Let's protect our online privacy by decentralized cloud services
Why our digitalized society has a privacy issue & why a decentralized confidential computing network like Ethernity CLOUD provides us with the perfect infrastructure to protect this human right.
There is a supercomputer (i.e. globally distributed computational power) that is monitoring and analyzing a whole bunch of data from space with the hope to find signals for aliens. Primarily because it’s in the public interest to find aliens, that example of data processing does not need privacy. But there are other examples of data processing in our everyday life (like medical data) that need confidential data handling. I want to explore why we even have a privacy issue in our digitalized society and why a decentralized cloud computing network like Ethernity CLOUD can provide us with the perfect infrastructure for that.
Privacy - a human right?
First of all, privacy should not just normatively be considered a human right, it is a human right. A value that got lost in the early 2000s in the surge for more profit. Capitalism teamed up with Big Data and made people's privacy a product without telling them for a long time.
Since Snowden’s insider knowledge came to the surface in 2011 this topic has been part of the public discourse. The only change? Websites and platforms started to openly tell you that they’re using your data for third-party usage (a.k.a. for profit). You needed to buy the service if you didn’t want to be the product. In my opinion, you would’ve been lucky if you had the option for that. After a while there was another change in favor of online privacy protection, at least in the EU, a law introduced in 2018 the “General Data Protection Regulation" which makes website providers obligated to a) give the user the option to freely choose if his/her data can be used, b) full insight in how it will be used, and c) the freedom to always change the decision, without any disadvantages (this loosely summarizes chapter II, article 6). This has damaged business models which were based on making user data profitable. An effect we likely know from Apple’s “App Tracking Transparency”-feature which reportedly costed Facebook (now Meta) about $10 billion dollars. Now with this law in place, privacy comes at the price of usability. Every time you visit a site you get asked if you agree to the cookies. If you disagree, you’ll be asked every other time you visit the same site. That’s probably why so many people comply and still accept to be monitored.
Structures shape our behavior
While usability might be the short answer to that, I believe there is a structural reason behind it, which facilitates the abuse of things that belong to the individual. That reason is that capital - let it be money or data - always tends to accumulate with a few players.
In terms of money, we provenly saw this with the traditional banking system. This concentration of wealth to those who are closer to the money printer (formerly that meant closer to the king) goes under the name of the Cantillon effect. In other words: Centralization. The solution is a p2p monetary system based on a distributed ledger protected by encryption and a consensus mechanism that requests real energy. This solution is called Bitcoin.
In regards to data, we witnessed the Cantillon effect with the known tech companies over the last 20 years. Even though the data centers of these big companies may be all over the world, custody, and access to this data are reserved for a few players. Similar to Bitcoin’s approach we might want a) distribution of the data to act against the accumulation and b) encryption to make attacks costly and to protect privacy rights. So generally spoken, the solution to this problem could also be a distributed ledger that is not just protected by technical features (e.g. hash functions, blockchain, encryption) but also by game-theoretical structures (it’s not worth attacking the network, you benefit more if you use the system, rather than destroy it).
Ethernity CLOUD: Decentralized Confidential Computing
The public discussion about online privacy since Snowden mainly outlined social media platforms, mail providers, etc., and how they profit from our stored data. What’s missed out most of the time is the field of cloud computing. I.e. computational tasks that are processed on a different device somewhere else. That shouldn’t be mistaken with cloud storage (e.g. google drive, dropbox). Rather it’s a service for computational processes like the following:
A.I. computation (generated images, videos, text or rendering games, videos)
Processing medical data of patience in hospitals
Research projects with big data sets which require bigger computational power
Field data that is used in military operations (hopefully never needed)
Cloud computing as a service industry is expected to double in revenue in the next 4-6 years. But there are several major problems why we - the users - won’t match with the big centralized industry players in the long run and why we need a decentralized solution like Ethernity CLOUD. Besides costs and availability of the network, there are serious privacy concerns I want to point out here:
As previously mentioned I see privacy and security issues rooted in the centralized nature of service providers. They own the servers, massive amounts of data are collected in one place, there might be insecure APIs and more. But let’s assume Google, Amazon, Apple, Microsoft and other industry cloud computing providers have the best security on a software level, they still cannot protect themselves against the following attacks:
1. Insider risk.
Lack of knowledge and bad intentions are both risks that are hard to prevent. Because as soon as these employees are on site, they have physical access to the devices. This facilitates the corruption of the devices. Either by accidentally opening up a malicious email or by intentionally installing malicious software.
