Dawn
SONG, A Berkeley computer-science professor
and MacArthur fellow, is a fan of cloud computing. She also thinks it needs a
major rethink. “The cloud and the internet have fundamentally changed our lives
mostly for good,” she says. “But they have serious problems with privacy and
security—users and companies lose control of their data.”
Outsourcing data storage and processing over the internet has given
companies new flexibility and consumers the power to hail rides, find dates,
and socialize from a slab of glass in their pocket. The same technologies have
also enabled data theft, corporate prying on our personal lives, and new forms
of election manipulation.
Song says her start up, Oasis Labs, can curtail some of those
problems with the help of block chains, the new form of cryptographically
secured record-keeping inspired by the digital currency bitcoin. Oasis
announced $45 million in funding this week, from a mixture of big Silicon
Valley VC funds and cryptocurrency investors. Song and one of her cofounders
have already tested some of their ideas by helping install new privacy
safeguards at Uber, the ride-hailing unicorn whoes troubled past includes
security incidents.
In 2014, Uber was rocked by allegations that executives and
employees spied on customer movements, using tools such as a map dubbed “God
View.” Two years later, the company settled with New York state’s attorney
general and promised to protect rider location data. Oasis grew in part from a
2017 project in which Song and two grad students, one of whom became a
cofounder of the Berkeley start up, helped Uber add a more sophisticated
privacy safety net.
The Berkeley researchers helped build and deploy an open source
tool that limits how much employees can learn about individual customers by
analysing rider data. It’s based on a technique called differential privacy,
designed to protect individuals’ identity even when data allegedly has been
anonymized. It’s also used by Apple to collect data from iPhones without
risking customer privacy. In Uber’s system, employees can query a database, for
example, to summarize recent rides in a particular area. Behind the scenes,
algorithms assess the risk that the request will leak information about
individuals, and they inject random noise into the data to neutralize that
risk. Ask about recent rides in a large city, and little or no noise will be
needed; ask the same for a specific location, say the White House, and much
more randomness will be added to obscure traces that might represent specific
individuals.
Uber’s differential privacy software doesn’t use a block chain, a
kind of digital records system guarded by cryptography that can limit and log
who makes changes or additions. Song says privacy and security systems can be
much stronger if they do. We must take Uber’s word that the company has
deployed its differential privacy system correctly, for example. Companies that
build privacy or security systems plugged into Oasis Labs’ block chain will be
able to provide cryptographic assurances to one another, or their customers,
that their systems are doing what was promised, says Song. She describes Oasis
Labs as trying to provide the security and privacy infrastructure that the
internet is lacking—and for which we are paying a price.
Oasis Labs’ platform can also host small programs, dubbed smart
contracts, which can mediate transactions between different people or
companies. That makes it similar to ethereum, the second most valuable
cryptocurrency system. But Oasis Labs’ block chain is specifically designed to
enable security applications and builds on Berkeley research that Song says
makes the system more scalable and practical than existing block chains.
Song says her company is talking with organizations in healthcare,
finance, and ecommerce hoping to make use of the Oasis platform when it fully
launches, probably next year. One large ecommerce company is interested in
building internal privacy controls like Uber’s, for example, and sharing more
supply chain data with partners while protecting commercially sensitive information.
Another project is building a way for health patients to donate medical data
for machine learning research. Oasis’ technology will be used to assure
patients that their data can’t be diverted for other uses. For the
ultra-paranoid, Oasis plans to integrate its software with an open source
security chip in development by Berkeley and MIT, similar to the chip that
underpins the iPhone’s security, to protect crucial smart contracts against
meddling.
Oasis Labs is launching at a time when block chain projects have
some credibility issues. The total value of all cryptocurrencies is estimated
at more than $250 billion, and venture investors sank more than $1 billion into
block chain start-ups last year, according to CB Insights. But cryptocurrencies
aren’t widely used and are blighted by scammers, thieves, and poor security.
Corporate block chain projects have delivered more hot air and hype than
practical technology.
Song says the hype around block chain and lurid adventures of some
devotees distract from a genuine opportunity to remake the fundamentals of how
computers serve us. “People shouldn’t throw the baby out with the bathwater,”
she says.
Christian Catalini, a professor at MIT Sloan School of Management,
says Song isn’t the only computer science deep thinker who feels that way.
“More talent from academia has been moving into the market," he says.
"It’s a new trend." Researchers from Johns Hopkins and MIT, for
example, are contributing to the development of ZCash, a cryptocurrency designed
to offer fully anonymous digital transactions, something Bitcoin does not. JP
Morgan is partnering with the project, saying anonymity could help companies
keep their finances more private. Last year professors from Cornell and North-western
launched a start-up called bloXroute Labs to make cryptocurrencies more
scalable, a problem that has plagued bitcoin and ethereum.