Add to collection(s) Add to saved
  1. Arts & Humanities
  2. Communications
  3. Marketing

Document 17848794

advertisement 
>>: All right, so we're going to get started for the second panel. So the theme of the panel is on the
business case for MPC. So we have a few panelists this time. We have Javier Salido from Trustworthy
Computing at Microsoft. We have Vlad Kolesnikov from Bell Labs and Florian Kerschbaum from SAP. So
yeah, so the theme of this panel is going to be the business case for MPC. So we want to kind of, get a
sense of what are the killer apps for MPC and where are we headed with this technology? And so I
guess, yeah, I'll get started with a question.
The first question is probably the most obvious question, which David talked a little about today, which
is: What are the killer applications for MPC? [laughter] If you don't know what the killer application is,
what characteristics, or what the future is okay.
>>: I don't have the final answer for the question, but so I have been trying to popularize secure
computation, MPC, in SAP for now almost seven, eight years. And differently from what David said,
where he said that you need to have a new application, I don't think that that's necessarily case. So in
the beginning it was very much like we're not going to pay for any security or privacy. This is not -- not
high on our list. They're not going to pay for this. And with the wider adoption of cloud computing, this
actually changed. So the providers, they very much feel the need, I think, the business sectors -- I hope I
don't have to explain who SAP is. We're selling to companies, and they're very reluctant to put their
data into the cloud because they suddenly get worried they're dependent on the cloud provider. That
makes them very much afraid, and the cloud provider is losing lots and lots of business because people
say, well, you know, I already gave you this data, and now, if I give you this data also, that would really
endanger me, be a liability for me. That's endangering me; I can't do that, so you're not getting it. And
they're looking for solutions to that and there are actually quite a number of successful security startups
which provide more or less less-secure, ad hoc solutions to these kind of things and they're doing very
well. At some point in time if you go -- if you had this discussion today, we need PH-L user applications
to go lower than that. If you do to more than one, you have to actually have two keys, and if you have
two keys, you rule out more or less a lot of [indiscernible] solutions, and then you're back to secure
computation. So there is a perm -- I think there is still a long way to go. But I do think that -- let me say
like this: LK always has this picture where he says, you know, you have some technology and it's
continuously improving, but the barrier it has to cross is also increasing. So actually you never actually
make the threshold, and the threshold will always stay below. So what you actually have to have is you
have to make a big jump to a complete different kind of viewpoint in order to make it. So I'm at the
point of time where I say if secure computation doesn't the make it with cloud computing, it's not
looking particularly good.
>>: So like Seny mentioned, I work in the Trustworthy Computing group. I have to say that I'm coming
at this from a slightly different angle on two counts. The first one is I don't focus on security; I focus on
privacy. And as you're probably aware of, privacy is a land that so far has been relegated to lawyers. I'm
not a lawyer. I have to get that out. The second thing is I'm not a researcher. My background has been
mostly in consulting services out there with large enterprise customers, so those two factors have
colored my view of MPC. If we ask the question what are the killer applications? I find it very, very hard
to come up with a clear-cut answer, and I believe that to understand why that is the case, we need to
understand who are the competitors of MPC. And the competitors of MPC might surprise you or it
might not, but the competitors are lawyers. Why? Because the majority of companies out there think
they don't have a problem. Either we don't have a security problem or we're not willing to invest in our
security problem or we are covered. And when I say "we," I'm talking about any company out there.
We are covered by what our lawyers tell us. You have to that I when we talk about laws, regulators tend
to legislate towards objectives. There is what we want to happen as opposed to this is how it has to
happen. And when you do that, then you start seeing in laws this language that talks about best efforts
or reasonable efforts. And once you get into a courtroom, almost anything can look like a best effort or
a reasonable effort. TPH-PS have been outlandishly careless, and lawyers focus on that, so companies
believe, really believe, that they don't have a problem, and because they believe that they don't have a
problem when it comes to securing privacy, then they don't pay as much attention to this type of
technology. What this shows is that probably and in our experience, is focusing on other benefits of
MPC, namely, economic benefits, efficiency benefits, that's what I think is going to turn the table around
for MPC. And yes, oh, by the way, there are significant security and privacy benefits to go with that. But
cases in which just the security and privacy will be able to justify the investment in MPC -- I'm not saying
that there aren't any out there; I'm saying it's going to be very, very hard to find them.
