Data Security The Platform

Corporate Surveillance, Privacy Policies, & The Need for Encrypted Analytics 

The OmniIndex team has been in Germany for the last few days talking to the incredibly diverse array of companies, customers, and tech enthusiasts at IFA Berlin – ‘the world’s most significant technology event’. One of the biggest topics has been around individual privacy and why users should trust any company with their private and personal data. 

As a data storage and analytics platform that has no access to a user’s stored content, this is the sort of question we love! However, it is also a question being asked throughout Hall 27 – IFA’s showcase of the next generation of startups. After all, why should anyone trust a new and potentially unproven company, however innovative and impressive, with their private data? 

From sportstech tracking your fitness stats to help you get a personal best, to smart home devices making life easier in every room of your home, data is constantly being collected about you. And while companies may promise not to sell that personal information to third-parties, they still use it to help optimize the next generation of their products and services. 

The reason this matters is that this data has been proven to be vulnerable. Indeed, according to reports, over 70% of German organizations have suffered at least one successful cyber attack in the previous 12 months, while as many as one in three Americans have their data breached each year. And while it is the larger incidents that make the headlines, nearly 50% of attacks are targeted at startups and smaller organizations. 

Statistics like these and the need for a more secure data storage and analytics platform based on today’s tech as opposed to yesterday’s is the reason why OmniIndex was founded. However, what is alarming is how many new products and organizations are still being built on infrastructure that is proven to be at risk. OmniIndex CEO Simon Bain discussed this in the build-up to IFA in Startups Magazine, saying:

“However good your new product is, it will fail if it’s using outdated and vulnerable infrastructure. This is because consumers are getting fed up with companies putting their data at risk.” 

However, the difficulty for start-ups and other organizations is that one of the easiest and most profitable ways to improve a product or service is to analyze user data. Indeed, this access and use of your data is a core piece of most company’s privacy policies. And while there may be a general principle in place to not sell any of this data to a third-party, the data is still shared with third-parties in pursuit of the stated goals of enhancement and testing. 

And this is where things come back to that initial question: why should anyone trust a new and potentially unproven company (or indeed any company) with this personal data? 

In many instances, including the previously mentioned health/fitness tech and smart home devices, much of this information comes from people’s daily personal lives, habits, and activities – both in the real world, and the digital. While this information could be used positively and in a secure and private way, there are issued with it being misused. For example, the UNESCO Inclusive Policy Lab have long had deep concerns about the Internet of Things (IoT) and how the data collected by these devices can be used:

IoT devices can be used by various entities to colonize and obtain access to people’s homes and bodies while potentially decreasing their anonymity. This possible corporate colonization and surveillance may limit individuals’ ability to determine what happens to their information and may decrease their ability to shield themselves, their emotions and their daily activities from various actors.

This has been further shown recently with the rise of AI and third-party AI in these apps and services. This is because in a majority of cases the queries or outputs of AI chatbots and tools are stored and used as part of future product enhancement and testing. In other words, our information is passing through even more hands. 

What is really important to remember, however, is that this in itself is not a bad thing. 

We all want the best possible product and service and we know that optimization through feedback and testing is a crucial part of this. We just need to know that the company (including the additional third-party companies who are being sent our information) can be trusted to keep that data safe and private. 

So, how can we make sure that this is the case?

There is pre-existing technology in place to anonymize the personal information about a customer and user. For example data masking techniques create a structurally similar but inauthentic version of the data in order to have a functioning substitute for occasions when the real data is not required or is too personal. Data can also be processed with redactions of the private information or through anonymization processes where the original data is stored and then assigned an identifier so details like the user’s name are not known by those analyzing it. 

In all these instances there is more security and privacy being used than none alone and this is to be applauded. However, the private information still needs to be used in order for these processes to happen and the original data is still stored somewhere – even if only temporarily. And as was said at the start of this article, this data has been proven to be vulnerable to attack with ransomware and cybercrime on the rise. 

The best system for protecting this personal information, therefore, is to never expose it at all. Not while stored, processed, or analyzed. 

To achieve this, a company needs to encrypt the data at all times with keys that no researcher or third-party can decrypt while still being able to extract the required information by analyzing the encrypted data as though it was decrypted. This means that a user can gain insights such as what percentage of homes use a home hub as part of their morning routine, without ever being able to know which homes are doing this because that information is encrypted with AES-256 encryption that’s proven to be virtually uncrackable through brute force attacks. 

This is what OmniIndex’s Web3 Data Platform can do – as well as protecting that information from attack through the decentralized blockchain storage and security procedures in place including established corporate methods, and a dedicated narrow AI engine. 

In other words, a company can get the test data they need to optimize their products, while the customer can trust that the data collected will never be exposed as nobody processing, analyzing, or using it in any way can ever actually read it.