto Daily - September 30th, 2020
- Cloud Encryption Service Market 2020 | Detailed Analysis, Growth, Research and Forecast - The Daily Chronicle - September 30th, 2020
- Database Encryption Market Potential Growth, Size, Share, Demand and Analysis of Key Players Research Forecasts to 2027 - The Daily Chronicle - September 30th, 2020
- Optical Encryption Industry 2020 Includes The Major Application Segments And Size In The Global Market To 2026 - The Daily Chronicle - September 30th, 2020
- Hardware Based Encryption Market Projected to Be Resilient During 2020-2025 - The Market Records - September 30th, 2020
- Hardware Encryption Market (2020-2026) | Where Should Participant Focus To Gain Maximum ROI | Exclusive Report By DataIntelo - Crypto Daily - September 30th, 2020
- Ring plans to offer end-to-end encryption by the end of the year - The Verge - September 29th, 2020
- Encryption Software Market Comprehensive Study With Key Trends, Major Drivers And Challenges 2020-2026 - The Market Records - September 29th, 2020
- Ring to offer opt-in end-to-end encryption for videos beginning later this year - TechCrunch - September 29th, 2020
- WhatsApp Encryption Is Not Foolproof; Chats Can Be Accessed In These Ways - Yahoo India News - September 29th, 2020
- Hardware-based Full Disk Encryption (FDE) Market Forecast to 2027 Covid-19 Impact and Global Analysis by Type, Deployment Type and Industry Vertical... - September 29th, 2020
- EU Still Asking For The Impossible (And The Unnecessary): 'Lawful Access' To Encrypted Material That Doesn't Break Encryption - Techdirt - September 29th, 2020
- Encryption Software Market Report Examines Growth Overview And Predictions On Size, Share And Trend Through 2025 - The Daily Chronicle - September 29th, 2020
- Russia Is Trying Something New to Isolate Its Internet From the Rest of the World - Slate - September 29th, 2020
- Network Encryption Market From 2020-2026: Growth Analysis By Manufacturers, Regions, Types And Applications - The Daily Chronicle - September 29th, 2020
- Encryption Software Market Size, Analytical Overview, Key Players, Growth Factors, Demand, Trends And Forecast to 2027 - The Daily Chronicle - September 29th, 2020
- Top Technologies To Achieve Security And Privacy Of Sensitive Data In AI Models - Analytics India Magazine - September 29th, 2020
- Database Encryption Market Analysis and the Impact of COVID-19 Key Vendors, Growth Rate and Forecast To 2028 - The Daily Chronicle - September 29th, 2020
- Cloud Encryption Technology Market Size, Analytical Overview, Key Players, Growth Factors, Demand, Trends And Forecast to 2027 - The Daily Chronicle - September 29th, 2020
- Cloud Encryption Market 2020 Global Share, Growth, Size, Opportunities, Trends, Regional Overview, Leading Company Analysis And Forecast To 2026 |... - September 29th, 2020
- WhatsApp says end-to-end encryption to protects chats among app however not cloud backups - Stanford Arts Review - September 29th, 2020
- Cloud Encryption Market 2020-2028 Research Report| Know The Growth Factors and Future Scope - The Daily Chronicle - September 25th, 2020
- Cloud Encryption Market to Witness Astonishing Growth by 2026 | Ciphercloud, Gemalto, Hytrust and more - Crypto Daily - September 25th, 2020
- One Way to Prevent Police From Surveilling Your Phone - The Intercept - September 25th, 2020
- COVID-19 Impact on Global Encryption Software Market Report to Share Key Aspects of the Industry with the details of Influence Factors - Scientect - September 4th, 2020
- Encryption Software Market: Regional Overview and Trends Evaluation to 2026 - Fractovia News - September 4th, 2020
- Encryption Software Market is Expected to reach $2.16 billion by 2020| Growing at a CAGR (compounded annual growth rate) of CAGR of 14.27% from 2014... - September 4th, 2020
- WD unveils encrypted ArmorLock SSD that unlocks using your smartphone - 9to5Toys - September 4th, 2020
- Encryption Software Market report, upcoming trends, share report, growth size, industry players and global forecast to 2025 - Galus Australis - September 4th, 2020
- COVID-19 Impact on Global Encryption Software Market: Global Industry Analysis by Size, Share, Growth, Trends and Forecast 2020 2025 - The Daily... - September 4th, 2020
- Hardware Encryption Technology Steady Growth to be Witnessed by 2019-2029 - The News Brok - September 4th, 2020