>>: So I wanted to mention one application that I saw that seemed people seemed to be interested in.
It's not clear how good it is, and that's web-based e-mail. So I saw that it was in the -- internally at the
company level valued, and therefore, there were discussions about this. And so if you have a web-based
server and then you encrypt your data, so you get encrypted e-mail, and then they can search for it and
get you whatever you want, but it's all encrypted over there. So the solutions that people use are auto
preserving encryption, and that doesn't really give a good privacy guarantee in this setting, but if it can
be done properly, then that could be something, something, a killer app maybe.
>>: -- people use gmail and they don't care.
>>: So that's even worse, right.
>>: Some people care. I mean, in Brazil, we're pretty much money ->>: So there is a company e-mail and a personal e-mail. People don't care or they trust.
>>: Columbia just moved to gmail. The whole Columbia University moved to.
>>: Well they don't value their IP or their research. I don't know. [laughter] So this example is, okay,
maybe that you will be motivated by the actual application. So later I think there will be questions, but
my belief is that is really something that you will see the use of MPC. It has to come from very strong
pressure, from legislation, I think. You cannot do this way like, you know, medical records, things like
that. So you cannot deploy the system unless this happens, right, and only then people will say, okay,
let's pay a million dollars and then make something that will pass legislation. And even then, it will be
just enough so that the lawyers will say, okay, now it meets the threshold that you set by appropriate
bodies.
>>: So definitely legislation and regulation would help, but part of the problem also is the people who
write the legislation or regulation don't know what's possible. So part of the challenge maybe is also
kind of making technology more well-known and a little bit more mainstream so that people know it's
even possible to do these things and so that it can then. So I know that people in Bell Labs, they talk to
European bureaucracy to explain maybe what is possible but also at the high level. It's not that hard to
understand. You say well, if you're a location-based service, you can make a requirement that the
service provider -- I'm talking more about as a phone company, right -- the service provider will not
know where you are but to answer a request, right, so that's the case for MPC. So if you can say it in
human understandable words or in legalese appropriately, and then it's up to crypto people to do it
right?
>>: So there's a thing that we ran up against multiple times, comes not just in the case of MPC. A lot of
the more innovative technologies out there -- just to throw another example, differential privacy, if
you're familiar with it. About a year ago Arvin [indiscernible] over at Princeton published a couple of
articles in IEEE Security and Privacy. I have the reference here. The articles were entitled "What
Happened to the Crypto Dream?" And if you read those articles -- it's just a couple of them and eight
pages total -- but he's spot-on on some of the issues here. The people that are going to have to adopt
MPC are not consumers. The people that are going to have MPC are going to be companies, okay, either
because they provide services to consumers or because they do business-to-business commerce or
whatever. But it is going to be companies that are going to be adopting these things, and within these
companies, there will be a technological decision-maker, particularly now in the age of the cloud, and
with all the stuff talk about the NSA and [indiscernible] HQ and on and so forth. And I want to stress the
fact that I'm not talking about some theoretical stuff here. I'm talking about real-life situations in which
Microsoft have ran into, and that is when you start talking about these new technologies that has full
use of cryptography in a way that is not the popularized way, it's not about hashing; it's not about
encrypting; it's not about signing; it's not about PKI. It's about proofs of knowledge and blind signatures
and MPC and all that good stuff. When you start talking about that, then you get the IT staffers from
these companies asking questions, and then you run into a significant problem, which is as
[indiscernible] correctly pointed out, which is how do you explain these black-magic-like technologies to
people who are not used to them? It is really, really hard. It is really, really hard to get convince them
that this stuff actually works. And then we'll run into the second problem. Once you've convinced
them, oh, this could actually work, you run into the second problem, which is something we've been
telling people. I mean you, as researchers, from the privacy point of view, something that we've been
telling people for a long time, which is crypto is not for amateurs. You may get the theory right but the
implementation completely wrong or the other way around or whatever combination you have. So
once you get them to accept this idea that these black-magic-like technologies are really, really possible
and they could actually become a solution, then getting them to adopt these technologies becomes also
very, very hard because of the very high bar that there is for people to promote implementing these
technologies. So I would agree that education is key. And by education, I don't just mean a bunch of
grad students over at several universities. I mean the bulk of the people that are working on secure
software development out there. There are some questions maybe.
