If work and personal culture are to truly flourish online, then our digital spaces need to have the same assurances of privacy and security we can expect in our offline lives. Centralized companies and databases have proven at best inadequate on this score – and some have been seriously detrimental. But the decentralized tech being built and adopted today presents a better alternative.
Remote work requires a set of tools for communication, information sharing and project management, but we are already seeing the dire consequences of these tools in regard to individual privacy and organizational security – which are overlapping sets. On the one hand, the most popular online platforms for video conferencing, data sharing and project management, like Zoom and Slack, have proven themselves shockingly insecure, with fresh vulnerabilities surfacing in the wake of each new patch or “feature.”
David Chaum is a legendary cryptography, privacy advocate and founder of xx network. This article is part of Culture Week, which explores how crypto is changing media and entertainment.
On the other hand, large-scale breaches of databases maintained by corporations and government agencies were already becoming ever more frequent well before the e-commerce explosion of the last 20 months. As long ago as 2017, someone in America would experience identity theft every two seconds.
The list of organizations that experienced significant breaches in 2019-20 is staggering. Microsoft was breached twice, Facebook thrice and hackers gained access to 1 billion records kept by Oracle-owned web-tracking giant BlueKai. Elsewhere in the private sector, LabCorp, Princess Cruises, GoDaddy and Nintendo were all hacked, while countless public agencies – including the U.S. Defense Information Systems Agency – have also been targeted. And that’s just the U.S. All in all, since 2019 over 16 billion records on individuals have been exposed in breaches worldwide – that we know about.
Much harder to track, because organizations are understandably reluctant to disclose them, are the security breaches due to corporate espionage, exposing proprietary information ranging from chemical formulae, software code and production process details to strategic analyses, business plans and HR issues. The same is true of government agencies – including, recently, the FBI.
As more and more intra-organizational communication happens over the internet and cellular networks rather than through firewalled internal systems, all these risks will continue to grow.
Back in the 1980s, as the internet was getting off the ground, a few people, myself included, saw some of this coming. We anticipated the compilation of huge databases on individuals that could be linked by universal identifiers like social insurance numbers, the vulnerability of internet traffic to hacking and the dangers of ultra-centralized information systems generally.
One thing even fewer of us knew at the time was that the internet was designed to be insecure. When Vinton Cerf of Bell Labs proposed to add cryptographic security to the packet headers of the original TCP/IP protocol he co-designed, the Defense Advanced Research Projects Agency (DARPA, a publicly-funded research and development hub) forbade him to do so. It required a more secure header design for their own communications.
Nor did we clearly foresee that hyper-detailed information about individuals would become the star commodity of the Internet Age. Gathered first by credit companies and later by websites, search engines and social media companies, this personal information is not only sold to advertisers and political groups but also provided on demand to government agencies like the National Security Agency (NSA) and FBI – and of course leaked to bad actors of all kinds via hacking and human error.
We’ve already seen many attempts to patch vulnerabilities in the existing global informational ecosystem fail, and given the growth of online life and work, this is bound to continue. But even among these troubling truths, there is good news. The technical means exist to go beyond patching, which is the informational equivalent of installing carbon-capture systems on new fossil-fuel combustion in the age of runaway global warming.
See also: How FinCEN Became a Honeypot for Sensitive Personal Data
What if your emails and all other messaging could not only be end-to-end encrypted but protected from the gathering of metadata about who you communicate with and when? What if you could make digital cash payments in complete anonymity but could always, inalienably, reveal the identity of the payee?
What if blockchain-based, democratically managed networks could reach quantum-secure consensus in fractions of a second, allowing decentralization, including dapps (decentralized apps), to go truly global? What if the core business model of the Big Tech companies became within a few years as archaic as broadcast TV? The technologies to bring this new digital world are here and are being implemented, right now.
If “Web 3″ is to be more than a catchphrase associated with the vaporware of the “metaverse” and the efforts of certain large companies to rebrand themselves in the wake of scandal after scandal, it must mean real decentralization on a global scale. And that in turn means rebuilding the internet from the ground up. Web 3 must be built on the foundation of Web 2 – truly decentralized, truly protective of individual privacy and freedom, truly quantum-secure and truly democratically run. Let’s do it.