Data Privacy Is News;
Now It’s Coming to RI
“There were still web cameras everywhere, and the possibility of optical computer scanning of license plate numbers. Murder was no different than other human activities in its ability to benefit from more pervasive computerization. Perhaps that’s what Rochelle had been thinking... First of all, she told him, ‘Avoid elevators.’ Elevator assassinations were not uncommon in the espionage business... Rochelle’s precautions were outmoded, rendered obsolete by the creeping tendrils of the internet.”
So reads a portion of Tetraktys, a novel set in a spy-thick world of symbols and computers devised by Prof. Ari Juels.
Juels is on the faculty at Cornell Tech, soon to move from Chelsea to new quarters south on Roosevelt Island, “creating pioneering leaders and technologies for the digital age, through research, technology commercialization, and graduate-level education.”
Juels, who is a youthful 46, is focused on computer security, cryptography, and privacy – hot topics in today’s news as the FBI and Apple battle over access to a locked iPhone used by a San Bernardino shooter. His novel betrays his unusual background: He studied literature and Latin at Amherst and Oxford before completing his computer science doctorate at the University of California at Berkeley. He admits that Tetrakyts is somewhat autobiograhical.
Before Cornell, Juels was the Chief Scientist at a division of EMC Corporation, working in RSA, the algorithm (named with the initials of the three MIT students who invented it) that powers most data encryption on the internet.
Dark Side of the Web
So far, the internet remains mostly free of intervention by authorities and governments, except in countries like Saudi Arabia, Russia, or China. It offers total freedom of expression and commerce. It is a libertarian paradise but it can also be a jungle, full of deception, predators, hackers, scammers, and criminals.
Juels’ research is predicated upon the fact that the internet is central to our lives. All information can now be digitized, stored, preserved indefinitely, and transmitted instantly around the world, at practically zero cost. All knowledge is accessible on a laptop, tablet, or smartphone with internet connection.
A large part of our lives has already migrated to cyberspace: business and financial data; personal data, including finances, social interactions, images, medical records, and many others are now residing on computers. We shop, bank, follow news, communicate, socialize and date online.
And commerce is rapidly becoming “e-commerce,” creating a need for the safe exchange of assets in cyberspace. “Every major complex system is vulnerable to cyberattack,” says Juels. “We usually defend the perimeter but you always should assume the enemy is already within the gates.”
In other words, Juels says, expect that fraudsters are already at work inside all banking and credit card systems, Chinese hackers have already infiltrated our defense systems and, possibly, terrorists are already seeking to take down the electric grid and wreak all sorts of havoc.
So what do we do to fight these enemies? How do we detect them, catch them, and stop them? Juels believes that likely solutions will be electronic versions of classic “deception” strategies, such as lures, traps, and “sting operations.”
Criminals constantly seek to access secure financial systems in order to generate unauthorized transactions and steal funds. For instance, a criminal may want to pose as the holder of a bank account and wire money to an accomplice. To do this, he will need one or multiple account passwords. Most likely, he will try to access the confidential database of passwords inside a bank’s system.
One way to catch these keyboard criminals is to lay traps for them, by creating “honey” or “decoy” passwords.
Suppose a criminal has acquired a list of usernames and passwords and is beginning to use them to steal. The moment he uses a planted decoy username or password, an alarm sounds, alerting system administrators that a probable breach is under way.
The internet supports remote transactions among individuals and firms. The parties to a sale or a financial transaction often do not know each other, yet they must trust each other to “perform” – make payments, provide goods and services, deliver securities. This is normally done by relying on trusted third-party intermediaries, or “central counterparties” such as banks, brokers, insurance companies, exchanges, or clearinghouses.
They play a key role:
• Participants (buyers and sellers) maintain accounts with the intermediary (they are “clients” of the intermediary).
• The intermediary maintains a “ledger” or record of the various participants’ “positions” (assets, claims e.g.).
