Posts Tagged ‘crypto’

Facebook, the Control Revolution, and the Failure of Applied Modern Cryptography

14 Jan

In the late 1990s and early 2000s, it was widely assumed by most tech writers and thinkers, myself included, that the Internet was a “Control Revolution” (to use the words of Andrew Shapiro, author of a book with that very title in 1999). The Internet was going to put people in control, to enable buyers to work directly with sellers, to cut out the middle man. Why? Because the Internet makes communication and commerce vastly more efficient, obviating the need for a middle man to connect us.

Fast forward to 2011, and the world is vastly more centralized than it ever was. Almost everyone’s most intimate conversations are held by four companies. And one company knows basically everything about everyone under 25.

How did we get so giddy about the Internet that we didn’t see this coming? We missed an important detail: communication and commerce became vastly more efficient for everyone, including the would-be middle-men, the would be mediators. The Internet enabled economies of scale never before imagined. So while it is possible to host your own email server, it’s a lot easier to use gmail. While it’s possible to host your own web page, post your updates to your blog, subscribe to your friends’ RSS feeds hosted at different blogs, it’s a heck of a lot easier to use Facebook. The Internet put the 1990s middle-men out of business then enabled a new breed of data mediators that provide incredibly valuable services no individual user can dream of performing on their own: apply massively parallel facial recognition to billions of photos to find that one picture of you and your best friend’s grandmother, do deep graph analysis to find your long-lost friends and suggest you connect with them, learn how to filter spam messages so efficiently (thanks to training by billions of messages received on behalf of millions of users) that the spam wars are effectively over.

The Internet has been vastly more empowering to mediators than to individuals. And so we have, in fact, a Control Revolution of a very different nature: one company, namely Facebook, is effectively shaping the future of social interactions, what’s acceptable and what’s frowned upon, what’s private and what’s not.

I say this without any value judgment, purely as an observation. Facebook is making the rules, and when the rules change in Palo Alto, 550 million people follow.

The Failure of Applied Modern Cryptography

Cryptography in the 1980s was about secrecy, military codes, etc. I’m not talking about that.

Modern Cryptography is about individuals achieving a common goal without fully trusting one another. Think of a secret-bid auction. Or an election. Or two people discovering which friends they have in common without revealing the friends they don’t have in common. In all of these cases, people come together to accomplish a common result, but they cannot fully trust one another since their incentives are not perfectly aligned: I want to win the auction by bidding only one dollar more than you, Alice wants her candidate to beat yours, and Bob would like to find out which movie stars you’re friends with even though he knows none.

Modern cryptography teaches us how to accomplish these tasks without ever trusting a third party. That’s hard to imagine if you’re not steeped in the field. But that’s what modern cryptography does: take an interaction that is easily imaginable with the help of a trusted third party that deals with each individual, and replace the trusted third-party with a beautiful mathematical dance that achieves the same end-goal. No centralization of data in one big database, no trusted dealer/counter/connector, just individuals exchanging coded messages in a particular order and obtaining a trustworthy result. Cryptographers call this secure multi-party computation.

Modern Cryptography would, if properly implemented, give us all the functionality of Facebook without the aggregation of everyone’s data in a single data center. And we couldn’t be further from this world if we tried! We are headed for a world of increased data centralization and increased reliance on trusted third parties. Because they’re vastly more efficient, have economies of scale that allow them to provide features we didn’t dream of just a few years ago, and of course because the economic incentives of becoming that trusted third party are staggering.

As a privacy advocate, and again without value judgment, I can’t imagine a more surprising consequence of a technology that was meant to empower the little guy. It is, in a word, shocking.