Everything nowadays runs in “the cloud”: applications, software infrastructure, and data. Not only applications data — but your personal data as well. These precepts are top of mind for most teams building tools for a better future.
At the same time, not a week passes by without reading news of a new data breach. Scaringly enough — some apps store your passport/ID photos, credit cards, and more — so yes, a data breach is a reason to be alarmed. While some might think that if they are not involved in illicit activities, their privacy should not matter, it actually concerns us all and the problem is much more complex.
We are the only ones who care about our own privacy and should request this protection from service providers. Within corporations, a data breach can be disastrous for the consumers, however, not so much for the business. For example, the Equifax data breach:
“On Sept. 7, 2017, Equifax revealed that months-long illegitimate access to its credit-report databases had led to the breach of personally identifiable information of over 143 million people, nearly all in the U.S. The total number grew through March 2018 to over 148 million affected. The company waited six weeks to disclose the breach. Records varyingly included credit-card, driver’s license, and Social Security numbers, date of birth, phone numbers, and email addresses.”
You might think that such a sordid event that exposed such a high number of records and made those affected completely vulnerable to identity and credit abuse, would at least have pushed new laws and methods to protect data at all costs. But the outcome of this was underwhelming, to say the least. In some places, laws are being updated to protect citizens, but these efforts are not enough. Criminals and corporations don’t care about penalties, or whether Mark Zuckerberg’s up in the Courts again for misusing, spying and selling the data of millions of people worldwide.
But these are not isolated events. Only in 2018, people have been victims of 1,293 total data breaches, compromising more than 174 million records, in companies such as FedEX, the sportswear brands Adidas and Under Armour, Saks Fifth Avenue, crypto exchanges such as Bithumb, Ticketmaster, Air Canada, T-Mobile, and the list goes on…
In the face of this evidence, we can’t remain ignorant to the fact that we need tools to protect existing software, and new software built, with the consumer in mind, to combat decades of abuse. We need tools built by technologists who know the bells and whistles behind cyber attacks, who understand how valuable it is to have secure hardware, who value their users with their data and dedicate their practices to this.
There are solutions to this. Enclave-based computing is one of them. The enclave protects the data, ensuring its integrity and confidentiality. When the data is computed within an enclave, it does not matter if the host is compromised. SGX by Intel is the most advanced enclave technology to date providing a complete solution to this problem. However, enclaves are far from perfect — they are very difficult to use. We need tools that are “transparent” to the end user, that won’t require strenuous overhead for the developers trying to adopt them. This is why Golem, as a part of Graphene workgroup, got involved in building a framework to support using SGX seamlessly, a framework which would enable implementation of enclave-based computing everywhere at a minimal cost.
If we achieve these goals, we can unlock the potential of enclave-based computing and build exactly what people need to prevent these breaches. Then your role will be to request this protection from service providers.
However, building Graphene is no easy task. It requires the coordination of many people involved in the project, and hence it is the first of its kind — has never been built before — it requires a lot of technical knowledge and involvement of top quality engineers. If you are one — join us in the project!. On the bright side, it can improve the lives of millions of people.
What’s in it for Golem (apart from fame and glory ;)?
As mentioned before, ensuring data integrity and confidentiality are priorities for us. We cannot build a reliable Golem network without these. When Golem scales, millions of CPUs and GPUs all over the world will be connected p2p and will run computations for each other. We need to be sure that such computations will not be affected or tampered by the host (who computes the task).
For instance, if you are a neurosurgeon, you need to render MRIs to be able to see the ailments of your patients. For this, you need a lot of computational power. Doing it on your own laptop takes longer and using the cloud provider and not always secure. Using Graphene to verify the results and make sure the data is secure will help a lot. You need to be sure that the brain scan is accurate and that the rendered images were not subject to exploits. No matter whether you are a neurosurgeon, a corporation processing millions of IDs, or a movie animating artist — privacy and uncompromised data is part of your most important rights.
For Golem, it is a core goal to build tools allowing to make sure your data and subsequent work are not compromised, and SGX/Graphene is a key component for these efforts.
In the cyber world, the key to data security and integrity is to mitigate the surface of attack to the barest minimum possible. Our answer to that is SGX/Graphene couple. Attackers will always try their hand, but if developers worldwide stay up to date with the latest technologies, the collective effort of building and adopting Graphene can have extremely positive effects on attacks mitigation.
We are committed to build Graphene and generate an adoption funnel via its seamless usability. End users need to be aware of the dangers they are exposed to in order to raise awareness and reach the developers whose apps could benefit from privacy-preserving tools as Graphene.