Keeping your data secure and private with end-to-end encryption
Why your data should only be seen by you
Data is knowledge. Knowledge is power. So, data is power. Data holds the power to diagnose disease early; identify potential environmental catastrophes before they become so; and make the world a better place for all. Or, at least, that’s what we at gliff.ai believe. But data also often contains personal information, e.g. medical records, or commercially sensitive information both of which should be kept private and secure from untrusted other parties.
Whilst data is usually encrypted when being sent over the internet (encryption in transit) it often rests unencrypted on a third party server — the owner of that server, or a nefarious other party can access your data. In storing any personal or sensitive data on the cloud you are putting significant trust in your service provider, and their service providers, and their service providers — can you really trust everybody in that chain with your data? Can you afford a data leak of thousands of individuals’ personal information?
Okay, so perhaps the solution is to encrypt your data on those servers (encryption at rest)? Now only encrypted information is saved to disc. But wait, when you encrypt your data you use a method of encryption and a key to lock that data — where is this information and your key kept? Well, in this case they are both stored on the server, or somewhere else on the internet where this server has access, and so all the information needed to decrypt your data is still out of your hands and relies on that opaque chain of untrusted companies.
We at gliff.ai believe that data privacy and security is paramount for the future of FATEful AI (see our Ethics Statement for a detailed description of FATEful AI). Your data should be yours and yours alone.
End-to-end encryption: keeping your data yours alone
So is there a solution? With end-to-end encryption your data is encrypted on your local, “trusted” computer, transferred over the internet to servers and other computers whilst encrypted, and stored on the cloud in this encrypted state. In this scenario, the method of encryption and encryption key are stored on that local, trusted computer and not on the server. Now none of those “untrusted” third party companies can read or decrypt your data.
A quick side note here on “trusted” and “untrusted” — we’re not casting aspersions here. In the field of encryption this more refers to transparency and role in a secure transaction. A trusted computer or service is one which is relied upon for a secure transaction, e.g. encryption and decryption, and that the user has the ability to understand the security protocols in place, i.e. the transparency necessary to know the service isn’t doing anything nefarious. An untrusted service in any service that doesn’t satisfy this, i.e. any third party service or opaque system, whether or not nefarious activities are likely or possible.
End-to-end encryption provides you with GDPR and HIPAA compliant protection against data breaches. End-to-end encryption provides you and your data providers with peace of mind that that data is secure. End-to-end encryption keeps your data yours.
gliff.ai provides many of our tools as open source software. By default, if you run an instance of our software it will keep all data on your local, trusted computer. However, the gliff.ai cloud platform stores user data on servers and transfers that data across the internet — but don’t worry, that’s end-to-end encrypted, always.
What ‘data’ is end-to-end encrypted with gliff.ai?
So far I’ve just been talking about ‘data’. Data covers a lot of things. With imaging artificial intelligence (AI), gliff.ai considers data to include everything involved in the AI development lifecycle: raw images, domain expert-created annotations, AI architectures, AI training/test data and all results, including compliance materials.
What does this mean? Well it means that gliff.ai never sees your data, can’t recreate your data from unencrypted annotations, because there are none, and can’t infer your data from your AI models, because they’re encrypted too!
Building end-to-end encryption with open source projects
We at gliff.ai believe that using, contributing to and creating our own open source software projects is a vital part of being a technology company. Open source projects are fundamental to most software we use and we believe companies like gliff.ai should be honest about the communities they’re working with and the projects they’re building upon.
So, what project are we using to help us accomplish our end-to-end encryption goals — etebase (etebase.com). Etebase is a project that has been running since 2017 and provides a high quality, strong and modern end-to-end encrypted database for building end-to-end encrypted applications.
By using etebase as our storage database we can build upon the years of expertise and development that has gone in to this project. We also hope to work closely with the etebase maintainers and community to identify and develop new features and fix bugs in a way that is both efficient from gliff.ai and contributes to the growth of the etebase community.
Over the coming months gliff.ai will be developing an end-to-end encrypted platform for MLOps with a focus on FATEful AI, engaging domain experts throughout the development of AI and seeing the unexpected world with AI. Our focus on end-to-end encryption makes gliff.ai, we believe, the most secure and private solution for all our customers and collaborators to develop imaging AI.
Find out more by contacting us at gliff.ai.