>>: Just a quick follow-up to your comments, which is that two of the aspects are possibly true for
bitcoins right? I mean, how many of the bitcoin users know crypto? And also adopting bitcoins has a
different -- it has an economic motivation as opposed to -- I mean, you don't need to convince someone
to use bitcoins, so I mean it doesn't sort of come in your argument for promoting MPC ->>: There's a difference between adopting technology and building technology, right. So as
researchers, we have different goals. One goal would be that the public adopts some technology and
underlying it is MPC. Another one is to get companies like Google and Microsoft to take these
technology's, implement them, and build them into products to make, you know, more privacy
preserving solutions so that's where I think Javier was --
>>: You need to take a look at the whole problem and the incentives, which is, by the way, the
argument that [indiscernible] makes. So the incentives here are what we talked about in the previous
question. Does the company believe that they have a security problem? Not necessarily. A privacy
problem? No. We're making money [laughter], okay, so that's the set of incentives, and then you move
on to what you were saying. It is very easy for people out there to adopt bitcoins. (a) You have the
incentives, or the clear monetary incentive is there. (b) You have companies out there that are selling
you appliances to mine bitcoins. You buy your black box and you can start mining bitcoins. And the
connection between your investment and your return on investment is very, very direct and very, very
obvious, even to someone that knows nothing about technology. In the case of MPC, we're talking
about first convincing the people that will have to implement the thing, okay. And there, the connection
between the investment and the return on investment is not as obvious. And once you convince them
that it's a good idea, then you have the problems that you, Mr. IT Administrator, or Mr. IT Developer
that is going to have to be developing this thing -- and the whole future, by the way -- the whole future
of your company depends on you doing the proper implementation. Ah, that's hard.
>>: I just want to present a more optimistic perspective but based on three things that [indiscernible]
said. One is companies that want to adopt and the other wants new things and this is actually what's
going to be more [indiscernible] than trying to add this in existing things, and the fact that we need to
get the word out. I think the word actually is getting out. I'm involved, actually, in three projects. Two
of them, I can't say anything about, but these are actual, actual products that -- small things but actually
being built. One is a more experimental predictive RSA. They have a new fraud-detection-type thing
that uses authentication information from different customers and combines together to try and work
out whether someone is logging in possibly fraudulently. And this is something that they want to
deploy, but they're concerned very much that their customers will not want to give all of their
authentication information to RSA, because actually, if you look at that information, it's actually very,
very sensitive. It has location and other information, so as an enabler for them to actually deploy this
product, they are building a prototype [indiscernible], but whatever [indiscernible] for them to try and
see if that will work as an enabler for a new product. So I think that's very interesting, firstly, that they
knew about it, they [indiscernible] to what they're interested in trying to do it, and I think that we're
actually succeeding slowly, but the ball is just starting.
>>: I think that is a very good point. Just I want to underscore two things. I'm not saying that it's
impossible. My job -- actually, 80 percent of my time is just technology transfer, so I believe it is
possible. But the argument I'm trying to make here is (a) we have to understand we're not going to be
selling MPC on the security and privacy benefits alone, and (b) we have to acknowledge the fact that
there is that uphill battle, education battle. The example you're giving is very good, but it's RSA. Those
people know crypto; that's their business, which doesn't necessarily happen with everyone else.
>>: I want to make a comment too because I thought about this. Actually, there are applications which
currently are not being done because of the security reasons, which you could enable with privacy, and
still I do not believe that this is going to be the killer app. So I have been trying to push SAP supply chain
management to -- you heard the talk by Thomas. We were the guys doing supply chain management. I
can show -- I can make a very easy calculation. You're going to save this much money if you do this, and
people do not care. Establishing a new product is much more difficult than taking an existing product
and adding a feature. So I think that for getting MPC out, it's because it's mainly it's security, right. It's
much better to add a secure layer to add privacy than to say I have a new product that is now being
able, because putting out new products -- I mean, it is a security product so it might be a little bit
different, but putting out new products is much, much harder than actually taking an existing product
and making it secure.
