Authors: Will Ackerly & Andrea Little Limbago
It’s no secret that significant technological shifts continue to reshape almost every aspect of society. What receives less attention, however, is the nascent social awakening in favor of greater privacy and control over data as a fundamental human right. This awakening is driven by the steady pace of data breaches and a growing awareness of insecure data security practices by third-party providers and services.
Having a combined half-century of experience researching and solving problems at this socio-technical frontier, we are well aware of the urgency and necessity to empower individuals and organizations with greater control of their data, without having to trust third parties to “do the right thing” with your data. This control must include robust data protection and data sharing capabilities. It cannot be one or the other.
This urgency drives our latest community contribution, the Virtru Developer Hub, which gives developers the necessary cryptographic tools to protect and control data with granular and customizable access privileges through the open standard Trusted Data Format (TDF). With community-driven applications of TDF, we hope to shift the paradigm away from vendor lock-in and help innovate data protection at scale, regardless of platform or system. Developers can tackle some of the most significant data privacy and security challenges by creating applications for individuals and organizations to confidently protect and share even the most sensitive data.
In addition, we are introducing a Privacy Engineering Challenge to help grow this community and inspire innovative, privacy-preserving data protection solutions.
The New Socio-Technical Frontier
The rapid pace of technological change holds great promise, but too often security and privacy remain an afterthought when building emerging technologies. With each breakthrough technology, the actual impact relies strongly on the confidentiality, integrity and availability (CIA) of relevant data. A quick look at a few of these paradigm-shifting technologies through a data protection lens highlights how data sharing and data protection is a common theme across each of them.
- 5G: Foundational for quickly streaming and sharing disparate sized data, including extremely large files.
- Multi-Cloud Computing: Two or more cloud computing and storage services, with n-number of applications moving and storing data.
- Internet of Things (IoT): Smart devices of all kinds relaying a range of data, often including PII, IP or other confidential data.
- Artificial Intelligence (AI): Enabler for ground-breaking and powerful analytics, including robotic process automation, but still adheres to the old paradigm of ‘garbage in, garbage out’ and can be susceptible to poisoning and manipulation.
Clearly, data protection is essential to truly reap the societal benefits of each of these technologies. This necessity becomes all the more apparent when looking at the bleak reality of data compromises and leaks.
- Cyberattacks: Record-breaking compromises are measured in the billions of records breached, with a growing proliferation of attackers beyond nation-states, including for-hire services, mercenaries and criminal groups.
- Third-Party Data Sharing and Monetization: With many online platforms, we seem to be reminded daily of the growing monetization of our data, with minimal transparency on how our data is permanently stored, shared or even sold.
- Misconfigured Cloud Servers and Databases: Insufficient controls and human errors lead to the accessibility of millions of confidential records.
In response to this persistent pace of compromises, the regulatory landscape is gaining teeth, with financial cost impositions for breaches. At the same time, variations in national regulations are fostering significant differences in security and privacy policies along sovereign borders. This is instigating a growing “splinternet” where data protection is significantly at risk depending on government access and laws. Backed by a growing movement in favor of greater privacy, some countries are implementing greater data protection laws, while others are weakening them for greater governmental control. For example:
- Data protection regulations, such as the General Data Protection Regulation, require security safeguards and are already doling out record-breaking fines.
- Data localization laws require local data storage and access from some of the most authoritarian governments.
- Financial outlooks have been downgraded due to data compromises.
Advancing Full-Stack Privacy Development
It is with these challenges in mind—and the desire to help unlock the potential of these technologies while maintaining security and privacy—that we are introducing the Virtru Developer Hub. Built on the open standard Trusted Data Format (TDF), the Virtru Developer Hub includes a software development kit (SDK), key management and access policies to help developers quickly deploy cryptographically-bound data protections that travel with the data.
The SDK helps developers quickly create TDFs and establish Attribute-Based Access Control (ABAC) to provide persistent protection and implement customized policies and rules. TDF is agentless and allows file locking, content expiration and access revocation for both structured and unstructured data. It can be invoked by users, administrators or as part of an automated process. Visit the Virtru Developer Hub to explore the demos or get started today.
With the Virtru Developer Hub, we aim to reduce the friction that often accompanies the translation of privacy requirements into engineering requirements and development. Developers can lean into these new technologies without any additional delay. TDF integrates across any architecture, from analytics engines to relational databases to workflow management, to secure data whether at rest or in motion. It is platform-agnostic and works with your existing architecture while securing data of any type and size. TDF further supports core tenets of privacy engineering, including least privileged access, differential privacy and regulatory compliance.
Building an Open Community
We are in the nascent stages of privacy engineering, and the best way to make significant gains is to learn from each other. Open communities provide endless opportunities for innovation and creativity. Along with the Virtru Developer Hub, we have created a Slack Channel to facilitate communication across the developer community to spark conversations and solutions for ongoing projects.
We hope to grow a developer community around the open standard TDF to push the envelope toward greater privacy-preserving innovations. We are excited to hear from developers tackling some of the toughest social and technical challenges. Whether pursuing greater data protection to comply with corporate mandates and regulatory regimes or seeking to empower individuals with greater control over their data, we hope to progress the privacy awakening and grow a community centered on exchanging ideas to expedite success and innovation. And to help kick off some inspiration, we are excited to announce our new privacy engineering challenge.
Enter the Privacy Engineering Challenge
The Privacy Engineering Challenge is designed to kick-off our efforts to:
- Advance the emerging field of privacy engineering;
- Build a community around privacy and security enhancing innovations; and,
- Drive to a common, open standard for data protection, and break the 30-year paradigm of vendor lock-in (ie, needing to trust a third party “to do the right thing”) while enabling seamless data portability, the right to be forgotten and default security.
We are soliciting solutions and novel applications of the Virtru Developer Hub, whether by an individual or a team, for personal or corporate application. Below are some additional details.
- Deadline: September 30, 2019
- Prizes: Three winners will be selected for a cash prize of $15,000 for first place, $10,000 for second place, and $5,000 for third place, or a donation in the same amounts to Code Nation or Girls Who Code.
- Criteria: Projects will be evaluated by a panel of judges based on:
- Innovation: Novel and creative applications of the Trusted Data Format advancing the field of Privacy Engineering.
- Reach: Positive influence for creating efficiencies and unlocking value through data sharing, as measured by potential financial or resource savings.
- Societal Impact: Applications of TDF that help protect data for at-risk communities, such as human rights activists or journalists, or with broad reach to help make privacy and security accessible for underserved communities.
To learn more about the challenge and to submit your project, visit the Privacy Engineering Challenge site. We look forward to your submissions!