• Prior to executing a transaction, the trusted central intermediary makes sure the payer does not “double-spend” his account, by inspecting the ledger and confirming that the payer is “good to pay.”
• As the transaction is processed, the central intermediary “credits” the participant who receives the payment and “debits” the participant who makes the payment.
• The “trusted intermediaries” (banks e.g.) know and verify the identity of payer and payee; they act as guarantors of the transaction.
The New Model
“Blockchain,” the technology behind the cryptocurrency Bitcoin, invented by the mysterious Satoshi Nakamoto in 2009, changes this model entirely.
Online payments or transactions go directly from one party to another, through a “peer-to-peer network.” The network creates an ongoing record or ledger (the “blockchain”) of all transactions.
Transactions are digitally signed, encrypted, time-stamped, and incorporated into the blockchain, the transaction record.
Cryptographic techniques ensure that the transaction record is a complete and accurate record of all transactions. Made widely available as a “distributed ledger,” it cannot be tampered with.
In this model, the trusted central intermediary is no longer necessary. The introduction of blockchain and the electronic cryptocurrencies it supports may lead to the “disintermediation” and obsolescence, at least in part, of traditional financial institutions. That is, since cryptocurrency transactions do not go through the banking system, they are difficult to trace and may escape government scrutiny. Not surprisingly, several of the world’s top banks are seeking to incorporate blockchain into a consortium of financial institutions, probably with an approving wink from regulators.
Juels says, “Smart contract technology automates a large part of the ‘trust function’ necessary in business interactions.” Building on blockchain and cryptocurrencies technologies, scientists such as Ari Juels are preparing yet another revolution: smart contracts. These are contracts that are verified by computer rather than by a person or organization. Just as cryptocurrencies may make financial intermediaries obsolete, smart contracts will reduce the role of legal intermediaries, such as courts and lawyers.
A smart contract embeds, into computer code, all of the conditions and outcomes of legally binding agreements, allowing parties to enter into a contract without trusted third parties like lawyers and courts. Instead, the computer ensures that those legal contracts and agreements are being fulfilled.
Smart contracts can work within cryptocurrency system and allow for the transfer of assets with a digital signature. Both cryptocurrencies and smart contracts are being rapidly adopted because their combination is synergistic – it increases cryptocurrency utilization and it provides an efficient legal system throughout a cryptocurrency network, such as Bitcoin or the new Ethereum, a decentralized platform for applications that run exactly as programmed without any chance of fraud, censorship, or third-party interference.
Smart contracts enable users to contract for trading of all types of assets – securities, commodities, and others so contracts may be made efficiently and enforced through cryptography rather than by a third party.
Criminal Smart Contracts
Once you are “invisible,” and nobody knows who you are on the internet, what is there to prevent you from stealing, spying, and committing other crimes?
Ari Juels’ research explores the possibility of “criminal smart contracts” – These are criminal deals among two parties, each of which can remain anonymous, thanks to the internet. Examples:
• a contract in which a party buys secret private information from another party and pays for it in cryptocurrency, thus escaping detection;
• a contract in which a party, who remains unknown, gets an assassin to commit murder in exchange for a reward payable in cryptocurrency upon the successful assassination.
Juels says, “Our results illuminate the scope of possible abuses in next-generation cryptocurrencies. They highlight the urgency of creating policy and technical safeguards and thereby realizing the great promise of smart contracts for beneficial goals.”
Interestingly, criminal smart contracts could be used in sting operations against hackers or electronic criminals: Posing as the initiator of a criminal contract, law enforcement could lure a would-be criminal, get him to prepare to commit the crime, then nab him in the act. Clearly, some a way of tracing the criminal on the internet is essential.
Ari Juels’ research is probing the leading edge of the internet world. Clearly, people will be interacting with each other and with institutions in totally new ways online and relying on technologies being invented at places such as Cornell Tech, by people such as Ari Juels and his colleagues.
Roosevelt Island will be on the leading edge of this new world.