Posted on May 30, 2019 by staff

Who will protect user privacy?


Following one of the most interesting years in data privacy both Apple CEO Tim Cook and Facebook CEO Mark Zuckerberg came forward within a week of each other with opposing views on safeguarding our data.

At the recent TIME 100 Summit Tim Cook called for more government regulation to protect privacy then a few days later during Facebook’s annual developer conference the mantra was ‘the future is privacy’ with promises to encrypt private conversations so that “hackers, governments or even us” cannot read them suggesting that technology will be enough.

This comes at a time when it was also announced that third parties will be able to take payments while they deliver personalised ecommerce services on Instagram and WhatsApp. As companies like Facebook and their growing number of partners continue to nudge closer to our most valuable data new technologies are being developed to protect user privacy but will this be enough?

Encrypting and tokenizing data has been used for years and doesn’t only rely on pass codes and firewalls to keep our data safe on mission critical processes such as electronic payments. Tokenization service providers send card details to and from third parties who can action payments without them ever being able to see this information.

A more recent privacy breakthrough has been INGs new Zero Knowledge Proof release. This enables users to prove things about themselves such as age, salary and citizenship without revealing contextual details. In other words a person could prove to a third party that they are above 18, earn a salary within set parameters and that they live in the EU without sending their date of birth, address and exact income.

EY and JP Morgan have also recently run pilots using Zero Knowledge Proof applications though ING’s newest release has significantly increased data speeds which has until now been an inherent problem with this new technology.

Leading engineer and technologist Adrian Hesketh from Infinity Works explains: “Zero Knowledge Proof systems, if implemented correctly, could have the potential to solve the issue of website operators validating partial data while retaining the anonymity of a user. The use of Ethereum means that users of the system can fund it, but it is also possible that commercial organisations such as Facebook, Google and other identity providers would fund the creation and operation of Zero Knowledge Proof systems to further cement their positions as identity brokers.”

New ways of using encryption can enable current privacy laws to be more effective and easier for companies to stay in compliance. Facebook’s end-to-end encrypted messages could extended to more of our data being invisible to them while still using it effectively. Zero Knowledge Proof is just one example of how organisations can deliver services to users based on their personal data but without being able to read it.

This has the potential to increase waning consumer confidence when opting in to use services that have usually relied on direct access to personal data. As more products come onto the market that offer higher levels of personalisation, encrypted systems like ZKP will be a big differentiator to customers in times to come.