Privacy as a Service Advocates Promise Better Data Protection
Jan 14, 2016 11:05 AM PT
There's been a lot of wailing and gnashing of teeth about the Sisyphean task of protecting privacy in the Digital Age, but that hasn't stopped innovators from searching for ways to preserve it. One of the latest ideas to emerge in the field is Privacy as a Service.
As with many emerging technologies, the definition of "PaaS" (which undoubtedly will be confused with Platform as a Service) is in flux.
The Defense Advanced Research Projects Agency sees PaaS as a way to share data safely while preserving privacy. To that end, DARPA has launched its Brandeis program, which aims to develop tools and techniques for building systems that limit the use of private data for an intended purpose and no other.
"Currently, most consumers do not have effective mechanisms to protect their own data, and the people with whom we share data are often not effective at providing adequate protection," DARPA Program Manager John Launchbury said.
"The goal of the Brandeis program is to break the tension between maintaining privacy and being able to tap into the huge value of data," he continued. "Rather than having to balance these public goods, Brandeis aims to build a third option, enabling safe and predictable sharing of data while reliably preserving privacy."
Owner Determines Use
For example, DARPA last month awarded a US$6.3 million contract to Galois for development of the company's Jana program as a PaaS pilot.
Jana is a multidisciplinary collaboration among Galois, the University of Bristol, Rutgers University and George Mason University that aims to provide a practical implementation of private data as a service, which would allow data to be protected against misuse while retaining its utility to analysts, the company said.
Contributed data always is encrypted, even before it leaves its owner's possession, Galois said. Query results are limited by how much data the owner is willing to reveal, to whom and when.
Dispel, which recently emerged from stealth mode, has another view of PaaS.
One of the barriers to good privacy is the use of static infrastructure to protect data, according to Dispel CEO Ethan Schmertzler.
Even when data traveling on a network is encrypted, its metadata -- data that identifies characteristics about the encrypted data -- is not. That, combined with the fact that the data's entrance and exit points can be predicted in a static infrastructure, puts the privacy of the data's owner at risk.
"If you have enough metadata, you don't need the content of what's sent," Schmertzler told TechNewsWorld.
"Metadata protection is something that really hasn't been able to be produced. VPNs [virtual private networks] don't protect you because someone can watch the entry points and exit points because they're static, fixed targets," he said.
"Tor is no better because you're handing your information, along with your metadata, off to strangers, most of whom at this point are government agencies or bad actors," Schmertzler added.
Hiding in Plain Sight
What Dispel does is make it difficult for an attacker to capture metadata at the entrance and exit points of a transmission. Without both sets of metadata, compromising a data owner's privacy becomes very challenging.
"We let people hide in plain sight," Schmertzler said.
Dispel does that by building an ephemeral network. It dynamically sets ups virtual machines with cloud providers around the world. Because those machines are changing constantly, it prevents attackers from identifying where people are coming in and out of Dispel's network.
"As a result, we protect metadata -- and we also have two layers of encryption on top of that to keep all the data secure," Schmertzler added.
In addition to its "invisible connections" product, Dispel also offers "invisible computers" to its customers.
Those computers are virtual desktops running on Dispel's infrastructure. They're completely sandboxed so malware can never touch a user's computer, and they're easily accessible through the Chrome or Firefox Web browsers.
"What the invisible computers achieve for you is virtual air-gap computing," Schmertzler said, "so you can do your work on them through your browser and when you're done, we destroy the infrastructure so there's nothing left behind."
While DARPA sees Privacy as a Service as a technology for everyone, Dispel's model may gain the most traction in the immediate future.
"I am not sure my crystal ball is any clearer than that of anyone else. However, I suspect Privacy as a Service will appeal mostly to business users, primarily small to medium-size businesses who have a need for privacy -- insurance agents, investment professionals, accounting firms, income tax preparers, lawyers, some medical professionals and more," said Privacy Blog author Dick Eastman.
"Larger corporations that have their own IT department will invent their own solutions," he told TechNewsWorld.
"Private individuals also have a need for privacy services, but most of them don't realize that yet," Eastman continued.
"As privacy issues grow and the popular media publishes more and more stories about privacy and especially about privacy breaches, they will eventually realize the need," he said. "But that won't happen this year."
Online anonymity pioneer David Chaum last week aired an intriguing compromise to the impasse between strong encryption advocates and law enforcement at the Real World Crypto Conference at Stanford University.
Not only does the scheme call for an elaborate workflow for scrambling data, it also includes a way to crack the system's encryption to fight evildoers.
The system called PrivaTegrity is built on nine servers located around the world.
When PrivaTegrity is installed on an endpoint, the app establishes a series of keys with each server. The keys are used to encrypt the messages the device sends.
Encrypted messages are sent to all nine servers. As a server receives them, it divides out its secret key and multiplies the data by a random number.
After that, the messages are sent through the servers a second time. This time they're mixed together in batches, the order of the messages in the batches is randomized, and then the messages are multiplied by another random number.
Then the messages are passed through the server network once again, the random numbers are divided out and replaced with keys unique to the recipient of a message, who uses them to decrypt the message.
Everyone Not Happy
While PrivaTegrity goes to great lengths to protect data passing through it, it also includes a way to decrypt that data without its owner's permission.
Such a move, though, would require the cooperation of all nine server administrators. "It's like a backdoor with nine different padlocks on it," Chaum told Wired magazine.
The inclusion of a backdoor of any kind isn't likely to win favor with the advocates of strong encryption, and the need to receive approval from nine authorities in various parts of the globe to access that backdoor isn't likely to win rave notices from law enforcement either. (The FBI, through spokesperson Chris Allen, declined to comment on Chaum's proposal for this column.)
