Nigel Cannings, CTO Intelligent Voice Last week, I decided to test a theory of mine about how happy we are about living our lives in the thrall of the big harvesters of data, the Googles, the Amazons, the Apples. In a deliberate attempt at irony, I used Google’s Surveys tool to ask 1,500 Americans whether they trusted Big Cloud not to misuse their private data (full results ). I ran it over Thanksgiving weekend in the hope I might catch people in a more cheerful and optimistic mood. What percentage of respondents answered, “Yes”, they trusted the good ol’ boys of Big Cloud with their darkest secrets? here 25% That sunk to 16.4% in those aged 55 to 65. And only crawled up to 33% in the 18–24 demographic Ouch. This isn’t even a question of how secure people feel about their data in the cloud: This is about the fundamental trust we have in those cloud providers not to take our data and do something nefarious with it. That is pretty bleak. Let’s face it, we live our lives in the cloud. Something as simple as a personal email account makes you the proud user of a cloud service, and you know every time you check your mail that your provider has taken the contents of your private data, slurped it into its commercial arm, made decisions about who you are and what you might want, and then tried to make money on it. Even as I have been emailing people about this article, Google has started to offer me someone’s cloud services as a Gmail ad. Google reading my mind as well as my email. We are complicit. I have to put that out there: Whilst I am not surprised that people really don’t trust their industrial overlords, I’m not sure any of us has much of a right to complain about it. It’s all free, dammit. All of that search, that email, that health advice, that mapping, that daily fix of social interaction, that news, the funny videos, the pictures of cats: All free. Although not necessarily available at zero cost. A break in the Clouds I’m not sure there is much new in someone ranting about the state of modern data infrastructure and the massive surrender of privacy that the internet has suckered us into: I may offer some hope towards the end of this missive, but not quite yet. Let’s look at the accelerating pace of pain that the connected world has given us: 5 weeks ago, 10,000 little cameras took the internet offline. Last week, the San Francisco public transport system was attacked by ransomware Yesterday, Check Point said that over 1 million Google accounts had been hacked using the “Gooligan” malware attack campaign ( ) http://blog.checkpoint.com/2016/11/30/1-million-google-accounts-breached-gooligan/ Oh, and did the Russians hack the US Election campaign? The fact is, even if we did trust our cloud providers, are they doing a very good job of protecting us from ourselves? In less than ten years, the number of smartphones, our main portal into the connected world, sold every year has risen from just over 100 million, to almost 1.5 billion: Every single year, we buy a new smartphone for 1/5th of the planet. And the cost to the global economy of all of that data up there in the cloud being systematically attacked: Almost half a trillion dollars a year. Without wishing to be too trite, it you lay stacks of $100 dollar bills side by side, and wrapped them once round the entire circumference of the Earth, you’d still be about 5,000 miles short to get to the $445 billion it costs every year. Hipster IT? Maybe with our concerns about privacy and new cyber attacks and breaches being reported every day, we should move back to a simpler time? Is it time for Hipster IT? All over the world, there is a move to artisan food and craftsmanship: small businesses picking something and doing it well be it coffee, sandwiches, upcycling or even a “Sushiritto” (it’s true, sushi in a buritto). Should we be taking a leaf from the hipster book and do it the old fashioned way? I used to have a random_number@compuserve.com email address. I downloaded my email to my PC, deleted it on the server, and then I unplugged the modem from the telephone jack, so people could actually call me, which they did before we all got mobile phones. If you wanted to find out what was in my email, you would have to physically find me, wrestle my 8" screen laptop from my hands, and crack my amazingly uninventive password. But then, as only about 12 people that I knew even had email, the list of interesting items was not long. Should we go back to that time, disconnect from our increasingly connected world, buy analogue watches, spend our lives in libraries researching useless facts, and then stand for hours in the rain trying to hail the last cab in the city? Personally, I hope not. Most of my own business is driven by fear of the cloud. We supply highly efficient, speech-to-text and analysis software to companies that want the data as off-grid as possible, in forensics labs located as far off-network as possible. The data they process (usually telephone calls) is highly sensitive, and sending it via a public API to a cloud provider is a breach of confidentiality, data protection, and for them, good sense. But that increases cost and overall reduces efficiency. Some people feel comfortable with a private cloud approach, managing the data themselves in AWS or Azure, and putting their own security around it. But the data is still connected to the Internet, and is still, at least at the point of processing, in clear and vulnerable. Surely what we want is to use the power of the cloud, its stress-free backup, the on-demand per minute processing, the infinite storage, but keep all of our data secret from the cloud provider? Encrypt-o-Cloud Maybe there is hope: A relatively new branch of encryption has emerged known as homomorphic encryption. This is a methodology whereby a user can encrypt data and send it to the cloud for processing while the data remains encrypted. Kinda Star Trek? But so was the flip phone. In the case of a voice file, you the user encrypt it, upload it to the cloud, and are allowed to search on that data (using encrypted search terms), while the cloud has no knowledge of the content of your telephone conversation. Our research is advancing such that you will, in time, be able to receive an encrypted transcript that only you can open. At present there are a number of proposed schemes, most of them aiming to be quantum-computing proof, that provide this level of “cloud-proof” security. Researchers at universities across the globe are competing to provide a practical way of processing encrypted data: the end goal is what is known as Fully Homomorphic Encryption, or FHE. At present, the ultra-secure schemes can be very processor intensive (sometimes several thousand times more than the same process in the unencrypted domain), and limited in the scope of the mathematical actions that they perform. But performance is improving (especially using GPUs), and the complexity reducing. Given the fears expressed in the survey by ordinary people, you might have thought that this type of encryption would be the subject of massive research by major cloud providers. But the rub is in the economics of the internet. Many providers of public cloud services use your data to generate income. And if they can’t read your data, they can’t monetize it, and so they cannot provide services we take for granted for free. Only Microsoft has (publicly) made inroads into homomorphic encryption, but that is still more in the area of allowing collaborative research on DNA data, rather than locking up your data so only you can see it, while they store and process it. So my survey shows that people are worried about privacy, and my research team has shown that their privacy can be protected, but there is a price, and that price is a loss of free access to services that we take for granted now. So maybe my next survey should be not whether trust “Big Cloud” with your data, but how much are you willing to pay to make sure they can’t see your data? If you’re really interested in keeping your private data private, you can either dig a hole in the ground and shovel it in, or vote with your wallet. But if you want free, you’re going to have to pay for it.
