Consent , crypto and information infrastructure systems
Digital and information infrastructures are the new business layers to interact with consumers as part of regulatory requirements. How secure are these systems? How do businesses connect with these infrastructures to provide over-the-top services to citizens/consumers/users?
Atomic Operations in Data-Verse
Why is Crypto important?
Whoever controls the data is
the owner of the data.
Where data is stored is
irrelevant if control is yours.
Unlike “physical things, in
control, storage and
ownership are “different
Dis-trust is an Emergent Property
Crypto Can mediate Trust
OSS and Information Infra-Stacks
Crypto Protocols are OSS.
Storage Protocols are OSS. (S3, Block Storage, NFS, Ceph, Gluster FS, ZFS, LVM)
Storage Services (DynamoDB, Cassandra etc.)
So how do Digital infrastructures make money? – Efficiency, Optionality and Trust
(provided by Crypto)
But I want to
Sharing Information means you “lose control” of it
The fiction of consent is then created by Legal
principles and through policy.
Multiple schemes exist that allow Limited sharing
but with Bring your own Cryptography algorithms
and Bring your own keys approach.
If Plain Text (A) < Plain Text (B), then
Encrypted (A) < Encrypted (B).
If Plain Text(A) OPERATOR Plain Text (B)
Encrypted (A) OPERATOR Encrypted (B)
Leaks some information and is vulnerable to
Combined with transformation to apply
anonymization offers better protection
A Document (X) can be thought of to have “N” Fields
Date of Birth
Different PPE algorithms can be applied to different fields based on what the “Sharer”
Secret ID (Full encryption)
Name (No Encryption)
Date of Birth (PPE that transforms into Age number and then applies algorithm that preserves
< and > operations)
Address (Encrypt everything)
I share not just
fields but can also
determine the PPE
on some fields.
Allows T(X) to be
built for fields
which can be
normalized to PPE
Strong Mathematical foundation that allows balancing
utility and privacy and guarantees
No access to raw data.
Resilience to post-processing.
Resilience to de-anonymization techniques via constant
Allows aggregation but evades statistical inference.
An inference is released from a statistical database and it
should not compromise the individual’s privacy.
A perfect privacy score would only be possible when the
individual’s data is not in the DB.
Goal of Differential Privacy = Roughly same privacy to
individual as if their data is not in the DB.
Linked-in Advertiser queries
US Census for commuting