>>: So I just wanted to -- David brought up this very insightful point yesterday. And I think perhaps one
way to see that the prime impact is, you know, there are these new applications coming out like
genomic applications, maybe storing our financial data in the cloud, and those applications are
extremely privacy sensitive. Like, for instance, your genomic data. If the cloud server has data breach,
then your genomic data can get leaked, and that pretty much encodes everything about you. So
conceivably, if these applications are going to be put into the cloud, you may need higher security than
what is out there today, okay. So that's one view about how this can potentially get deployed. Maybe
we should think about new applications which are just too privacy-sensitive for today's cloud. So we can
think about what new things we can enable. And another thing is let's say for today's particular services
out there, maybe e-mail, social network, or something. If you can offer a privacy-preserving version of
that and users have the choice, like let's say you have ways to monetize and still be profitable despite
the additional cost and, you know, cost of operation for added security. Suppose you can do that. If
users had a choice, then maybe they would opt in to the more secure version or at least a subset of
them would opt into the more secure version. And perhaps that's a way to drive existing companies to
it in order not to maybe lose their market share or something, they would perhaps also add secure
features to their existing services. Although in spite of everything that I said, I think another key
question is whether secure competition is the solution. So we definitely need more security for these
genomic and financial applications, but there are other alternative technologies, and this is the point I
brought up yesterday. There's like secure hardware. There are many different solutions, so which one
will, in the end, be the optimal security and cost tradeoff, that is the part that's not clear to me.
>>: Secure hardware works in some settings, and in some settings it doesn't work. If you have cell
phone users, maybe it's harder to give secure hardware to each of them so they will compute. But
maybe in the future, you can sell a box that somehow everybody agrees that it's safe, and then two
companies can puts their data in that box and out comes the out, right. So in this way through this box
will replace MPC, but for large, expensive functions. So the hope is I think that we should hope that
many useful functions are cheap enough that you don't need to bother with the box. So fine. You have
$10,000 overhead, but if the function is small, then it doesn't matter.
>>: If you think about it actually, today's users place a fair amount of trust in the hardware that they
compute on. Like, you know, I use my mobile phone. I use my laptop. And maybe the processor is
produced by Intel. Even though I don't have to trust the cloud, I do have to trust the hardware on my
local computer. So the competition gives me the guarantee that whatever the server does, I don't care,
as long as my client is honest and, you know, secure then ->>: So you would need like a smartcard, like, thing on the phone, right, some protected environment.
That's what you're talking about?
>>: Right, so you have like secure processers that can, for instance, encrypt data. Then I think in order
to achieve some of the goals that secure computation is aiming to achieve, you can have potentially
faster solutions in practice if the hardware offers you some kind of .
>>: It's about the marketing story. It's really about the marketing story. And the marketing story is you
have your key; you have control over your key; the key stays with you; you encrypt and send it to the
cloud, and you're done. That story sells. If you say well, you know, the guy over there, he has put
something into his hardware, and you can trust that piece. Why don't you trust the guy in the first
place, right? It's a very simple marketing story. It might not be true in the real case. You can probably
make calculations that the hardware is just as secure, but it's really the marketing story. You can say,
well, you know, there is some crypto guy. There is somebody, you know, he got a Turing Award, and he
said if you encrypt and send it to the cloud, it's secure. And that sells, and that, I do think, that that can
make a difference. The question is -- I also wanted to make another point about legislation. Actually,
please, do not hope the legislation is going to help you, because the legislators have the problem right
now. They have to make the laws for governing the cloud right now. If they would make a law to say
you have to use MPC, the world would be in huge trouble [laughter] because we're not ready. We're
nowhere near ready, right, and so this is -- there are lots and lots of steps to be taken, right. And be
careful what you wish for in this case, so maybe some smaller solutions in the first place. Some startups
that are doing some kjkj things might be the right way to go.