Ethernity CLOUD can prevent this by design. Even if you have access to the node (server) it’s impossible to corrupt it. There is a massive distribution of risk by the fact that the nodes are decentralized. It’s hard to know where the nodes are and to identify whether or not they’re computing the desired (e.g. medical) datasets. Also for those who are running the nodes, it’s impossible to access the data. Even they can’t access the data, despite their access to the physical machine because Ethernity CLOUD uses encryption on a hardware level to prevent any access to the processed data. They’ve integrated enclaves that are hardware encrypted by Intel SGX. These enclaves act like bouncers. So even if the hacker gets into the club, i.e. the physical machine, bouncers, i.e. the enclave, will kick him out, before he can get on the dancefloor, i.e. the processed data.
2. Abuse of power.
With current cloud computing providers, a lot of data is accumulated in the hands of a few companies. And two forces endanger the confidentiality of your processed data. Firstly, the accumulation of capital: Data is capital and capital always tends to accumulate, as mentioned before. Secondly, the abuse of power: Data is knowledge and knowledge is power. And power always tends to be abused. So in this sense privacy won’t necessarily be endangered because of a “hack” but rather by a naturally given incentive to abuse a company's powers. In simple terms this means: The company might rather sell your data than protect your privacy.
Besides the NSA case I mentioned in the beginning, we find examples of this tendency with known players in recent times:
Amazon used the listing price data of sellers on its platform just to keep its competitive advantage against other marketplaces. Hence California files an antitrust lawsuit against the company.
In Google’s case, examples range from their abuse of big-brother-role as a company to dozens of employees taking advantage of their power position to spy for personal reasons. The “people also ask”-feature is just one example of how the company extracts data from another website for its advantage by offering quick answers to your question within the search engine, in order to make your stay on Google as long as possible.
We don’t even need to start with the Cambridge-Analytica case, in which they successfully manipulated voters in different countries by using their Facebook data and customized Facebook ads.
Conclusion
With Ethernity CLOUD these traditional structures are disrupted. Neither the devices nor the data are in the control of the company. Anyone can decide to participate in the network by connecting to the Ethernity CLOUD Ecosystem (installing their node) on a machine with an SGX-compatible processor and then letting the data be computed on it securely, in a way that no one can access it. This way data accumulation, abuse of power, and lastly exploitation of data are prevented by the network's structure. Because it’s open source, you can verify all this by yourself or by your friendly hacker from the neighborhood.
I also mentioned that there are underlying incentives to exploit confidential data from both sides. Hackers and companies are both interested in profit. Both profit from the cost-effectiveness of making use of accumulated data. Getting access to one computational operation is not as valuable as getting access to trillions of computational operations. A decentralized network can lower the cost-effectiveness of such exploits by its nature.
Privacy is a human right. Centralized web solutions of the last 20 years endangered our privacy partially by insider risks and partially by abusing their power. It’s more crucial than ever to enable privacy by default in the digital space. We explored how encrypted decentralized structures can prevent these kinds of data observation and exploitation. I think Ethernity CLOUD’s privacy protection might be a game changer in the disruption of giants like Amazon, Google, or Microsoft. Not only by implementing per se encrypted software from scratch, but also by a structural change (distributed computational power) which changes the incentives for the better. I will further explore the performance enhancements and cost-effectiveness of this decentralized network in comparison to centralized cloud computing solutions and hope you had a valuable read here.
I encourage anyone to check out Ethernity CLOUDs’ website. They welcome anyone who contributes to this promising network.
Marcel Ohrenschall, December 8.