Has David Chaum Saved The Internet?

As the Internet of Things continues its promising evolution, the world is becoming more engaged in the discussion of privacy issues versus issues of national security. At the center of this exchange is the burning question of whether we, as nations and communities, should sacrifice privacy for security.

Some governments think so, and have gone to great lengths to gather information from sources both inside and outside their borders, quite often acquiring the information of millions of persons in a quest to identify the specific actions of only a few individuals.

On the other side of the argument are those who believe that an individual’s right to privacy is sacrosanct; nothing can, nor should, supersede it, including a government’s desire to act in what it deems the interests of national security.

The actions of Edward Snowden put a spotlight on these conflicting perspectives, pointing out the various ‘back door’ entry points that enabled a government to examine the information of private citizens at any moment it deemed such an examination necessary.  Today, we find governments and citizens across the world having conversations about the appropriate balance of privacy and security.  Those discussion, as yet, have yielded little agreement, and few signs of potential resolution.

And now, the voice of someone new has joined that conversation: David Chaum.

David Chaum was the creator of the mix networks of the late 1970s.  He has spent much of his career in encryption, ensuring that information stays the property of the individual, and no one else’s.  In January at the Real World Crypto conference at Stanford University, he proposed a new way to ensure an individual’s online privacy, a model he calls PrivaTegrity.

His solution is somewhat counterintuitive.  He proposes more ‘back doors’—nine of them, in fact.  Simply put, Chaum’s PrivaTegrity model places nine servers in nine different nations.  No single server can provide access to the information being transmitted, nor can any combination of the nine servers access the information —save all of them acting in unison.  His rationale is simple: if nine governments or other entities can agree that something is undesirable—terrorist plots, human or drug trafficking, or similar endeavors—then that information should be accessed and acted upon.

A critic of Chaum’s pointed out the central flaw in this, though.  Why would criminals and terrorists use a construct that you have already publicly stated has the ability to be accessed through a back door, albeit a door with nine locks?

While Tor encrypts and bounces communications through a network of relay servers, preventing traffic analysis, Tor cannot—and does not—protect against traffic confirmation. Because of imperfections such as this, Tor and similar constructs are vulnerable to decryption efforts—but are they vulnerable enough, in the mind of a bad actor, to merit switching from that to Chaum’s PrivaTegrity model?  PrivaTegrity may make privacy more difficult to pierce—but it can still be pierced.

To be blunt, the only reason for criminal or terrorist elements to use PrivaTegrity would be if they controlled all nine servers.  It is difficult to imagine a scenario in which any one of nine criminal or terroristic enterprises would act against their own self-interests, so it would be extremely difficult to get all nine actors’ approvals, and lift the veil of privacy.  This could prove appealing to such groups—and be a nightmare beyond imagination for law enforcement, cybersecurity and national security professionals.

So, I believe it is safe to say—no, David Chaum has not saved the Internet.

But perhaps he has pointed to a way forward.  Plurilateral agreements require the approval of all entities involved before an action can be undertaken, and may be the nontechnological solution to the privacy versus security debate.  This is not a new approach to issues that are borderless, global in scope, and with implications for nations and individuals the world over; a plurilateral agreement regarding the future development and usage of Antarctica was entered into force by a dozen nations in 1961.  In the half-century since, the member nations have worked together to increase the number of nations in the Antarctica Treaty, as well as to set parameters for the scientific and research on that continent.

In this age of the Internet, privacy is disappearing—or perhaps we might soothe our souls by acknowledging that privacy is being redefined. Individuals are continuing to reveal more about themselves online.  Governments are actively pursuing what they believe to be the best security interests of their respective nations.  While many security-focused agencies around the world would be loath to have another similar agency in an outside nation sign off on their actions, the fact remains that it just might be the best way to ensure the privacy of the individual while still engaging in the pursuit and apprehension of criminals, terrorists and similar bad actors.

The Internet does not belong to an individual or a nation; it is among the few constructs in our world that can make that claim.  Instead, it is a construct that deserves the responsible stewardship of both state actors and individuals.  It is time that privacy be given the same status that other issues of global import have been given. It is time we work together to ensure that innocent, ordinary individuals the world over can communicate with one another—and only one another.

Matt Loeb, CGEIT, CAE
CEO, ISACA

[ISACA Now Blog]