>>: I just wanted to comment on one real quick. Yeah, really quick. The talk earlier today on the
[indiscernible] -- this is an example of how legislation helps promote the MPC. Because it was forbidden
for them to see the data to compute any statistics on the data because the privacy office -- I forgot the
name of it -- maybe they said I couldn't do it and they had to use highly sanitized data that was nearly
useless. But if they use MPC, that same office said that it is okay to compute on that data. So there is a
huge difference in functionality that you see, and this is an example. This is an overarching solution that
says you must use MPC. What does that mean even, right? What they say is here is a clear case. You
don't see the private data, so it's okay to go. And there is a lot of examples of legislation that actually
make life hard for implementers, but presumably it helps swob anything with medical records. It's a big
deal, and there's -- it's not really useful for our community because the lawyers there are very, you
know, many thousands of pages of, you know, what needs to be done, and before you read it, forget
about it. It's not -- it's not interesting. Think about it. But the concept is there; that's something the
government or people consider this is private and so deal with it. And then if it's stated cleanly, then
our community can help solve it.
>>: So this actually segues into another question, which is: Which parts of the world are more
predisposed to adopt MPC? Does Europe's stronger privacy laws make it a better target for possibly
deploying or having startups based on MPC systems? Sort of the geography something that we should
be thinking about?
>>: We can't hear.
>>: Oh, sorry. The question is: Which parts of the world are more predisposed to adopt MPC? Does
Europe's stronger privacy laws make it a better target for selling MPC? Is that something that we should
be thinking about? Should we be developing solutions for the European market because we have a
better chance of deploying there?
>>: I wanted to mention one thing that fits here is a very interesting example. In the Netherlands, they
deployed smart meters. It was maybe three years ago, and they collected everything because they
wanted to see everything. And the people really didn't like it, and there was a big noise in the media,
and they had to roll back entire whatever that phase of deployment. So it was very, very expensive, and
they had to roll it back because people are more educated, I guess, in Europe about their privacy. And
so that happened.
>>: [indiscernible]
>>: What?
>>: -- educated. It wasn't too long ago in Germany, Eastern Germany. They know what happens when
you don't have privacy, what a government can do. That's why I think ->>: This wasn't government. This was -- this was electric utility companies.
>>: I'm saying that there's more awareness of privacy because of recent history.
>>: You think that's what it is?
>>: Now there's history, in fact, in the United States, right? With [laughter] actually we have.
>>: Well, and people are talking about it all the time, so maybe there will be changes.
>>: Crypto could solve that problem.
>>: You think that you all are talking about lawyers and companies, but if there's big pressure from the
people, either with this kind of privacy violation of just for some totally new app, that will be so cool and
so awesome that I'd be willing to sell my soul for ->>: So a very good example is how much -- there's the shopping carts right, that, you know, they give it
to you and you get it at a discount here and there on your orange juice, right. But like nobody thinks
twice about -- not nobody. The majority of people and these shopping carts, they collect everything all
about your habits, right. And so this tells me that most people really don't ->>: But your examples are things we already do, which, by definition, people are willing to do without
privacy, you know.
>>: Exactly. That's my point. If people don't care about privacy be ->>: There might be something new. I don't know, like giving all your genomic data maybe. [cross-talk]
>>: -- for free. You would give everything.
>>: It's very hard to convince people to value their ->>: -- naked pictures on the Internet.
>>: Well, Facebook shows you that most of them don't care about that [laughter] [cross-talk]
>>: I would severely challenge the notion that people don't care about privacy. I mean, people over in
the industry have been saying that for 10, 20, 30 years, and there have been multiple studies that show
you that that is not the case. Now, I say that and it kind of contradicts the obvious, which is people are
still going out there and giving away their data. And even I, and I consider to be myself a privacy zealot, I
give information away. And it's very, very simple: (a) what am I getting in return? And (b), what is my
perceived risk based on what I'm doing? And the fact is that the majority of people out there -- I'm
talking about the 99 percent -- have no clue about what the risks are. Because even the privacy
professionals, even people like me that spend a hundred percent of our working lives thinking about this
stuff really don't know how far this problem reaches. I don't know what companies -- other companies - out there are doing with my data. And again, I read about this all the time; I think about this all the
time; I talk to other people that read and think about this all the time. So it's very hard for Joe Anybody
out there to really have a clue of what the risks are. So I would challenge that.
