Intro to Privacy Tech, Part 1
What’s the Problem?
I was at the grocery store and as I paid by swiping my phone near the cash register, I marveled at how easy it was to pay. And then I thought about how complex this process really is – Within a couple of seconds my phone verified that I own it using biometric data and then confirmed that my credit card was authorized to be used by the phone and has sufficient credit to buy the items. During these few seconds a large amount of data transferred between me and my phone, my phone and my banking app, and my banking app and the multiple servers needed to verify funds. I assumed I was making a simple transaction, but in reality it involved many different parties who all shared my personal data. How can this process be safe and secure?
When you think about it, we live in a world of digital data. Whether it’s on your phone or laptop, or a business you interact with, including your healthcare and financial institutions, it’s all about the data. From the point of view of businesses – they are responsible for the security of their customer data. In addition, a business often needs to process large amounts of personal data to extract actionable insights from it. For example, a bank wants to determine which customers to target to give loans to. They examine their customer data to see which ones are most likely to take a loan and are least likely to default on that loan. As a result, they determine that a customer with a $75k income per year and no credit card debt can afford to make payments on a short-term loan of up to $15k per year.
Our data is valuable, and you wouldn’t want it to get into the wrong hands.
We experience potential privacy issues from the moment we wake up in the morning until we go to sleep, and even after we go to sleep. Here are some examples:
- Your smart watch records breathing and heart rate data and sends it to your phone that sends it somewhere in the cloud – while you sleep.
- Your phone sends your GPS location – while you drive.
- You visit your doctor where your medical records are stored – in the healthcare network.
- The US Navy is conducting research in the Baltic Ocean on a new advanced military asset, where testing data is sent to a private cloud data center.
Just imagine if this sensitive data got into the wrong hands – how much damage could be done – to an individual? To businesses? To governments?
What is Privacy Tech?
We now know just how valuable our data is – so how do we keep it secure? The answer is privacy tech. Privacy tech is defined as any technology that is used to secure personal data. Some examples of it are using a VPN, encrypting data stored on a hard drive, and using TLS (Transport Layer Security, which is encryption on a network) when communicating between devices. You might not have thought about it, but if you’ve ever gone to a website and the URL starts with https instead of http, it’s using TLS to protect your data. In our grocery store case above, encryption keeps everything secure – data that is sent between parties is encrypted and data is stored encrypted. If any of it is stolen, it is almost impossible to decrypt in any reasonable amount of time.
Some tools are created with privacy in mind, known as privacy-first tools. Included in this category are the DuckDuckGo search engine, the Brave browser, and the Signal messaging tool. While not built solely for privacy, they are built with a privacy as an important aspect of the design.
Privacy Enhancing Technologies (PETs) are a subset of privacy tech. With PETs we can perform operations on encrypted data and receive actionable insights without ever decrypting the data. We’ll discuss these more in another post.
The digital world is facing a massive privacy problem that is growing larger every day. Privacy tech must be embraced to help us protect our data.
Private data is the 21st century’s most valuable resource – it must be protected today and in a post-quantum era.