We are losing the cybersecurity war. In 2015, over 21.5 million federal employees and contractors – just about anyone who got a US federal security clearance outside of the CIA – received a notification that their Social Security Number and personal information had been stolen from their Office of Personnel Management (OPM) files. When seeking a government security clearance, you have to fill out a very detailed personal information form, an “SF-86.” All of those were now in the hands of parties unknown.
Adding insult to injury, scammers latched on to this latest data disaster and sent out fake notification letters and emails, leading to further data breaches. Experts have suggested that this OPM hack, the DNC email hack, and the Sony hack are the results of state-sponsored cyberwarfare.
After decades of cybersecurity efforts, even the US government’s “secure” files aren’t safe. Forget it if you are a customer of Ashley Madison, or Target, which were also recently hacked. Better cryptography alone isn’t the answer. The analogy is that with cryptography, you are making harder and harder walls, which is great as far as it goes. When someone penetrates those walls, though, they still have access to all of your data.
What’s more, improving security typically comes at the cost of more data silos, making it harder to share information. This runs counter to the fact that data is more useful when shared. The absence of good data-sharing is visible every time you have to fill out the same information on medical paperwork when you go from one doctor to another or one clinic to another.
We are arguably at a place of crisis.
The good news is that, thanks to the rise of popularity of ledger technologies (like Blockchain), and data management methods such as secure multiparty computation and secret-sharing, we now have a potential solution.
The first part of the solution, “OPAL” (Open Algorithms), inverts traditional coding paradigms. Instead of bringing the data to the code, we’re bringing the code to the data. No longer do we consolidate and then code different data sources. Instead, we distribute the code to the various pieces of data, which reduces the attack surface for hackers. The French government has funded our early work in developing OPAL.
The second part, “ENIGMA,” breaks up data into thousands of small pieces, encrypts each piece, and scatters them. Even if you could hack one node on the network, you’d just get a data fragment. Even better, you can perform computations on the encrypted data fragments. When combined with OPAL, you can transform and gain use out of data while dramatically improving its security. Corporate collaborators are underwriting our efforts to implement ENIGMA as an open source code project.
OPAL/ENIGMA, and techniques like it, promise to deliver new weapons to the war on cybercrime — while making all of that data significantly more useful for society.