>>: The risks are that your entire e-mail and your entire phone conversations were logged. I think
people are upset about it, no? Or is it just [cross-talk]
>>: Google knows all this stuff.
>>: Because Google knows it and there's an imbalance, the solution would be regulation, and the
regulators are going to ask, okay, so what's the story? And somebody is going to come say, oh, this is
10,000 times slower, and Google, we can't pay for this, and the discussion is done. So this the power
imbalance if the consumer market is too high in order to regulate for something like secure
computation.
>>: Yeah, and that takes us back to your original question, which is: Are the laws in Europe such that
they would facilitate the introduction of MPC? I don't know. I do know that the laws in Europe have
forced Microsoft to make changes for specific countries, not for all of Europe, with a specific product,
and that is true. Whether those laws would push us in the direction of adopting MPC at any point in
time, I'm a skeptic. However, I do think that there are other things in the European environment that
are likely to force the adoption of MPC, which is the unique characteristics, economic characteristics, of
the European Union. And the best argument that I can make to support the statement I just made is
probably a case study that's probably very well-known to you, which is the sugar beet market in
Denmark. If you take a look at that, it is the very specific situation of that market in Denmark that
actually forced the adoption of MPC. The primary considerations are not security and privacy, rather
the reality of the market and the nature of the needs of the players in the market. And if we look at it
from that way, I would, yes. It is much more likely that this type of solution will be first adopted in the
European Union than it is in the United States.
>>: Why is that the case?
>>: Because this example of -- sorry, I didn't hear. The example of the sugar beet market in Denmark is
an example where you have -- if I recall correctly, the example is a state-owned monopoly that controls
the auctions of sugar beet. Now, the concern here of the people producing the sugar beet was that this
entity had so much power over the market that it could sway prices and that it could force some of the
farmers to get out of business or the sell at a cheaper rate or whatever. So the only solution that they
could come up with in which every single party would trust the end solution was by using an MPC
application that would allow people to submit their bids, selling and buying bids, and okay ->>: That, I get. But the question is: Why is that more common in Europe than in the U.S?
Conditional page break: 2
>>: I'm not saying that it's more common in Europe. I'm saying in general, the environment in Europe is
conducive to that type of situation. Why? Because in the US, you don't have the complex systems of
quotas, production quotas. In the case of farming, production quotas that are assigned to the different
countries, and in each country, the market is managed by a different entity. It's all very complex. That's
I think, one of the areas where MPC could shine.
>>: But I would assume that like monopoly markets, if monopoly is the distinguishing feature, you
probably have, I mean, I don't want to mention the building we're sitting in, right [laughter], but there
are definitely monopoly markets in the US as well, and they would be just as amenable.
>>: So I'm not a US citizen. I'm not making any judgments about the politics or social reality in either
Europe or the US. I'm completely agnostic about that. I just look at the facts, what's out there, and
what I think would be conducive to the adoption of the MPC. In the US, there are horrific monopolies,
but that's a completely different conversation.
>>: So we don't have much time left. So I want to get on to another question, which is: What other
research communities have been successful at impacting the real world and industry? Why were they
successful? What can we learn from them? So some examples are things like [indiscernible] systems,
Hadoop. The database communities in general, I think, has had quite some -- the database research
community has had quite some impact on industry information retrieval, obviously with search, and I
know there's other kind of security-related communities that have tried to have an impact. Like
differential privacy has been trying to kind of get some also TKAOPLS. So can we learn anything from
those communities? And what have they done right?
>>: Wow.
>>: My guess is they have a need, you know. They have something that people actually physically need
that is very clear, and it's obvious to everybody, so they make what they produce and will use it. So,
optimizing something, supply chain. It's you can save the money and so, of course, you want to pay for
this MPC. You don't save the money. So it's I think it's fundamentally different from this perspective.
>>: -- crypto has a lot of impact.
>>: Yeah well, so ->>: Why doesn't ->>: The MPC, yeah, because you have to protect against the guy on the wire, right. Obviously because - so the security people pay for security a little. They don't want to, but they kind of have to, right. But
so that protects you against the guy on the wire, but if you're talking to your bank, you know, who wants
to make sure that bank where you cannot cheat, you know?
