Could detecting data abuse be better than preventing it?
Uncontrolled data proliferation is becoming more and more frequent. No-one wants their private data to be abused and ideally, users would receive guarantees that their private data won’t be abused. A user that stores encrypted data in the cloud has this guarantee. Unfortunately, such prevention is possible only in trivial cases; if the user wants to allow any kind of cloud-based processing, it is very difficult to give any assurances that their data won’t be abused.
If abuse-prevention can’t be assured, can we instead give users the ability to detect whether their data has been abused?
This is not quite as reassuring to the user, but it is still useful. You might not be able to prevent Facebook from abusing your data, but if you could detect that they have done it, that would allow you to take actions in the future (such as closing your account).
Here are three reasons why detecting abuse may be actually better than preventing it:
It allows you to offer data to friends and family, and detect whether they access it.
For example, if you find yourself in a situation where you are otherwise unreachable, using a Find Me app, you can allow nominated people to access your last-known location at any time and track whether they actually use that ability. The idea is that your friends and family would only access your location if they suspected you had had an accident and needed help. Normally, they will not use the data, but if they do, then you will be able to detect this.
It allows law enforcement to find criminals in a way that preserves privacy for most people.
Presently, law enforcement collects a lot of private data about individuals and we have no way of knowing whether this data is abused or not. For example, every time you use the London Oyster card, the details of your journey are logged and are available to the police. You can’t prevent abuse of this data, but could you at least detect it? Suppose this data was collected in encrypted form — allowing passengers to detect that their data is being decrypted would redress the balance between user privacy and crime prevention.
It allows companies to use your data only according to your wishes.
Suppose you want to let Facebook use your data according to a certain policy. For example, you might say that they can scan your messages or posts for city names, and serve you advertisements for hotels based in cities you mention, but they can’t use your messages or posts in any other way. This is quite a useful policy. It means Facebook wouldn’t be able to distinguish “I live in Paris” from “I’ve never visited Paris”, or even “I had dinner with Paris Hilton last night”. All it would see is that you mention the word “Paris”, and it would potentially serve you adverts based on that. This involves letting Facebook match certain keywords against your encrypted data.
PAD enables users to detect data abuse
PAD allows users to detect that a decryption of their data has taken place, alerting them to uses (and possible abuses) of their data. This enables users to offer their data in encrypted form, and fully allow its decryption. Then they can simply monitor whether the decryption has happened or not.
It’s not yet possible to prevent all data abuse, but detecting it can be beneficial. We think PAD will enable new ways of securely sharing data, putting users in control by letting them detect whether their data has been used or not.