It’s not uncommon to exchange personal data for perceived value.
People do it every time they sign up for free public Wi-Fi, seek 20% off new-season stock, or use social media to keep tabs on friends. With these kinds of online activities increasing exponentially, true privacy can be difficult to achieve and easily taken for granted.
This begs the question – if most people already accept data trade-offs, should developers still care about building solutions that guarantee their data privacy?
The short answer is yes, and it is possible to do so in a way that doesn’t compromise the user experience.
Before I explain why, it is useful to go back to the beginning to establish some context.
When we were first introduced to the internet, privacy wasn’t considered an issue because all content accessed online was public. However, the introduction of email complicated the matter, offering no protection for the data and information contained and shared within them.
A group of cryptographers calling themselves the Cypherpunks were the first people to identify the problem. Looking for ways to keep information private, their premise was to use modern cryptography to ensure that information remained confidential.
They weren’t idealists. Rather, they were builders who created tools that they believed the world needed to safeguard their privacy. Today, their mission is carried on by developers who value user privacy.
However, fulfilling that mission requires much more than securing the transmission of data.
The reason we still experience data breaches is because information isn’t encrypted during processing. This leads to another paradox – you need to allow more and more access to your data, which in turn grows the potential for more data breaches.
Therefore, must you give up privacy to use basic online services?
Thankfully, because of the capabilities provided by fully homomorphic encryption (FHE), the answer is no.
How? Put simply, FHE is a technique that enables data to be processed blindly without having to decrypt it at any stage, and this is how it works…
As a user of a web service, developers use a secret key to send encrypted data to a server where blind processing occurs. The result is encrypted and sent back, which developers then decrypt using their secret key. Crucially, nothing changes from the developer’s perspective – data is still sent and a response is still generated. The major difference is that the company providing the service now works with the encrypted data in transit, during processing, and when providing an end result, meaning the data is encrypted end-to-end.
By leveraging FHE, developers can ensure that sensitive data remains private. Governments, hackers and service providers cannot see it because they do not possess the key, and they also cannot break it as the encryption used in FHE resists even powerful quantum computers.
Another way of thinking about FHE is to view it as a magical safe. The data is put into the safe and then sent out. The data receiver doesn’t have the key to the safe, but through complex mathematics, they can analyze the information without seeing it. The results of the analysis are also encrypted, so only the holder of the key can unlock them.
These capabilities create the opportunity for collaboration across borders and teams, each providing their piece of the puzzle. This means teams across the world can collaborate in their work, be it on vaccine development, defense strategies or many other types of mission and business-critical projects in between.
What’s more, FHE enables people to interact with AI tools such as ChatGPT without revealing anything about their conversation, and it also means we can finally have privacy when interacting with smart contracts on blockchains.
Reaching FHE ubiquity is a key milestone for privacy. If achieved, everything online could become encrypted end-to-end without compromising user experience, offering a best-of-both-worlds scenario where one does not have to be sacrificed for the other.
Indeed, privacy should not be the goal of our interactions online. Rather, it should be treated as an assumed byproduct of every piece of software and every service that developers build. That way, end users won’t need to worry or even think about privacy because it will be guaranteed by design.
The best way for developers to investigate FHE further is to try out tools for themselves with different applications as this will be the best way to gauge how it can be used to better safeguard privacy in the work that they do.