>>: [indiscernible] years since the invention of RSA for it to come out. Why do we expect it to happen
now? In fact, I think, you know, we have more exposure than we've ever had before. There's more
interest than ever, but these things just take time.
>>: I completely agree with that assessment. You have to keep in mind that in the case of what I would
call traditional crypto or basic crypto, the need had already been established before even the
technologies were there. I mean, there was a need for banks to communicate securely between
themselves and communication links were born. And maybe they were point-to-point, and they
thought that that was enough. At some point, that stopped being enough and banks started to look for
other measures, and that was what began to open the door. For instance, circumstances had to be
moving from specific enterprise markets like banks, to general adoption by the public, and it was the
existence of the Internet that made this need very, very explicit. But you're right; it took time. And I
know I've come across very, very negative. I am not. I truly believe that MPC will be adopted. I don't
think it's going to happen overnight. I don't think it's going to happen through legislation. It might
happen. I think the probabilities are low. I don't think it's going to happen through a magic bullet app. I
think it's going to happen just like the adoption of many other technologies that were far-reaching
enough, which is, it's going to happen through hard work and dedication. And we need to look for those
opportunities, and we need to educate people. And we need to create the spaces where the
opportunities and the technology can come together, and we need to work together work to create the
opportunities where education can happen. I think that that is what is going to change this.
>>: I have a question. I never belonged to talk about APC and adopting your APC. We talk about MPC.
We talk about individual people believing MPC or not, but there is another angle to view it. Maybe I, as
an individual person, I'm not that much careful about my data. But when I give my data to Microsoft, it
becomes more important for Microsoft to make it private, to believe it's private, because, for example,
Microsoft or Google or other companies have a huge amount of data from individual people. And if they
lose the privacy of this huge amount of data it can be a mess. And why we never talk about this impact,
or maybe you've thought about it, but can I know your view of privacy in this aspect?
>>: Why do we never talk about the consequences?
>>: The consequences of revealing huge amount of data, not just individuals.
>>: You have huge amounts of data being revealed here in the US to NSA. It's happening right now.
>>: Yes but ->>: I think you're talking about ->>: Not specifically government or companies, even for other private companies when you lose a huge
amount of data.
>>: Oh, you mean through data breaches?
>>: Yes.
>>: So the consequences are huge. Again, I think what you have -- so it's not that companies don't
worry about this. Some companies do; some companies don't. And some companies start worrying
after they suffer the data breaches, yeah. Now, the problem with the data breach, again, is that your
average person out there in the wild, as they say, really has no clue of what sorts of risk he or she is
exposed to. Why? Because data breaches are very, very insidious in the sense that a lot of stuff can be
happening to you and you don't know. Your identity may be stolen, but the identity might be so good
that you never actually find out about it. You suffer. You pay the price, but you never notice. That's
possible. In other cases people notice after a long time, and in other cases this use of the information
that those nefarious parties might be making can be completely obscure. Again, you're still paying the
price, but you don't know.
>>: I'm not saying about me as an individual paying the price. I'm talking about, for example, Microsoft
as a company paying the price because of the breach. Is there some price that your company must
make because of the huge amount of private information? You have good data breaches and some
marketing and stuff for people that you know, but, for instance, as you have other companies coming in
and stole this private information that you have. It's a real huge loss for your company.
>>: There is a significant -- there is a yearly survey put out by a company called Poneman Consulting,
and I think they've been doing this yearly survey, I think, for the last 15 or 20 years. And every year, the
average cost of a data breach -- they do a survey of the companies that have suffered data breaches,
and they talked with them about what the direct costs of these breaches are and so on and so forth.
And every year, the average cost of these breaches goes up. The numbers are horrendous, and there
have been cases of companies that have almost disappeared because of these breaches.
>>: Can this cost be a motivation for private companies to apply MPC on their own data that's their own
data. It has value. Data has value, though.
>>: I think it is a motivation, yes.
