Take back control of your personal data | Maria Dubovitskaya | TED Institute

[Music] $150 that's how much your name date of birth address email and phone number were worth roughly 10 years ago on a black market today according to the financial times your data is worth less than $1 see how cheap you're now why well because today we're more open towards sharing our personal information than ever before and even if a dollar is not that much to lose being impersonated and having for example a credit card or a mortgage opened on our name or your reputation being compromised will cost you much much more we often hear that

big data is the world's nearest natural resource that needs to be mined like gold and diamonds and I agree our data can offer all kinds of personalized services for the greater good but if big data is a natural resource then our personal data is its refined currency so why should we just freely give money away would you just throw your money out of the window every day it all comes back to control having control over who has our data and how it's being used in Switzerland where I live and in Europe at large data privacy

is a Hot Topic and it has been for the past 50 years for that reason around a decade ago the European commission funded a research project called Prime to develop a cryptographic technology that would enable Europeans to verify who they are online without sharing their personal information and let me repeat that because it sounds like a paradox enable people to verify who they are online without sharing their personal information think about how many times you log into different websites either revealing your personal data directly or letting them track your history and habits one day I

accounted for my myself it was like 25 logins to email social network shopping that's a lot of times we put ourselves out there and not only online in the US you often have to show your driver's license or some kind of proven identification to purchase alcohol if you look under 21 and actually in many places around the world even people who are 30 or 40 years old still have to show their ID well well I guess some people might see it as a compliment I do but when you show your driver's license to a cashier

or bartender think about how much private data you're just giving away the fact is you only need to prove that you're over 21 yet you're offering your full name address not to mention the full date month and year of your birth at data thieves dream but what if we could just mask all this information and have our ID card simply say she's older than 21 or the card is valid or simply yes with cryptography we can we call it the zero knowledge proof and just like it sounds you learn nothing about the details of that

person while still getting the proof to address the request so think about the famous Rubik's Cube how can I prove to you that I can s it without revealing my technique so with Rubik's Cube it's quite simple I just turn around solve the cube and give it back to you so now I just proved that I can solve Rubik's cube without revealing my technique but what about my age how can I prove to you that I'm old enough without revealing my date of birth well nowadays it's also quite simple over the past couple of years

we've been developing web services that can be easily used by the end users and service providers to enable privacy preserving authentication so how would that work in an online scenario well the first thing we need is an attribute or identity provider it can be a state Authority that issues ID cards or any other organization that already has the data and can certify it so for the zero knowledge proof to work they will need to issue you an electronic Identity or we call it a cryptographic credential that can sit on your mobile phone PC or even

in the cloud and this is crucial step because later when you use your credential you can't lie about how old you are or who you are and actually different kinds of electronic identities are available already more than 18 countries so next think about the service you want to access think about an online consultation with the doctor governmental social or tax services or better think about the services you don't want your children to access so think about all kinds of services that require some kind of verification websites that's alcohol or a d content or even a

movie service so let's say you'd like to watch a movie that's rated R so you need to prove that you're over 17 to watch it so in the past you would have to show your full credit card or full ID or your kids could just simply take the check box on the website without any verification but with our technology you can just simply log in to the website similar like you would do with a social network provider but in a much more privacy friendly way and then you'll be asked would you like to prove to

the movie service that you're older than 17 and if you confirm then the crypto will do all the magic transforming your full electronic identity into a fresh unlinkable proof that only reveals that you're 17 years old and nothing nothing else and it's very important that your ident identity provider does know about how you use your credentials because all this computation is done locally on your device and now only you have control of which data leaves your device and where it goes this is actually not only a win for the users but also for the service

providers because now the service provider just doesn't know anything about me other other than them old enough so if all this information gets hacked from there a service the hackers will get nothing of value and this actually save service providers from a potential PR nightmare not to mention the financial damages according to ponymon an independent security Institute a damage from a lost to stolen record containing personal confidential information is around $150 which is fine if you have like just five clients but for a company with a 100,000 clients it's a 15 million penalty well sounds

like magic and seems complicated well it was when it was just invented 15 years ago but a few months ago we've changed this we put the code in the cloud and on mobile devices and now the application developers can just simply copy and paste the code into their apps and they're privacy friendly in seconds so what does this mean for the future well obviously these data Le hacks and identity thefts that we read about regularly will no longer be headline use but now you might be thinking Maria your technology sounds really great but my data

is already out there so I'm an open book but cryptography can change this we can start sharing our data more carefully with people and services and putting less data to a fewer places will reduce the risk actually we all change our phones phone numbers and credit card numbers even our habits and hobbies so moving forward we can get back the full control money is not everything and I think that our personal data is much more than just a currency with the Privacy preserving Technologies we can get back the control and actually value our personal data

properly so let's make the internet a safer place thank you [Applause]