Inventing the Internet of Trust


Were all delighted that Bob Tarjan has returned to Intertrust to reprise his role as Chief Scientist. Bob joins an enormously talented technology team led by our CTO Dave Maher, which has undertaken the task of researching some of the deepest open problems facing the evolution of the Internet.   As the number of connected devices grows astronomically, how do we secure, make trustworthy, and manage access to the constantly growing networks and big data sets of our connected society? Does the Web of the future submit to the rule of a small number of monolithic institutions, or do we reach a point when all falls down due to the chaos that ensues from leaving everything exposed to the threats of the open Internet? Or, is there a way to let specialists interoperate via trusted intermediaries?

The convenience and power of having all of our devices connected far outweigh any comfort that might come from creating disconnected islands of perfectly secure devices.  As esoteric as the concept of “digital trust” may seem, we all know how it feels when we see a suspicious link in an email, use a device for a mission critical function whose performance is dubious, or tap into a network whose owners are shady.  For years, we coped with the problem of making digital devices and networks more trustworthy by applying physical world practices (know your correspondent/network owners) or with Band-Aids (virus checkers), but these approaches simply do not scale. 

The very innards of operating systems and networks must be designed from the ground up to create a trusted platform.  One way to design such a platform is allow a single party to control the entire ecosystem.  This is not how the Internet was created, and it is not the way distributed systems work.  All societies are based on specialists stepping up and doing their jobs, collaborating to get the most efficient results.  In the physical world, we delegate trust and authority to different specialists and expect them to collaborate, share, and engage to solve problems.  

We don't go to our insurance company for medical care; we dont go to our doctors for financial advice.  Yet in so many areas of our digital lives, we have been willing even eager to give up our data privacy by delegating authority over our email, contacts, social networks, finances, and health to a single, all-powerful ecosystem owner. And when that ecosystem owner breaches our trust? Unplug or switch ecosystems. Although many people are content (for now) with the benign dictatorships that run the Internet, its crazy to think that a single party will be the “App Store” manager for the trillions of devices that are coming online: the ocean-based probes, the light bulbs, the medical implants. Soon, it will be very boring to be a smart phone. 

If we accept that governments and the pantheon of powerful companies and institutions around the world are not likely to band together to form an oligarchic super-manager for the Internet, and that many institutions big and small will need to cooperate to harness the power of Big Data, weve all got a lot of homework to do.  The new frontier will be won by building a trusted web and allowing people to mine it, and travel through it.  We must extend whats been done and upgrade the very plumbing of the Internet to allow trust, rights management, privacy, and policy to be protected and managed programmatically; the result is more access to information, more control over our physical and digital environment, and more safety in crossing the oceans of information.

Intertrust started grappling with these technical problems years ago, recognizing that the computing platforms of the 80s and 90s which derived their security from an elaborate system of walls, door, and guards were poorly built for the tasks of the future.  Now, as the number of devices and data sets transcend the limits of imagination, the ideas we pioneered more than two decades ago are more relevant than ever. The evolution of the Internet, rather than closing the door on our past research, creates massive opportunities for new scientific breakthroughs.  If all the Webs an App Store, then everyone should become app writers. If these apps are going to come from a million places, then we need to build a network that makes it possible to ensure that digital objects are legitimate and that the rights that the data owners are properly respected. No single entity should own this process.  If data and devices need to cross corporate and national boundaries, trusted intermediaries need to emerge to help with safe passage.

Data owners today go far beyond music labels and studios. For example, every human being who has a mobile phone and uses Google generates large amounts of information about themselves. Today, that data is exploited by hundreds of companies that no one sees or knows.  Personal data, ranging from where we go and what we eat, to our medical information, to our cars behavior must be managed and protected, but also accessible to parties we authorize to search and analyze them. This is why were growing our research team and funding new work in the areas of distributed secure systems, algorithms, and data structures for big data networks and visualization technology for sharing and analyzing distributed big data sets.

Intertrust and its venture companies are charting new territory in big data privacy.  Our Genecloud project seeks to create a way for researchers, doctors, pharmaceutical companies, and consumer healthcare services to share and access genome data and associated health records in a way that protects personal data privacy and rights but allows important healthcare questions to be asked and answered.  The heart of the Genecloud is a unique digital security and privacy architecture that governs the interaction between analysis programs and sensitive data, wherever that data may reside. This approach enables unprecedented data sharing across institutional and legal boundaries, while mitigating or eliminating risks to individual data privacy.

A similar concept underlies our Personagraph targeted advertising platform.  Many state-of-the-art of advertising technologies adopt a cavalier attitude toward personal information; these companies will do anything with your data to make a buck, dangling “free” services in front of consumers to get and troll personal information to advertisers.  Personagraph acts as a trusted intermediary for consumers and advertisers, collecting personal information but never revealing identity. Instead, ads and targeting information meet in a governed environment, creating a privacy-preserving win-win.  These are just two projects built on our trusted Internet platform that ensures software integrity, content protection and management, and secure authentication and identity management. 

Are we there yet? Certainly not!  There are many challenges that lie ahead, but we choose to embrace potential threats as opportunities.  Can we deliver high value research with a small team? Weve done it before, and we will do it again.  Making good science is not a monkeys-and-typewriters problem; meaningful innovation is inspired by real challenges tackled by smart teams and well-funded companies.  Our research-centric company has always drawn inspiration from a narrow set of very practical commercial problems.  Weve also been very fortunate to attract and retain some of the greatest minds of our time in our focus areas.   Bobs return to Intertrust is part of an evolution of our quarter-century of disruptive R&D, and we look forward to another generation of innovation as we transition from the raw Internet to a truly trusted one.