>>: I've actually spoken to quite a few companies recently, because the issue which is exactly right to
that issue. So the figure or the [indiscernible] to be aware. Some other companies that's one thing, but
I have spoken to, for example, like a small hospital that's also a university in medicine somewhere in the
US. I spoke to the chief security officer and he said, well, we don't even encrypt our data, but I at least
have proof that I have told my managers many times that we need to [laughter]. So there is a lot of
really sensitive data out there which isn't even being encrypted, and it really depends who you're talking
about, and it's incredibly diverse about whether -- there are some who've said to me, yes, if you had this
available now, we'd take. And it some have said, you know, I wish I could get my managers to even
agree that we should encrypt our database, and everything in between.
>>: We're already out of time. I am going to ask one last question and I just want the panelists to
respond to this question because we're over time. So, I mean, all the panelists work in industry and all
have tried to promote in their respective companies. So one question is: What have been the biggest
objections or roadblocks that you run into, just out of curiosity? And which ones were the biggest.
>>: The biggest objections and roadblocks. (a) We've had to justify MPC primarily on economic grounds
rather than security and privacy and (b) I would say it is very hard sometimes to put these technologies
in a context that is enticing enough for the business. And what I mean by that is this: You can explain
what the damage does and weave in factors. And Seny is a witness to this. We've been to many, many
internal forums and presented about MPC and explained these are the scenarios in which you could use
MPC. And interestingly enough, the people don't seem to get it. It is only until you talk to someone
whose immediate need is very clearly present in his mind or her mind that we saw a reaction. There
was one person specifically to whom I had talked about MPC several times for whom MPC had not
clicked. And one day in a coffee shop, it clicked, and things started to move really, really fast after that.
So again education, keep trying, and focus not only on the security and privacy benefits. Think about
what are the economics and the efficiencies that can be gained.
>>: Yeah, I did try to promote secure computation, and the main objection was costs. In talking to
engineers when they -- so the function there was kind of expensive. The overhead was high on some
location-based privacy, or I forgot exactly what it was, but it was significant. It wasn't like a tiny portion
that you can, you know, overpay whatever you want. With engineers in a scalable industry, they count
every cent, and when they do that, the overheads that we talk without any problem, they're horrified,
and it doesn't go much farther than this. So, you know, it needs to be an application that privacy is
important and the cost is small. It can't be noticeable. And I wasn't even talking implementation costs.
They had no idea that they'd have to hire, you know, [laughter] a bunch of new guys to implement it. It
was just what's the length of message you need to send? At that level already, it was -- it was a show
stopper, the costs.
>>: It's very similar to what Javier said. You have to have someone who has a clear problem, and then
you have to essentially claim you solved that problem. And if you have a good marketing story, they will
not question you how you solved it. If you say, I encrypt it and you keep the key, the solution is fine.
But the problem has to be -- it has to be a clear and present problem. And economic reasons might not
be the ones that are actually driving it. So as I said, in supply chain management, the economic reasons
are there. They are obvious, right. Everyone knows them, and they are obvious to people.
>>: What was the -- why were they pushing back if you could sort of prove that?
>>: The question is you have to convince the customer to do something different, and you're making
money with the project right now.
>>: So in your case, it was just a matter -- it was just inertia? They just -- you could prove that they
would save money, but they were just kind of, well, we just don't feel like doing anything new and that's
->>: Business risk. You have to establish a new product. Way too much risk. We have a product right
now. It doesn't do that. We can't do that. We know we can't do that. We can do, yeah, we have to do
a little bit of hand waving, and that. Why do I care to solve the problem, right? And that is -establishing a new product is much, much harder than actually adding a feature to it, and somebody has
-- it's making money right now, and he says, now, okay for something I -- it stopped. The money stops
coming in for security reasons, most probably money stops coming in, then you have a chance, and then
you have to be fast.
>>: I agree, unfortunately, yeah. All right. So that's it for the panel. We had a bunch more questions,
but we're pretty behind. So we're supposed to have break from 2:00 to 215, so we're just going to have
a 5-minute break or I guess a 7-minute break. We'll be back at 2:15 for the next session. [applause]
Related documents
UT Math Club Problem of the Month January 26, 2010
UT Math Club Problem of the Month January 26, 2010
Project Development Process
Project Development Process
November 10, 2005 Ms. Maria Molina Manhattan Psychiatric Center
November 10, 2005 Ms. Maria Molina Manhattan Psychiatric Center
Questions (6)
Questions (6)
Download
advertisement