This year saw intensifying concerns around privacy.
As data collection capabilities increase and companies collect unprecedented volumes of user data, the scale, frequency, and impact of data breaches have likewise amplified. These breaches, which have degraded consumer trust and led to increased government scrutiny, are the result of inadequate data protection and insufficient restrictions around data sharing and use.
As the value of data rises, it will become increasingly important to strike a balance between using data and protecting privacy. Failure to do so results in data silos, which greatly diminish the value of data for innovation and societal benefit. Emerging privacy-preserving technology can help provide a win-win solution, offering unprecedented user privacy protections while enabling new applications for data.
Blockchain provides transparency but not privacy: on current blockchain platforms, transactions and data are publicly visible. Privacy-preserving techniques combined with blockchain can enable new decentralized applications that protect data while providing users with transparency and control over how data is used. These privacy-first applications will help restore consumer trust, creating a virtuous cycle that fosters development of data-driven applications.
We think 2019 will see a dramatic shift to privacy-first applications, catalyzed by three growing trends that reinforce each other: an increased user demand to control their own privacy, the rollout of new privacy regulations, and advancements in privacy-preserving technologies.
Data breaches and privacy violations escalated in 2018. Large technology companies including Facebook and Google came under fire for failing to protect user data, and nearly every industry — from banking to retail — suffered major data breaches.
The Cambridge Analytica scandal demonstrated that business models dependent on collection and monetization of user data are a fine balancing act, often putting the interests of the business in conflict with the users they serve. The incident served as a reminder that for many internet services, there’s a tradeoff between using the service and giving up one’s privacy.
These issues have resulted in a heightened distrust by the general public of organizations that collect and monetize user data. It has increased awareness of the insufficiency of current protections for data, leading many to forego the use of products and services out of concern that their data will be sold or misused.
We saw signs of this trend in 2018. Campaigns such as #DeleteFacebook spread across the internet with viral speed as users began protesting companies that misuse their data; and Apple CEO Tim Cook called privacy a “fundamental human right”, raising concerns about the crisis of the “data-industrial complex”.
Many signs point to a tipping point in 2019 where customers en masse will demand privacy protection and the ability to control how their data is used, and will opt-out of services that don’t provide this.
2018 saw the official rollout of the EU’s General Data Protection Regulation (GDPR) to enhance consumer privacy protection.
This trend is expanding into other countries and individual states in the US. The California Consumer Privacy Act, which takes effect in 2020, is among the most stringent state-level protections, requiring companies who collect user information to use it responsibly and to provide transparency to consumers on data use.
Federal government oversight in the US is already tightening and will likely result in additional regulations. In 2018 Google’s CEO Sundar Pichai and Facebook founder Mark Zuckerberg were both called by Congress to answer questions about their companies’ data practices. The increasing government scrutiny and risk of huge fines will motivate other companies to be proactive about privacy protection.
This shift in regulatory policies will force companies who have insufficient privacy protections to take actions. Adopting strong privacy protections will be an existential requirement rather than a luxury. For the vast majority of technology companies, whose revenue and growth depend on utilizing user data, timely deployment of new privacy-preserving solutions is essential.
The good news is that 2018 saw significant progress in the research and development of privacy-enhancing technologies. Cryptographic techniques such as zero-knowledge proofs and homomorphic encryption saw increased research and development activity from the blockchain community, who view privacy as essential for enabling and driving many new blockchain applications.
While these cryptographic techniques are important, they are not yet practical for general applications. Zero-knowledge proofs and homomorphic encryption can be very slow, ranging from thousands to more than millions of times slower than native execution.
We think hardware-based approaches are therefore critical, and 2019 will see the rise of hardware-based approaches for secure computing, including hardware-based acceleration of cryptographic techniques as well as trusted hardware.
Specialized hardware such as ASICs can give a performance boost to cryptographic techniques, bringing simple applications within reach. Another technology known as trusted hardware will further expand the application domains of secure computing.
Trusted hardware provides a secure execution environment called a secure enclave that allows execution of code at near-native speeds while isolating data and code from other software running on the machine, including the operating system. Trusted hardware will enable a broad range of new applications on blockchain by allowing complex workloads to execute at scale while protecting privacy.
The world’s largest chipset manufacturers already offer secure enclave chipsets in products ranging from servers to laptops. In 2018 several major cloud providers began offering access to secure enclaves in the cloud, further increasing availability of this technology.
Additionally, the release of the Keystone secure enclave in 2018 marks the first general-purpose secure enclave framework available as open-source. This milestone will lower the barriers for developing chipsets with secure enclaves, enable faster adoption, and accelerate research in secure hardware technology.
Differential privacy is another promising technology that provides strong, formal privacy guarantees. Last year saw increased research activity in practical techniques for differential privacy.
These technologies are especially potent when combined with blockchain. The data breaches in 2018 have made consumers increasingly suspicious of opaque centralized solutions. The technologies described above can add privacy to blockchain, providing an ideal combination of transparency and privacy — without relying on a central party.
2019 will be the year of privacy. The confluence of these three forces — increasing user awareness and concern, regulatory policy changes, and improved capabilities of privacy technologies — will bring privacy to the fore and usher in a new paradigm of privacy-first applications.