A Darpa Director on Fully Homomorphic Encryption (or One Way the U.S. Could Collect Data)Dan Kaufman, a director at the Defense Advanced Research Projects Agency, or Darpa, knows he isn’t the most popular man at this year’s South by Southwest technology conference.
Kaufman, the head of Darpa’s software-innovation group, says it is hard to ignore the blowback. There are already concerns that the NSA controversy will make it harder for the government to recruit and retain top engineers. Kaufman’s team right now is focused on building the next generation of big data and security software — areas that are core to concerns about privacy.
But Kaufman, a former Silicon Valley lawyer and past operating chief at DreamWorks Interactive, is also optimistic. He believes that if anyone is going to build a post-Snowden world that can better balance privacy concerns with the increasing power of software, it may as well be Darpa.
WSJD caught up with Kaufman at the conference to talk about data and privacy. Questions and answers were edited for clarity.
Kaufman: It does. It’s an interesting question. I’m more interested in looking forward. We have this weird dichotomy in the world, on the one hand, we know all the benefits we can get from big data, whether that’s making the nation more secure or finding drug interactions. And then on the other hand there’s privacy. I don’t want people reading my emails either. So, I think we have the wrong paradigm. It’s like there’s a slider on one side — collect all the data — and on the other side there’s privacy, and they [people] want to know where’s the magic spot on the slider. I will tell you there’s no happy spot on that slider and you’ll be miserable chasing it.
Imagine a different future. Imagine a future that says: OK, I have to collect everything for big data to work because if I knew what wasn’t relevant it wouldn’t be big data. But I don’t want the government to just willy-nilly look through my emails — that feels creepy. But imagine if we could do the following things — there’s a math theory out there called fully homomorphic encryption.
WSJD: Fully homomorphic encryption — that’s not a household term. Can you explain what that is?
Kaufman: Here’s the deal. The way [standard] encryption works is: I take a piece of data, I encrypt it, I send it down the wire to you. Then, you decrypt it, perform some function on it, re-encrypt it and send it back to me. But once you decrypt it someone else could see it or steal it. So, this guy Craig Gentry from Stanford University — he’s now at IBM– showed that you could you do a fully homomorphic encryption. The idea is: take a piece of data, encrypt it, send it down the wire, never decrypt it, still perform the function on it and still send it down the wire.
It sounds crazy, except he showed you can do it; he did a mathematical proof showing that you can do it. It’s way too slow today, but Darpa is trying to speed it up.
WSJD: So how would this work? How could this help the government and quiet privacy watchdogs?
Kaufman: You could imagine the following: Government, agency, whoever you want, you can collect this data but only in the encrypted form and it must stay encrypted. Now, let’s say you believe there is a bad guy hiding somewhere in this encrypted data. So, I come up with a bunch of search terms — we would say vectors in math space, like 27 vectors. I could then go to a court and say I think these are reasonable and a court could say, “yeah that looks reasonable.”
So I put the search into the engine, but what’s cool is since the data is never decrypted no one ever sees it, all that comes out is a number. How many people meet that criteria, let’s say it came out as 200,000. Well that’s too big. So I refine my search, I add another 40 vectors and the court says OK take a look at that. I plug it in, 12 people come up. Well that feels more reasonable.
You go back to the FISA court, and say O.K. guys, we have 12 — are you comfortable with that? Then I say, it’s like the old movies, I picture FISA putting in a key, and then the agency putting in a key and they both turn it. And that point, for the first time, and only then, are those 12 now revealed.
And now of course we have to have conversations about what can you do with the 12 and for how long, but at least we can start to imagine a future that lets us live within big data.
WSJD: But how do you get people to trust this software?
Kaufman: I would want to make this algorithm public. I would let the public bang on it for years. So we all as a society say: yeah OK, that all seems to work.