Trust is Encryption

SANDRINE MURCIA

CEO and Co-Founder, Cosmian1

The latest, state-of-the-art cryptographic technologies are poised to become our next best friends to protect our personal data. While allowing the data economy to thrive without compromising our privacy.

For about a year now, there has not been a single week without news of a massive customer data theft. The recent cases of Cambridge Analytica, British Airways, Google+ or Facebook hit the headlines. No one is spared, from Internet moguls to bricks-and-mortar retailers. But above all, it is us, the individuals, who bear the maximum cost: not only are our personal data stripped from us without full consent, but they are traded, stolen, manipulated – in short, out of our control.


“THE NARRATIVE THAT SOME COMPANIES WILL TRY TO GET YOU
TO BELIEVE IS, ‘I’VE GOT TO TAKE ALL OF YOUR DATA TO MAKE MY SERVICE BETTER.’ WELL DON’T BELIEVE THAT. WHOEVERIS TELLING YOU THAT -IS A BUNCH OF BUNK.”

– – TIM COOK, CEO, APPLE

Every day I find myself in situations where I have to disclose personal data. And every day I’m struck by the fact that I’m somehow forced to reveal or to give access to a lot more than what is really needed. Why does my bank have to access all the details of my daily transactions: what, how much and where? My contract with the bank is about me making sure there is enough money in my account and paying debt interest if there is not. Not about giving the bank access to all these personal details. What’s in it for me?

Why do I have to provide my entire tax report to rent an apartment just to prove I can actually pay the rent? Why is my online activity recorded and sold to third-parties without my consent to bene t from so called user benefits such as «targeted advertising» or «personalized services»?

Don’t get me wrong. I’m not arguing the pipeline of data should be sealed with lead. I’m pointing out the extreme need for regaining control on who accesses our data and what for. Not more. The (very) good news is that this type of control, allowing for selective data osmosis with full and informed user consent, is now possible thanks to the latest cryptographic research turned into service applications.

Let me highlight the two fundamental reasons why I believe cryptography is poised to revolutionize privacy in everyday applications.

Mathematics not Magic

Cryptology is the study of techniques for «enciphering and deciphering of messages in secret code or cipher» (Merriam-Webster). The mother of all such techniques was encryption or how to convert information from a readable state to apparent nonsense. Ancient Greeks, Julius Caesar, Persians, Czars & Kings all over Europe – to name the oldest but not the least – have used encryption for diplomatic reasons, to protect war communications and intimate conversations. On a lighter note: who hasn’t written with invisible ink during treasure hunts in summer camps?

The computer era changed the nature of the game, tremendously augmenting our abilities to encrypt and decrypt.


“THERE ARE 2 TYPES OF COMPANIES: THOSE WHO HAVE BEEN HACKED, AND THOSE WHO DON’T YET KNOW THEY HAVE BEEN HACKED”
– – JOHN CHAMBERS, EX-CEO, CISCO

Think about WWII, Alan Turing cracking Nazis’ Enigma machines. In the past 30 years, cryptographic techniques heavily transformed themselves with intensive use of mathematics. In 1976, modern cryptography was taken by storm with the revolutionary concept of «public key encryption» (Dif e-Hellman and Merkle): a pair of different but mathematically related keys, the public key to encrypt and the private key to decrypt.2 Hence, if I give away my public key, anyone can use my public key to encrypt data – but I am the only one to be able to decrypt the data using my private key (as long, of course, as I don’t give it away as well).

This founding principle directly led to the emergence of many public-key encryption systems – one of the most famous being the algorithm developed by Rivest-Shamir-Adleman. The RSA cryptosystem has been at the core of several applications and RSA signatures are still very much in use in SSL certificates, for instance. SSL certificates are (An SSL Certificate is a small computer file that digitally combines a cryptographic key with an organization’s details). More recently, schemes such as Elliptic Curve Cryptography became very popular and most blockchain systems are built on it. In a nutshell, we are all already exposed to, or are using cryptographic technologies without knowing it. Just like your car or household equipment is powered by state-of-the-art electronics, which are invisible to the user.

In short, cryptographic technologies are the new chips of the data economy.

The only bulletproof personal data protection is for data to be encrypted with the Person’s public key.

First of all, let me explain why public- key encryption of your personal data protects your privacy. Since your data are encrypted with your public key, only your private key can decrypt them hence only you can read them. No one else but you. It’s mathematically bulletproof.

But you may ask: Why on earth would I want to encrypt my personal data? When I browse the web, search for products, post on social networks, my activities are legitimate. I don’t have anything to hide. Here is why you should always favor encryption. This is not about hiding anything. I don’t mean to be as extreme as Cardinal Richelieu (famous and feared French Foreign Secretary -1585-1642) and suspect systematic data mishandling. But the fact is that you don’t know who accesses your data and what for. Conclusion: personal data should be encrypted by their owner.

Second, when personal data are encrypted, there is a significant reduction of risks in data security and in data compliance. Very good news again, this time for companies and organizations.

When customers’ personal data are encrypted with customers’ public keys, organizations not only stop holding «clear text data» (subjected to European GDPR regulation3) but also the consequences of data breaches are reduced: data can still be stolen if security fails but data can’t be decrypted as long as the private keys are not in the hacker’s hands. Protecting private keys has hence become essential and a large number of new paradigms, hardware and companies have recently emerged to improve handling and security.

Last but not least, once properly encrypted, personal data can be stored anywhere: in the cloud, locally on devices, on premises. This flexibility also reduces compliance risks for organizations.

In summary, cryptography is a highly technical, mathematically involved, constantly evolving subject. At Cosmian we believe that some of these techniques are ready for wider application and should immediately be enabled to satisfy the need for improved privacy. We are working hard with world renowned cryptographers to make them available in easy to use packages and tools to application developers and data scientists.

Our goal is a time when privacy does not become a choice, but the default.

(This is a shortened version of an original article published in Medium on November 15, 2018)


After 15 years in leadership positions at global corporations, Sandrine Murcia decided to answer the call of a stronger force and become an entrepreneur. Sandrine is the CEO and co-founder of Cosmian, the Private Data Intelligence platform with zero compromise on privacy. Leveraging deeptech crytography and blockchain technologies, Cosmian powers a fair and secure private data economy. Sandrine began her career in 1995 at Procter & Gamble. In 1999, thrilled by the emerging potential of the Internet, she switched gears and joined Microsoft’s MSN consumer division. In 2004, Sandrine joined Google as Southern Europe Marketing Director. In 2010, she co-created her rst company, Spring Lab – a strategic consultancy in business innovation and digital transformation. Sandrine then joined Connecthings in 2015, a leading Smart City mobile engagement service company, as Managing Director. Sandrine is deeply involved in supporting women’s entrepreneurship and is a strong advocate for women in tech. She holds a BS in Biotechnology from INSA Lyon and a HEC Paris Master in Entrepreneurship. Sandrine is a 2004 Kellogg School of Management MBA graduate.

  1. https://cosmian.com/
  2. https://ieeexplore.ieee.org/docu- ment/1006971 – Martin E. Hellman – An overview of Public Key Cryptography
  3. https://eugdpr.org

Comments are closed.