Data Security & Privacy Challenges

Firstly, there’s the enterprise case where you have a web two style application where you register and you log on and you enter in your details, and all those details are kept in a database somewhere that’s hopefully secure, but almost inevitably, that database is not encrypted. It’s just hard to make the existing technology work with that.

So the administrators of that company can always access that data, which is often fine, like these are trustworthy people. But it also means that anyone else who gets access to that server can access that.

And even with the best intentions, mistakes happen and acts happen, as we’ve seen in a lot of cases. And it’s sort of become apparent that it’s not always just people playing fast and loose with security measures.

There are real security problems that people didn’t anticipate. That means these things leak out.

So our alternative is that that data is never on their servers. It’s just kept in the person’s personal data store.

And then when that application needs access to it, it sends a request and it’s sent across, remains in memory on the application, and then is removed when it’s gone. Another case is blockchain type applications, where if you’re doing a DeFi app or something and you need to do KYC, your customer type, certificates or credentials, however you call it, you don’t want to put someone’s real name and address and photos, driver’s license details on the blockchain where they’re permanently and publicly available.

And even in encrypted form, it’s just one key leak in last pass breach or whatever to get access to that. Or worse.

With quantum cryptography progress, maybe people will be able to decrypt that in ten years time and it’s there permanently. There’s no way to remove that.

Those blockchains are getting backed up now. So something you put there now, 1020 years time, is going to be able to be decrypted if technology improves.

So instead what we do is we have technology that allows a person to put a mathematical proof on the blockchain to say that our Freeda data store has that detail and is available to authorities if needed, and how to get it. And that remains encrypted and it’s not decrypted until the company says that, yes, it’s an authorized investigation that needs access to that.