What a Data-Driven Crypto-Democracy Would Look Like

When we give our data to a third party like Facebook, we do so with the feeble hope that it won't end up in hands we'd prefer it stay out of. We know that this is rarely the case, since the US government's overly broad  surveillance regime tracks nearly all of our interactions online, and a host of distributed third parties form a data market where users have little power and reap few benefits. It's clear that Big Data is characterized by deepening asymmetries of power and a deficit of trust.

To address this, researchers from the University of Rennes in France, the University of Montreal, and the University of Denmark have proposed a utopian vision for society-wide data privacy that places trust at the fore in  a position paper presented last week at the 2014 Data Privacy Management workshop in Wroclaw, Poland. They call their idealistic solution a "crypto-democracy."

"Right now, all the information, everywhere, on our accounts is always stored in one single place, so there is one institution who controls the information. So that would be the main difference," Alain Tapp, the Montreal-based author of the paper, said. "We're proposing it would be a group of institutions, and none of them would have control or access to the data on their own."

In the proposed framework, we would upload data to a central encrypted server called "The Trustworthy." Three elected organizations armed with supercomputers and a legion of cryptographers—like the CIA, Google, the ACLU, and the  International Telecommunications Union, say—would then have access to it under strict parameters.

To access the public's data, the researchers suggest, the organizations would have to hold a majority vote or be in unanimous agreement. The lynchpin of the system is that at least one of the actors must be able to ensure that peoples' rights are not being infringed upon to buttress social trust, hence the ACLU's inclusion. "You could pick organizations from every continent, such as government organizations or non-profits, too," Gambs said.

The main issue with cryptography right now is a trust deficit, the researchers wrote. If you use encryption tools, can you trust that whoever designed them didn't code in malware? If you encrypted your data yourself, can you trust your phone and its many unique hardware idiosyncrasies that can be used to track you? Too many rupture points exist in the current architecture of trust surrounding personal data, the researchers argue, and a new one has to be built.

"Basically, the provider of the services has access to your data, so you have no choice but to trust him, or else you can't use the service," Sébastien Gambs, the lead author of the paper, explained. "So basically you have to trust your telecom provider with your data. You have no choice." Tapp added, "Sometimes it's very unclear what you have to trust and who you have to trust. In the scenario we're presenting, the model of trust is very simple."

The real trick, according to the researchers, would be to ensure secure computation among multiple parties, without them having to actually trust each other. That is, for their system to work, it needs to be set up so that several parties can compute a function while only learning the result, and not any additional data.

Secure computation depends on a trust model—assuming that a certain number of players will be honest, and others will not, and accounting for the actions they may take—and, according to the researchers, there are ways to ensure this using current techniques.

"Secret sharing," for example, is one framework that both Tapp and Gambs see as a real possibility. In a secret sharing approach, all of the participating organizations have encrypted data split between them, which on their own can't be computed. Like bankers sharing portions of a vault code without knowing what numbers the others hold, only when all the actors get together can the data begin to make sense.

"It only takes one employee of a company to be corrupted to make that actor dishonest," Tapp said. "But if you have seven institutions participating, if you have to run around to all seven to get the pieces of data, it will become obvious very quickly that there is a big conspiracy going on."

Of course, as long as we're talking about trust here, how trustworthy is The Trustworthy, anyway? How can it be guaranteed that it will encrypt files securely, or that it wasn't designed with a back door? If there's even one hole in the system, the whole thing could come crumbling down, or worse, remain only as a facade. One can safely assume that the world's store of data would be a high-profile target for any and all hackers interested in private data.

According to Gambs, this is a risk, but the main point is that the model he and his colleagues are proposing is more trustworthy than what we have now. It would be important, he says, that the architecture of The Trustworthy be made open source. That way, interested people can see exactly how it works, fix bugs and, yes, try and hack it.

Of course, this is really all a big thought experiment, albeit an interesting one, meant to provoke people into thinking about the structures of power that control global data flows. Reorganize that, and you reorganize society. "The science is here. If we can get billions of dollars, and people really want to do it, we can do it," Tapp said. "The problem is that it would be very expensive and probably too slow."

However, Tapp and Gambs said that a scaled-down version could be put into place immediately among select organizations like universities, who would share a narrow stream of relevant data.

In the end, the idea of a crypto-democracy is just one way to get people thinking about data privacy and the technology available to aid in data protection. Other projects contributing to this goal, Gambs said, are personal data storage projects like  openPDS. Alternatively, we could all just send pictures of Kim Kardashian encoded with secret messages to each other.