"When Chaum says this is going to end the crypto wars, it's like ending it with a total victory for one side," said Yorgen Edholm, CEO of Accellion.
"This scheme would make it much harder for even the NSA to crack information," he told TechNewsWorld.
"This doesn't solve the problem people would like it to solve," Edholm added. "It's not going to make the good guys happy and the bad guys unhappy. It's a total win for the privacy people, and law enforcement will be unhappy."
- Jan. 4. Law firm Mintz Levin reports a Massachusetts Superior Court judge has allowed patients to sue a medical center for money damages based solely on exposure of health information in a data breach.
- Jan. 5. The Federal Trade Commission announces that Henry Schein Practice Solutions will pay $250,000 to settle FTC charges that it falsely advertised the strength of encryption it uses to protect patient data.
- Jan. 4. The Dutch executive cabinet issues a strong statement against weakening encryption to aid law enforcement and intelligence agency investigations.
- Jan. 5. The Regional Income Tax Agency of Ohio reveals that personal information of as many as 50,000 people in Ohio is at risk after discovering that a DVD containing municipal tax documents filed on or before 2012 was missing.
- Jan. 5. Cloud hosting service Linode resets all customer passwords after discovering unauthorized logins on three accounts. The service has been under constant DDoS attack since Dec. 24.
- Jan. 5. Canadian Rear Adm. John Newton says an incident in which a civilian employee uploaded more than 1,000 secret documents to an unclassified network does not pose a threat to military intelligence.
- Jan. 5. A new administrative staff is appointed at Hellgate High School in Missoula, Montana, after email containing sensitive academic, medical, disciplinary and criminal information about hundreds of students accidentally was sent to 28 parents.
- Jan. 6. Uber Technologies agrees to pay $20,000 and adopt tougher controls on how it handles sensitive data to settle an investigation of its privacy practices by the New York attorney general. The probe was launched after Uber reported a 2014 data breach that exposed data on 50,000 of its drivers.
- Jan. 7. Time Warner Cable reports as many as 320,000 of its customers may have had their email and passwords stolen. The company says its systems weren't breached and that information was gathered from customers themselves or third parties storing Time Warner data.
- Jan. 7. Etihad Airways announces it's investigating a reported data breach of its systems in which the personal information of 7,000 customers was stolen.
- Jan. 7. iSight Partners, a threat intelligence company, claims Russian hacking group Sandworm was behind a cyberattack in Ukraine in December that cut off power to 80,000 electric customers for six hours.
- Jan. 8. Finland announces it will extradite to the United States Maxim Senakh, a Russian citizen who is accused in Minnesota of infecting computer servers with malware, resulting in criminal gains worth millions of dollars.
Upcoming Security Events
- Jan. 14. PrivacyCon. Constitution Center, 400 7th St. SW, Washington, D.C. Sponsored by Federal Trade Commission. Free.
- Jan. 16. B-Sides New York City. John Jay College of Criminal Justice, 524 West 59th St., New York. Free.
- Jan. 18. B-Sides Columbus. Doctors Hospital West, 5100 W Broad St., Columbus, Ohio. Registration: $25.
- Jan. 21. From Malicious to Unintentional -- Combating Insider Threats. 1:30 p.m. ET. Webinar sponsored by MeriTalk, DLT and Symantec. Free with registration.
- Jan. 22. B-Sides Lagos. Sheraton Hotels, 30 Mobolaji Bank Anthony Way, Airport Road, Ikeja, Lagos, Nigeria. Free.
- Jan. 26. Cyber Security: The Business View. 11 a.m. ET. Dark Reading webinar. Free with registration.
- Jan. 28. Understanding Malware Lateral Spread Used in High Value Attacks. Noon ET. Webinar sponsored by Cyphort. Free with registration.
- Jan. 28. State of the Phish -- A 360-Degree View. 1 p.m. ET. Webinar sponsored sponsored by Wombat Security Technologies. Free with registration.
- Feb. 4. 2016 annual Worldwide Infrastructure Security Update. 11 a.m. ET. Webinar sponsored by Arbor Networks. Free with registration.
- Feb. 5-6. B-Sides Huntsville. Dynetics, 1004 Explorer Blvd., Huntsville, Alabama. Free.
- Feb. 9. Start With Security. University of Washington Law School, 4293 Memorial Way NE, Seattle. Sponsored by Federal Trade Commission. Free.
- Feb. 11. SecureWorld Charlotte. Charlotte Convention Center, 501 South College St., Charlotte, North Carolina. Registration: conference pass, $195; SecureWorld Plus, $625; exhibits and open sessions, $30.
- Feb. 16. Architecting the Holy Grail of Network Security. 1 p.m. ET. Webinar sponsored by Spikes Security. Free with registration.
- Feb. 20. B-Sides Seattle. The Commons Mixer Building, 15255 NE 40th St., Redmond, Washington. Tickets: participant, $15 plus $1.37 fee; super awesome donor participant, $100 plus $3.49 fee.
- Feb. 29-March 4. RSA USA 2016. The Moscone Center, 747 Howard St., San Francisco. Registration: full conference pass before Jan. 30, $1,895; before Feb. 27, $2,295; after Feb. 26, $2,595.
- March 18. Gartner Identity and Access Management Summit. London. Registration: before Jan 23, 2,225 euros plus VAT; after Jan. 22, 2,550 euros plus VAT; public sector. $1,950 plus VAT.
- June 13-16. Gartner Security & Risk Management Summit. Gaylord National Resort & Convention Center, 201 Waterfront St., National Harbor, Maryland. Registration: before April 16, $2,950; after April 15, $3,150; public sector, $2,595.