Dawn SONG, A Berkeley computer-science professor and MacArthur fellow, is a fan of cloud computing. She also thinks it needs a major rethink. “The cloud and the internet have fundamentally changed our lives mostly for good,” she says. “But they have serious problems with privacy and security—users and companies lose control of their data.”
Outsourcing data storage and processing over the internet has given companies new flexibility and consumers the power to hail rides, find dates, and socialize from a slab of glass in their pocket. The same technologies have also enabled data theft, corporate prying on our personal lives, and new forms of election manipulation.
Song says her start up, Oasis Labs, can curtail some of those problems with the help of block chains, the new form of cryptographically secured record-keeping inspired by the digital currency bitcoin. Oasis announced $45 million in funding this week, from a mixture of big Silicon Valley VC funds and cryptocurrency investors. Song and one of her cofounders have already tested some of their ideas by helping install new privacy safeguards at Uber, the ride-hailing unicorn whoes troubled past includes security incidents.
In 2014, Uber was rocked by allegations that executives and employees spied on customer movements, using tools such as a map dubbed “God View.” Two years later, the company settled with New York state’s attorney general and promised to protect rider location data. Oasis grew in part from a 2017 project in which Song and two grad students, one of whom became a cofounder of the Berkeley start up, helped Uber add a more sophisticated privacy safety net.
The Berkeley researchers helped build and deploy an open source tool that limits how much employees can learn about individual customers by analysing rider data. It’s based on a technique called differential privacy, designed to protect individuals’ identity even when data allegedly has been anonymized. It’s also used by Apple to collect data from iPhones without risking customer privacy. In Uber’s system, employees can query a database, for example, to summarize recent rides in a particular area. Behind the scenes, algorithms assess the risk that the request will leak information about individuals, and they inject random noise into the data to neutralize that risk. Ask about recent rides in a large city, and little or no noise will be needed; ask the same for a specific location, say the White House, and much more randomness will be added to obscure traces that might represent specific individuals.
Uber’s differential privacy software doesn’t use a block chain, a kind of digital records system guarded by cryptography that can limit and log who makes changes or additions. Song says privacy and security systems can be much stronger if they do. We must take Uber’s word that the company has deployed its differential privacy system correctly, for example. Companies that build privacy or security systems plugged into Oasis Labs’ block chain will be able to provide cryptographic assurances to one another, or their customers, that their systems are doing what was promised, says Song. She describes Oasis Labs as trying to provide the security and privacy infrastructure that the internet is lacking—and for which we are paying a price.
Oasis Labs’ platform can also host small programs, dubbed smart contracts, which can mediate transactions between different people or companies. That makes it similar to ethereum, the second most valuable cryptocurrency system. But Oasis Labs’ block chain is specifically designed to enable security applications and builds on Berkeley research that Song says makes the system more scalable and practical than existing block chains.
Song says her company is talking with organizations in healthcare, finance, and ecommerce hoping to make use of the Oasis platform when it fully launches, probably next year. One large ecommerce company is interested in building internal privacy controls like Uber’s, for example, and sharing more supply chain data with partners while protecting commercially sensitive information. Another project is building a way for health patients to donate medical data for machine learning research. Oasis’ technology will be used to assure patients that their data can’t be diverted for other uses. For the ultra-paranoid, Oasis plans to integrate its software with an open source security chip in development by Berkeley and MIT, similar to the chip that underpins the iPhone’s security, to protect crucial smart contracts against meddling.
Oasis Labs is launching at a time when block chain projects have some credibility issues. The total value of all cryptocurrencies is estimated at more than $250 billion, and venture investors sank more than $1 billion into block chain start-ups last year, according to CB Insights. But cryptocurrencies aren’t widely used and are blighted by scammers, thieves, and poor security. Corporate block chain projects have delivered more hot air and hype than practical technology.
Song says the hype around block chain and lurid adventures of some devotees distract from a genuine opportunity to remake the fundamentals of how computers serve us. “People shouldn’t throw the baby out with the bathwater,” she says.
Christian Catalini, a professor at MIT Sloan School of Management, says Song isn’t the only computer science deep thinker who feels that way. “More talent from academia has been moving into the market," he says. "It’s a new trend." Researchers from Johns Hopkins and MIT, for example, are contributing to the development of ZCash, a cryptocurrency designed to offer fully anonymous digital transactions, something Bitcoin does not. JP Morgan is partnering with the project, saying anonymity could help companies keep their finances more private. Last year professors from Cornell and North-western launched a start-up called bloXroute Labs to make cryptocurrencies more scalable, a problem that has plagued bitcoin and ethereum.Catalini believes the profs rubbing elbow patches with block chain fanatics could help realize more of the young industry’s dreams. Still, with funded projects ranging from efforts to offer better marine insurance to “cryptoassets” claimed to fight climate change, probably not all will work. “The vast majority of these projects will fail,” Catalini guesses. “But in phases of extreme technological experimentation, people explore in many different directions, and that’s good for society in the long run.”