A professor from Israel may have the found the way to safeguard your privacy while providing governments and companies with the personal information they require.
If you’re a prosecutor doing research on the online legal database Lexus-Nexus, how can you be sure that the defense attorney isn’t accessing your searches and ferreting out your case strategy? And does the government really need access to everyone’s personal business – like flight itineraries – to be sure there aren’t any terrorists onboard your plane?
While online databases and other services make our lives easier and government-censored and supplied data no doubt keep us safer, more and more Americans are taking sides in the ‘security and privacy’ debate. Companies want to give their clients’ private solutions while governments strive to keep society safe. The challenge is how to achieve this without divulging private information.
Prof. Yehuda Lindell, a cryptologist at Bar Ilan University’s Department of Computer Science has a $3 million grant from the European Union that says he can show governments and companies how online information can be both private and secure.
It’s a big problem, he admits, when two organizations need to compare and share information, like no-fly lists. The US government wants to ensure that those on the list not be allowed to fly, but how can it know who’s flying without access to data about every single passenger. It’s a conundrum, but one that can be solved, Lindell promises, without giving out the details and travel habits of every non-suspect.
Lindell’s biggest claim to fame is a paper on privacy preservation in data mining that was published in 2000. It was a landmark paper, cited by hundreds, and lays the foundation for new breakthroughs in the field of cryptography. His current research is expected to achieve similar, if not better results.
I know what you did last summer!
“Every time we go online we share information – the ages of our children, the state of our health, and data about our finances,” Lindell tells ISRAEL21c. “The fact that it is so difficult to guarantee basic privacy online is at the heart of some very serious security issues,” he says, adding that whenever we’re online, and submit data that can be used online, we reveal an enormous amount of information we never meant to share.
He’s hoping to reduce the threat over the next five years, as he works toward both developing a privacy infrastructure for individuals, and helping large organizations to share information without divulging their most important business secrets.
After completing a PhD in Israel, where he lives today, Australian-born Lindell did a post-doc at the IBM T.J. Watson Research Center in New York, to which he still has close ties. “This is a very hot topic in the US right now – the security versus privacy issues with Homeland Security, and how we balance the two,” he tells ISRAEL21c.
Partnering with software engineers in the industry, Lindell hopes to build high-level cryptographic libraries with advanced tools. He explains that when you open an account on Amazon to buy a product, a secure communication channel is set up, and your credit card data is encrypted. “This is low level encryption,” says Lindell.
“What I am talking about is something a little different: When you are searching in a database, but don’t know exactly what you are searching for. The company could give you the entire database and you could search it locally, but then they’d have to limit access.” If not, he says, the entire database could be copied.
A new technology to keep secrets, secret
“If I am a trial lawyer preparing for a certain trial using Nexus-Lexus, if the opposing counsel could know somehow what I was searching for, then I am relying on the fact that Lexus-Nexus is not giving this information [about me and my searches] away,” says Lindell, who does not use free Google services, like Gmail, or Documents, because of doubts about their privacy.
“I’d be relying on the security of the service, but someone could hack into the system. In general that’s a bad thing. We don’t want to rely on the security of the service,” he says.
Lindell is working on building a new technology that won’t compromise privacy or the speed of searches. If he is successful, the little bits of security information about us that companies and the government are collecting won’t be identifiable. While it seems improbable that the government knowing where you’re flying to could influence your wellbeing, Lindell sees it differently.
“Why should the government know this kind of thing about me? It’s not the government’s business. When there are huge amounts of small information about me out there, in the end my privacy is completely gone. What I did in New York is known. Maybe my mother was diagnosed with a genetic disease?”
Lindell believes that if your personal information falls into the wrong hands, it could be used against you: “Living in Israel I am someone who is fully aware of the importance of Homeland Security. What I am saying here is that in terms of security, there is no need for the government to know where everyone’s flying. I am saying we can preserve both security and privacy. That’s the big aim.”
Respecting privacy without compromising security
Stressing that he’s not the first to approach the problem in cryptographic research, Lindell and his team of engineers, post-doctoral students, Masters’ students and Israeli collaborators, see this as no minor project.
According to Lindell, one of the main problems with cryptographic protocols is that they are inefficient. He says that a protocol essentially prevents an attacker from getting through the “front door” – he likens it to posting a guard at the door, which is expensive. Meanwhile, the less-secure systems in place mean that attackers have “a good chance” of getting caught. At one time this may have sufficed as a deterrent, but not anymore, as information privacy becomes more and more compromised.
With the new model for privacy and security being developed at Bar Ilan by Lindell’s team, when you make a query you won’t learn anything unless you hold the same data – like a name on a no-fly list. This will make it impossible to spy on the datasets, says Lindell, even if two parties are actively cheating to learn what they shouldn’t.
His team’s goal is to have a proof of concept by the time the project is concluded, to show government policy makers and corporate entities managing databases what can be done to respect privacy, without compromising on security. Lindell hopes it will be taken to Congress.