Status Quo in Data Security
A strong “End-to-End” data protection model is a concept when a private message is encrypted (scrambled via mathematical formula) by the sender, and could be decrypted (unscrambled) only by the intended recipient. Up to date, the “End-to-End” data protection model has been implemented with the secure-web protocol, also known as HTTPS, SSL, or TLS. We all successfully use it for directed two-party communication – shopping and online banking.
In the case of cloud-based services (three-party communication, User-Cloud-User), the commercial sector quietly adulterated the “End-to-End” data protection model by re-defining the meaning of “-End” to mean the vendors’ server/cloud to which the sender delegates her data for transmission or storage (effectively weakening data protection model to be “End-to-Cloud”).
At present, most users’ data is decrypted (unscrambled) at the entry into the cloud, where data is transferred and stored unprotected (this is one of the sources of digital companies’ “big data” and “ad targeting” power). At enterprise gateways encrypted (scrambled) data is decrypted (unscrambled) by powerful firewalls (by a process termed “stateful packet inspection”); at entry into a cloud, data is decrypted (unscrambled) by a process called “SSL Termination” to be absorbed into the cloud in its original form, no privacy preserved. Simply put – the privacy protection of secure-web protocol (known as HTTPS, SSL, or TLS) is undone. Admittedly, only a few applications actively position themselves as exceptions to this rule.
Lawmakers have been satisfied with the status quo – the de-facto “End-to-Cloud” data protection model – as it allows authorities to monitor anyone’s communication and in-cloud data globally when needed.
Better Transparency of Provided Data Security
To make the data protection model explicit, users should demand from vendors a more precise data protection model description. Instead of probing the definition of “End”, customers should ask for a “User-to-User” data protection model as an explicit signal showcasing customer data is transferred securely (scrambled) from the sender (User) to the intended recipient (User) without being decrypted (unscrambled) at any intermediate proxy, server, provider, or cloud step.
Objective Reasons for “End-to-Cloud” Protection Model
Many vendors power their algorithms and personalize services by searching customer data for patterns. Unfortunately, loss of privacy is unavoidable in cases when data is placed in a database or is searched. Technology that would preserve data privacy and allow searching at the same time – Searchable Encryption – is still in a research stage.
As a society, we need to define what type of data we agree to give to service providers to personalize our experience, and what type of data should remain protected from the vendor’s cloud, searches, and databases. Perhaps our preference-related data should retain the “End-to-Cloud” data protection model, while other data should be protected with the “User-to-User” model. At the moment the data protection model is a binary choice.
Evolution of Data Protection Model
Recent attempts by the commercial sector to revert from the handicap “End-to-Cloud” data protection model to the privacy-preserving “User-to-User” data protection model has met with increased opposition from the government. Lawmakers in the US, Canada, UK, New Zealand, Australia (Five Eyes nations) plus Japan, India, and others insisted on the necessity of having a backdoor in any adopted data protection model.
It should be noted, the authorities insist on the creation of backdoor not in mathematics or encryption (scrambling) algorithms but in the implementation of consumer-based systems of global deployment. In other words, well-financed wrongdoers and state actors will be able to circumvent proposed backdoors (by independently implementing strong encryption algorithms) and are not the intended targets of the requested backdoors. Law enforcement among ordinary citizens is the goal.
A number of logistical, ethical, and technical issues have been raised and discussed in a two-part paper authored by a cohort of leading cryptographers and researchers in cybersecurity on the topic of intentional backdoors over the last two decades, including Steven Bellovin (Columbia), Ronald Riverst (MIT), and others.
While it is technologically feasible to re-engineer the cloud-based Internet data protection model with build-in “front door” or “backdoor” mechanisms (through “custody keys” and “multi-key” protocols), privacy advocates oppose the legislation raising a valid question, “Who will watch the watchmen?” One of the greatest concerns voiced is the access revocation mechanism to limit the scope of the warrant-based access.
Short of re-engineering the data protection model of Internet cloud-based services, there is a pragmatic compromise. The solution with the Helix22 SDK is analogous to “compliance monitoring” many regulated industries, like finance, already implemented.
With minimal system changes, it is possible to enable a mechanism where user data is processed in duplicate:
- the original users’ data is encrypted (scrambled) using a strong “User-to-User” data protection model (implemented without backdoors)
- a BCC copy of the users’ data is encrypted (scrambled) with “compliance keys” that are changed hourly (or daily)
The government’s ability to inspect user data via warrant access to the “compliance keys” will be limited by a warrant-defined time-period. User data from outside of the warrant-defined time period will remain private (scrambled) because a different set of “compliance keys” were used to encrypt (scramble) the data.
Helix22 is a cryptographic library built to enforce a strong “User-to-User” data protection model while providing businesses, governments, and law enforcement with “timed compliance keys” capability.
By implementing such change, the overwhelming majority of law-abiding Internet users will preserve their data privacy with an uncompromised “User-to-User” data protection model, no backdoors. At the same time, governments retain sought-after warrant-based “Legal Intercept” capabilities, with necessary privacy-preserving limitations.
Aleksey Maslov – Head of Digital Product & Engineering