Why we need the next generation of digital trust technology

Join today’s leading executives at the Data Summit on March 9. Register here.

This article was contributed by Richard Gendal Brown, CTO at R3.

The connection between people is often the first thing that comes to mind when we think of trust. Trust allows us to do things that would be nearly impossible if we had to verify everything ourselves. Imagine having to inspect the kitchen of every restaurant you’ve ever visited. The bottom line is that most of us operate under a system of “if we trust, we don’t need to verify” both in our personal lives and in business.

Lack of faith in technology and the digital world

In the early days of the Internet, you didn’t know if your browser was really talking to the company you thought it was. So e-commerce and online banking struggled to take off. But the advent of the browser padlock — literally creating the confidence that you’re connected to who you think you are — unleashed trillions of dollars in opportunities.

Until recently, companies that did business with each other didn’t know if they had the same data. And so they wasted staggering amounts of money by reconciling. Technologies such as blockchain solve this problem.

But there is still so much more to go. For example, when you send information to a third party, you have no technological way to trust them or their technology or know what they will do with your information. So you have to spend a fortune on ‘data scrubbing’ or audits. Or, more likely, you’re not sharing sensitive data at all. It’s mind-boggling to imagine how many opportunities to create new value or better serve customers are wasted because we can’t rely on how our information will be processed if it’s in someone else’s hands.

Consider this list of technology policy issues that were on the agendas of most developed countries in the early 2020s:

Social networks are accused of misusing users’ personal information for business profit. Advertisers and the major technology companies whose platforms serve their ads are accused of tracking users without their knowledge, and of improperly combining disparate sets of data to violate users’ reasonable expectation that different online behaviors and personas can be kept separate . All kinds of companies are accused of using data they have obtained about an individual for one purpose to pursue unrelated business goals, without informed consent. Data that companies legitimately capture about users is often stored or processed with insufficiently strong controls, leading to data loss or exposure by malicious outsiders or rogue insiders. Companies often want to share data with other companies, but have no control over this data once it leaves their systems. They fear the resulting liability and thus forego otherwise promising opportunities for themselves or their clients.

These problems all have a single root cause: Today’s network economy requires individuals and companies to share data with third parties or other parts of the same company on an unprecedented scale, but today’s technology offers no way to control how that data is then used, or for what purpose.

The harsh reality is that once you share a piece of information with a third party, they can do whatever they want with it. The only thing that limits them are ‘soft’ controls: reputation, regulation and contract law. The internet revolution has made it extraordinarily easy and cheap to share information, but has failed to deliver comparable powerful tools to master the monster we’ve unleashed.

The three reasons we share data

It’s like there are some basic computing capabilities that we need, but don’t have.

Consider some obvious reasons why we share information with third parties:

We often want to “outsource” our calculation using cloud computing techniques. But we are concerned that the cloud provider would misuse our data. What if we could have known in advance that this was not possible?

Sometimes we are asked to send sensitive documents to third parties so that they can verify something to their satisfaction, such as a customer’s age. But that usually means giving them access to personal or confidential information: they want to know my age, but I have to give them access to my entire passport. What if we could provide evidence without revealing more than is necessary?

And we often come across situations where multiple companies voluntarily use a centralized system – such as an exchange – to facilitate trading, only to find that the exchange operator has privileged insight into the trading strategies of the entire market. What if we could collectively bundle information without giving the centralized operator a privileged position?

It may not seem obvious at first glance, but the reason data misuse is such a concern in the above scenarios is because all these problems all have a common cause: you can’t trust someone else’s computer.

But what if you could sometimes trust someone else’s technology? What if we could write applications whose owners couldn’t tamper with or observe their execution? What if an application could process data that the operator is not yet allowed to see, you could rely on the results provided at the end? What if you could validate a sensitive document on your computer and then prove to someone else that you did it correctly, without them ever seeing the underlying document? What if you could trade with your counterparts without the exchange operator learning your strategies?

If such a system existed and could be widely implemented, any of the above public policy issues could be addressed. Data owners would regain control of their information. They can check what happens to their data – and by extension what does not happen to it – before sending it for processing. And if someone else’s computer told them a fact had been verified, they might believe it.

What’s next for digital trust technology?

The reality is that we will look back at 2022 in awe at how much we were able to achieve in the digital field when the level of digital trust was so low.

But things are changing. Trust technology is here now. The convergence of blockchains, confidential computing and applied cryptography is happening, and the most forward-looking companies are leveraging it to vastly increase the level of trust within and between companies of all sizes operating in the digital world.

For example, applications secured with confidential computers can cryptographically prove to a company’s users that their data is encrypted in a way that no one, not even someone with complete control over the service, can see it. Trust technology means that this can be done in a way that lets the user know when the business logic of the service has changed. And this proof is provided by the physical hardware that does the calculations.

Users build trust in a company’s good intentions and can also be used as an extra pair of eyes and ears in the fight against a hacker should the unthinkable happen. Real world users no longer have to trust companies and counterparties that use their data; they can verify it themselves. Confidential Computing, in addition to the broader trust technology toolkit, is a clear win-win for all parties and will help drive the next generation of secure digital commerce.

Richard Gendal Brown is the Chief Technology Officer at R3

DataDecision makers

Welcome to the VentureBeat Community!

DataDecisionMakers is where experts, including the technical people who do data work, can share data-related insights and innovation.

If you want to read about the latest ideas and up-to-date information, best practices and the future of data and data technology, join us at DataDecisionMakers.

You might even consider contributing an article yourself!