Integritee series: Part 1

Technology context for the birth of Integrite

In the past 30 years, since the internet became publicly accessible to a broad market in the early 1990s, and with the rapid development of hardware technologies that leverage processing capacity more efficiently, a lot of new business models have emerged. Early businesses focused on IT infrastructure, online advertisements and marketing, and e-commerce. With rising internet user numbers, an increasing number of cloud applications, marketplaces and social media platforms arose during the internet boom of the 2000s. This led to a vast amount of user and business data being generated, which is now referred to as big data. Businesses started to analyze data more efficiently to improve their business processes and products with insights derived from their user base.

image

Today, these business practices have become extremely prevalent. Indeed, the sole purpose of some businesses is to generate a big user base with a “free” to use service and subsequently monetize that base by handing user data over to third parties.

By collecting huge amounts of sensitive data and storing it centrally, this trend has made cybercrime and cybertheft more lucrative and attractive. As a result, the number of cyberattacks has significantly increased, resulting in major leaks of sensitive user and business data. Billions of people and millions of businesses are affected by cybercrime. According to the 2019 Official Annual Cybercrime Report by Cybersecurity Ventures, cybercrime represents the single greatest threat to companies worldwide, and by extension, to individuals' personal data.

Cybercrime is predicted to inflict damages totaling $6 trillion globally in 2021. If concentrated in one country, this would be the world’s third-largest economy after the US and China. Global spending on cybersecurity products and services is projected to exceed $1 trillion cumulatively over the five-year period from 2017 to 2021.

In the past few years, regulators have introduced new regulations governing how businesses can handle sensitive user data. The objective is to make firms implement new processes and technology to counteract both data misuse and data leaks. The General Data Protection Regulation (GDPR) enacted by the EU in 2018 requires organizations to safeguard personal data and uphold the privacy rights of everyone within EU territory. Organizations found to be in breach of these regulations can be fined up to €20 million or 4% of their global annual revenue, whichever is higher.

image

Blockchain was designed with the intention of solving some of the issues caused by centralized information systems. By decentralizing computation in an encrypted form, the risks posed by single sources of failure are minimized. However, most current blockchain solutions lack either scalability or confidentiality. With regard to the latter, most public chains are completely transparent and are pseudonymous rather than anonymous. While interesting approaches like zero-knowledge proof or multiparty-computation have been proposed, they come at the cost of lower scalability, remain largely academic and can be effectively implemented only for a very narrow range of use cases, like transferring tokens.

Here comes the challenge

When it comes to cybersecurity, companies are confronted with myriad challenges across many different areas. As a result, instead of focusing solely on their core business, they need to simultaneously manage processes related to security, technology, regulation and customer trust.

The problem rises in 4 main factors:

IT Security: Data in transit contains specific security risks, which need to be mitigated through targeted security measures. While data at rest has better security, it is regarded by hackers as more valuable than data in transit. Fortunately, it is possible to protect data in use at the hardware level by using trusted execution environment (TEE) technology.

image

  • Technology: Whenever services are moved to the cloud, the customer needs to transfer data and information to a third-party service provider. Furthermore, it is impossible for the customer to verify how their data will be secured or managed by this third party. This is why it took so long for companies to move sensitive data to the cloud. Indeed, many companies remain wary of migrating parts of their infrastructure. In blockchain world, it requires 4 things:

o Secure Multiparty Computation (MPC): To compute data jointly, without it being revealed to any single one of those parties

o Homomorphic Encryption (HE): To allows data to be computed in encrypted cyphertext form, without needing to be decrypted first.

o Differential Privacy (DP): To limits the amount of information or data points on each individual record in a database by releasing the result of an aggregate computation on that database.

o Trusted Execution Environments (TEEs): To provide a simple and currently unrivaled way to securely and confidentially process sensitive data

Regulation on data protection: The General Data Protection Regulation (GDPR) turned out to be not so efficient as it seems. The volume and size of fines issued to companies so far only amount to a drop in the ocean. Big data giants like Facebook and Google can easily pay such fines and continue to exploit the big data. However, while big players are not hugely affected, small and medium-sized businesses are struggling to cope with increasing regulatory requirements that necessitate the implementation of new processes and security systems. In addition, collaboration between businesses is hampered as it becomes cumbersome to share data while ensuring compliance with data protection regulations.

image

Customer Trust: There has been an almost constant stream of big data leaks in recent years, with millions of users affected. Personal data is collected and sold in a multitude of ways and an individual’s private details, behavior, and trends become easily accessible online. People are becoming increasingly privacy-conscious and are questioning their growing lack of data privacy and control. This leads to a social shift in the long term. In 2019, Forbes stated that “Data Privacy Will Be the Most Important Issue in the Next Decade”.

Integritee provides a scalable, interoperable and confidential network layer that can be used by companies and developers to establish new, user-centric privacy solutions that leverage the combined benefits of blockchain and trusted execution environments (TEEs).