Homomorphic Internet: Is COVID-19 the Catalyst?
Find out if the catalyst for a truly privacy-centric internet has arrived.
COVID-19 created an interesting alliance between international government agencies and big tech companies who hold vasts amount of data about the global internet-connected population (~ 5 billion people).
On their joint mission to control the spread of the virus, an unprecedented set of measures have been introduced to impose severe restrictions on the freedoms of citizens around the world, including their privacy and other human rights. Unprecedented levels of surveillance, data exploitation, and misinformation are also being tested across the world.
London based Privacy International (PI) recently wrote an article entitled ‘COVID-19 response: an overview of data and technology’:
Data can be essential and useful at various stages of a pandemic and public health emergency. It can also feed intelligence and policing, being highly useful for enforcement. Finally, it can be valuable for commercial exploitation. The challenge before us now is which of these do we prioritise in specific settings.
In the context of COVID-19, our understanding is that:
in early stages of dealing with the pandemic, quick and effective contact tracing is invaluable to curb the spread, therefore knowing who people interacted with and where (interaction, proximity, and location data)
in the delay phase, tracing is not the highest priority and instead social distancing is more valued, and data can be used to monitor, develop policy, and for authorities enforce (location data becomes the priority)
generally tracking the use of public health resources is useful to allocate resources effectively, e.g. where should ventilators and masks and test be deployed (this is mostly logistics and health data held by hospitals and other health providers)
in the later phases, contact tracing may again be valuable, as can the use of enforcement mechanisms (interaction, proximity, and location data).
Data and technologies play different roles at each of these stages. But different levels of data and types of technologies too; and different legal and technical safeguards as well may apply.
PI has been tracking the developments across the world and is trying to differentiate between the various forms of health surveillance, policing, commercial exploitation (and some attempts at legitimisation), and surveillance opportunism.
If governments and industry had been more attentive to legality, security, and privacy in the run up to this crisis, everyone could have more confidence in the deployment of new measures. Unfortunately, this is not the case. It is thus difficult to separate ambition from necessary response; desirable graphing from social graphing; health surveillance from policing surveillance; health and safety from workplace surveillance.
Now lets take a little dive into the concept of homomorphic encryption to see if it can help protect privacy, whilst at same time enabling crucial information sharing without big tech, governments & other actors having direct access to the data.
What Is Homomorphic Encryption?
Encryption is, of course, the security solution of choice for protecting data. However, encryption is impractical for data analytics and data mining, which cannot be effective without decrypting the data first, thereby re-introducing vulnerability. Data anonymisation may be used to provide security and confidentiality during data mining operations and performs well with tabular data. However, it is much less efficient with free text data, where processes like automatic identification of anonymised words, such as proper nouns, is not guaranteed to be effective in all cases.
Homomorphic encryption (HE) is, in a nutshell, a form of encryption that allows for various types of computation to be applied directly to cipher text without any decryption beforehand, during or after the operation. The result of the computation, once decryption has been applied, should be the same as if it was applied to unencrypted data. Hence, HE could allow organisations to be far more open to sharing sensitive data with trusted third parties for collaboration and innovation purposes without compromising the integrity and security of the data.
An easy example of the HE use case (see the diagram below) is where a data owner (DO) wants to send personal info & health records to a government organisation for data processing purposes related to say COVID-19. Now, let’s assume the DO does not trust the government’s data processing with his/her personal data. Using HE, the DO encrypts his/her data with a client side application and sends it to the government server(s) running the processing platform. The server performs the relevant computations on the data without ever decrypting it and sends the encrypted results to the DO. The DO is the only person that is able to decrypt the results due to the fact that the DO is the only person with the secret key to decrypt the results.
What is Homomorphic Internet?
Rather than giving you a standard/universal definition of “Homomorphic Internet” - we will instead say it will be a new global internet infrastructure where data is always encrypted (at rest and in motion) and it will have the following characteristics:
How would the implementation of a Homomorphic Internet look like?
There is no right or wrong answers, however, the R&D team at our parent company Zaiku Group thinks the implementation of a Homomorphic Internet may look as follows:
The team at Zaiku Group also thinks that a Homomorphic Internet will play an important role in the architecture of next-gen enterprise software systems - so be ready for Homomorphic Enterprise Systems (see diagram below)!
Homomorphic Encryption 2020 Momentum
We’ve noticed an increased interest and activities in the following open source projects. It’s possible that the first wave of successful commercial implementations of HE will most likely be derived from one of these projects or a mixture of both.
Disclaimer: Any opinions, newsletters, research, analyses, prices, projections or other information offered by Kähler AI is provided as general market commentary, and does not constitute investment advice. Kähler AI will not accept liability for any loss or damage, including without limitation to, any loss of profit, which may arise directly or indirectly from use of or reliance on such information. ZAIKU GROUP LTD.