Facebook, IoTeX, R3 Among New Members of Confidential Computing Consortium

shutterstock_211605850-1-scaled
29 June 2020

Facebook, Accenture, IoTeX, Nvidia and six other companies are joining the Linux Foundation’s Confidential Computing Consortium (CCC), increasing the size of the privacy-focused group by 60 percent.

The addition of members IoTeX, which leverages blockchain to secure the internet of things, and R3, an enterprise blockchain company, nearly doubles the number of blockchain companies involved. 

Created in late October 2019, the CCC aims to bring developers together to accelerate the use of Trusted Execution Environment (TEE) technologies and standards. A TEE sequesters code and data away from applications on the main operating system, so they’re protected from adversaries who may gain access to the main operating system. If the main system is in the White House, for instance, with a variety of protections, a TEE is the bunker underneath it. 

Within a TEE, unauthorized actors cannot view the data that is being used within the TEE and cannot alter the data. This enables applications and other systems to run without having direct access to extensive amounts of vulnerable data such as financial or personally identifiable information. 

“Securing data-in-use in hardware-based TEEs, can … strengthen other security- and integrity-related technologies,” like running a blockchain ledger, said Stephen Walli, the chairperson of the CCC’s governing board, in a statement. 

“Confidential computing brings privacy-preserving smart devices to the next level by not only allowing users to own their private data, but also to use it in a privacy-preserving way,” Raullen Chai, CEO of IoTex, told CoinDesk in an email. “This has major implications for consumer-facing industries such as health care and smart homes, as well as enterprise for private multi-party data sharing and interactions.”

See also: Jalak Jobanputra How Edge Computing Can Make Us More Resilient in a Crisis

Chai, based in San Francisco, said there are two immediate use cases where confidential computing could make an impact on everyday people’s privacy. 

One is facial recognition in public spaces, an area that is under intense debate and scrutiny, particularly as protests against police brutality continue in the U.S. 

There are traditionally two sides to this debate, said Chai. On one side are privacy-conscious people who don’t want images of their faces scanned and analyzed by governments and other actors. On the other are governments (their supporters) who, broadly, are prepared to sacrifice people’s privacy in the name of public good. Confidential computing has something for each hand. 

“Reactive regulations will never achieve the goal of satisfying both sides, but confidential computing orchestrated by blockchain can,” said Chai. “With confidential computing, facial recognition processes can be executed within a secure TEE-based confidential computing environment, where the raw data (people’s faces) and a cross-referencing database of faces can be analyzed and subsequently forgotten after the desired results are obtained by governments.”

See also: Human Rights Foundation Funds Bitcoin Privacy Tools Despite ‘Coin Mixing’ Legal Stigma

Another area of interest is contact tracing, used to track the spread of COVID-19, and clinical research about the disease. Chai said projects such as Google’s Project Baseline, which leverages user-donated health and location data to combat COVID-19, are important. Google Cloud is a member of the CCC. But the project’s privacy policy includes concerning language, including the baseline terms and conditions, which prevents users from deleting health data once it is contributed. 

Chai said confidential computing can serve as a win-win for initiatives like Project Baseline because it allows the project access sensitive data that’s important for pubic health, while also providing assurances to people sharing their data that they can trace and revoke it at any time. 

Blockchain technology offers a coordination mechanism for computers using TEEs, allowing access to data among parties that might not trust one another, such as a consumer and a large corporation. Smart contracts can set the rules of engagement to be programmable, and make the end-to-end confidential computer process both trusted, and verifiable, according to Chai. 

See also: From Australia to Norway, Contact Tracing Is Struggling to Meet Expectations

The U.S. Senate is considering several bills that would attack end-to-end encryption, according to critics, including the EARN IT Act and the Lawful Access to Encrypted Data Act of 2020. Simultaneously, companies within the U.S. are grappling with how to comply with privacy laws like California’s Consumer Privacy Act (CCPA), which lets California residents limit the amount of data gathered about them and ask that companies delete information they may have.

Notably, the CCPA and its international counterpart the European Union’s General Data Protection Regulation, one of the most prominent privacy laws in the world, don’t prevent companies from abusing people’s data. They just impose fines and other consequences after the fact. 

“Protecting organizational, partner and customers’ private data is table stakes to seeing this model truly achieve its potential,” said Michael Klein, principal director of Blockchain & Multiparty Systems Architecture at Accenture, in a statement. 

“The open standards and tools provided by the Confidential Computing Consortium offer organizations new options to protect private data while ‘in use,’ and Accenture is proud to be a member of this initiative.”