Author Archives: jeanfrancoisraymond

About jeanfrancoisraymond

Management consultant helping leading organizations with their most complex technology, operations and risks/compliance related challenges. Specific areas of expertise include: shared services and outsourcing, cloud computing, project/program management, information security, IT strategy, etc.

Privacy enhancing technologies 10 years later

For my first post, i’d like to discuss privacy enhancing technologies.

When i was a fresh out of graduate school, i joined a start up called “zero-knowledge systems”. This being in the middle of the dot com boom, they had 300+ employees, great parties and essentially no revenues! Beyond the hype and fluff, we created truly innovative solutions to protect online privacy. Their main product was essentially a “mix-net” somewhat like “tor” that masked the users’ ip addresses. I was in what they called the “evil genius” team and working on future products. I was fortunate to work on privacy enhancing credentials based on the work of stefan brands. This technology is awesome (and now belongs to microsoft) it allowed one to show certificate properties without divulging anything else (even with collusion of the verifier and the certificate issuer) – this is highly counter-intuitive. Using these mathematical tricks, we could develop electronic cash that had properties that were almost identical to physical cash – it was impossible to determine who had owned the cash before the current transaction. This was very exciting stuff at the time.

Despite their amazing potential, these technologies have not really hit the main stream. Privacy seems to be the realm of lawyers and regulators nowadays. Back in 2000, we did not think things would evolve this way. The internet has changed since then with google, facebook, etc. however i persist to believe that privacy enhancing technologies can more easily solve many of the privacy issues we are dealing with today…

Perhaps, just like mobile payments that are just now starting to take off after being feasible for 10+ years, privacy enhancing technologies should be revisited… The business cases did not fly back then, perhaps they would today.

Looking forward to hearing your views. I also understand that there are huge variations in how people perceive privacy in different cultures. Perhaps a more fundamental question is whether in the age of facebook we even care strongly about privacy?

JF

Warning: my career has taken many twists and turns and i have not worked on this for several years and may not have the most up to date information.