Monday, October 20, 2014

The Price of Knowlegde in an Untrusted World

Before Edward Snowden revelations, most companies did not care to trust a high profile company with its own data. Trust was based on company's brand popularity. The price of Knowledge was low, since customers had virtually no concern about the information they gave to their service providers.

But Snowden teached us a very important lesson. That popularity of an online service was the main reason why a service should NOT be trusted, because most likely NSA was using every kind of hack possible to spy everyone at the price customer's privacy and security.

This event, even if rarely spoke by the general public, shifted the mind of businesses depending on cloud services and privacy for their operations. This event had a direct impact on the economic activity of cloud provider such as Microsoft, Apple, Google, Facebook, the breach of trust is not free for these companies.

Cloud providers tried to regain trust by encrypting data by default (https), even with the FBI whining about it. This might appease a little bit general consumers, but not the security expert, nor companies depending on them, encrypting the transfer means that data is always stored clearly into datacenters.

Snowden shifted the world from a trust model to a trustless model.
In other words, the price of knowledge for a service is no longer a function of the popularity of its brand. This mean that whatever the service, the more it needs to know, the highest the perceived price of the service will be.

The shift had a tremendous positive impact on what we call "Zero Knowledge" services, which are cloud services which does not need to know your data to provide their services.

The ironical thing is that "Zero Knowledge" is not only needed to protect customers from their service provider.
It is needed to protect service providers against hacker and their own government as well.

Remember when megaupload has been seized and destoyed ? The reason was that megaupload stored the data of its customer in clear, thus "knowing" the illicit data, which permitted a warrant against them.

Kim Dotcom counter attacked with Mega one year later, for the anniversary of megaupload's destruction. Mega can't be seized, because he does not know the data of the user, it is a "Zero Knowledge" service.
This was not done to protect customer, but to protect Kim Dotcom to have his company robbed again by his own government. Such company is more afraid by their own government than hackers, it bears the scares of a previous defeat.

The breach of trust impacted dropbox in favor of its zero knowledge counterpart SpiderOak.
It impacted our wire transfers, which break trading privacy, in favor of its zero knowledge counterpart Bitcoin.

Now, the price of knowedge is part of the price of any service company, it is no longer negligible.
Sadly enough, most company are forced by law to know about you, which is, from the economic point of view equivalent to a government price control.
This, in turn, gives advantage to peer to peer decentralized services, which are not subject to any regulation since it is not oversight by any company.

Knowledge is like a real currency whose price have gone dramatically up since the revelations.
The market shifted as a natural consequence from trusted company to zero knowledge services and peer to peer systems.
The biggest loosers of this story are companies that paid such high price to earn trust that is now worth nothing.
The biggest winners are the ones that don't need to know about you.

1 comment: