On the large scale, organizations with large databases for social use can merge their data, as hinted at in Chapter One of my online novel http://SocialTechNovel.SocialTechnology.ca/ and on a much smaller scale, individuals can merge data. In either case the data must be kept private and secure. Let us for the moment consider only those who have a computer and Internet connection, and look at individual merging of data. The hardest thing to do is keep technically savvy individuals from downloading large amounts of data, cracking whatever encryption it has, then using it to access to personal information about the users.
The problem is closely related the armaments race, as described by William L. Shirer in The Rise and Fall of the Third Reich. In this classic book, Shirer analyzed the activities of the German armaments firm of Krupp, then came up with a general rule. In the race between better armour and better guns, those who buy the guns will eventually win. Armour is expensive and always slightly out of date, and it is a sitting target. Between increases in the strength of armour, what has been installed is always vulnerable to better guns. Thus the idea of burying likely targets deep in hardened bunkers eventually lost out to the increases in the power and accuracy of nuclear weapons.
Does this apply in the computer age? Probably not. It is easy to switch from a 128 bit encryption key to a 256 bit key, but creating programs to crack a longer key is much harder. As is easier to see if the bits are regrouped, the number of possible candidates to be considered is grows rapidly with key length. Cracking an encrypted message is NP-Complete with respect to key length. Encoding and decoding increase only linearly with respect to key length. Encoded document length is also a linear function of key length. So the old rule about armour versus weapons does not apply in cryptography.
But practical social technology cannot depend on people typing in passwords for access to their own encrypted data. What is needed is something automatic. And that must depend on a mechanism for passing data along trusted connections. This is a hard problem to solve. It may be compared to the problem of keeping actual keys made out of steel or brass, for the houses of a neighbour or friend. “We have to go out of town, its an emergency. Please feed the cat. You have a key.” But a burglar who breaks into one house may then find a key to another, perhaps two or more others. He can then enter those houses, looking for other keys. There may be a whole network of people trusting only their friends or neighbours, all vulnerable to a single break-in. Information networks make the problem more severe, unless people use only difficult to guess passwords, which they have nevertheless memorized, never trusting that password to another person. That is not good enough.
This is not as difficult a problem as it might appear. What people want advanced social technology to do is make suggestions. How those suggestions originate is of less concern than the verification of them. A message-passing protocol can help. A message containing an encrypted trap-door encryption key can be passed along from one computer to another to another, at each step growing by the addition of routing information. The receiving machine can send back not just a return message but an encryped check message “You apparently passed along a message with this check-code. Can you verify that? This would give each computer a lot of extra work to do, but could make the system more reliable. In essence this would treat each communications channel as protected by armour, protected by encryption. Not only would the message would be encrypted, so would the channel. Cloaked in this armour the individual communications channels could resist attacks from outside.
I do not claim to be an expert on data privacy or security, but I feel the likelihood of sufficiently secure channels and messages is high. Thier encrypted armour may need to be increasing more powerful, but to break it would require a very disproportionate amount of decoding. More on the use of this in automated social technology Monday. Sunday is my father’s 90th birthday party, and I must be there. — dpw