In the era of constant exploits, data leaks and stolen identities, there are only three real viable solutions to address such problems.
- The first would be to lock everything down by adding a lot of friction.
Security questions, constant key rotation, asking for an ID and a picture of yourself (think of modern KYC processes).
2. Secondly, is to allow tech giants to frequently pry on the general population, making sure they are still the same people with the same behaviour behind the computer.
3. Third would entail empowering and providing end users with the tools that would help them become the protectors of their data.
If we’re being honest, end-users are the only ones who really care about the privacy and access restrictions to their data.
In Iryo, we believe locking access down and building a barbed wire around it sometimes works for corporations where people are paid extra to secure access. However, this approach doesn’t scale well to the general population. Mainly because if you demand more steps people will slowly but surely start to cut corners — negating the added security of adding more steps in the first place.
Constant surveillance machine in the form of tracking people’s every move (facial recognition, typing recognition etc), is problematic as well, leaving the end user completely defenceless when the data collected to sustain such an approach gets leaked, sold or is internally abused (even if we ignore the privacy considerations).
The 3rd alternative is the path Iryo supports.
Encryption is the process of encoding a message or data in such a way that only authorized parties can access it. With encryption, the locks used by most services are so strong that it would take a decade of computational resources to identify a single key. But what if instead of trying to pick the lock, a hacker attacks the servers or its operators to gain access to all of the data?
Zero-knowledge defines the relationship between the end user (a medical patient in the case of Iryo) and the service. With the zero-knowledge encryption, the service has no idea what is being stored. More importantly, the service provider can by no means find out about the content, unless the end-user gives away the key or shares that key back with the service operators.
Quick note; zero-knowledge and zero-knowledge proofs are 2 different technologies. One is used to save data using a 3rd party (but keeping the content hidden from it). Zero-knowledge proofs are also used to hide the content from a 3rd party, but in addition to that, it provides additional verification (for instance, the proof can attest that the number is higher than 10, without revealing what that number is). The main use-cases for Zero-knowledge are data storage and messages, zero-knowledge proofs are used for CPU intensive verifications.
Ok, but why now?
Hacking incidents, leaks and other undocumented data exfiltration events demand a rethinking of how we treat data security. Instead of pretending we can keep an eye on all the parts in any given system, the design should be resistant from the ground up, accounting even for state-actors or “inside jobs’’. `The notion of “being unhackable” should be done away with- and rather effective design should come first so that leaked data is not readable by anybody but the end user (patient).
Since hackers know that stolen data is unusable, they are disincentivised from trying to steal it in the first place.
This works by way of users encrypting their data on their mobile device(s) with a public key. A private decryption key remains on the patient’s device. Awaiting patient approval of requested access. This will be done by the patient clicking “yes’’ in their IryoEHR app. This issues a re-encryption key to the doctor’s public key.
Ok if this is so great, then why almost nobody is using it?
It comes down to three things:
• Search in this type of systems becomes more difficult.
• Data sharing requires user interaction and institutions lose the control over who sees what (the control is moved to the end user — the patient).
• The end-user key recovery is hard to implement in a decentralised way.
Iryo has devised a solution for each of these pain points and believes that the market is on the cusp of adopting these technologies.
Searching the data
Because of the focus being on the end to end health data exchange, there is an actual ‘trusted device’ in the Iryo Network — the end-user device. This could be a phone, tablet or a personal computer. Since these devices need to be able to read all health data in plain text, they would also be able to execute the queries across the same data.
With this simple design decision, we don’t need to use anonymised data (which gets re-identified fairly quickly with modern ai), or complex & slow multiparty computation. Find more in the whitepaper; Anonymous query interface section.
Iryo is using NuCypher’s implementation of proxy re-encryption. This system ensures there is no private key sharing and that users don’t need to download all the data when re-encrypting their backups (backup nodes can re-encrypt fast without seeing the data).
Institutions losing control
Iryo sees this as a non-issue. Fortunately, because of the GDPR (and similar legislation all over the world) more and more institutions attest that they don’t wish to be liable for the data of their users; and would rather give it to a 3rd party that would take the liability. This plays perfectly within the Iryo solution — where those institutions can drastically lower their liability if they move their data to the Iryo Network.
Key recovery is a complex topic which is why Iryo has teamed up with ZeroPass. Most of the solutions fail to decentralise this part, leaving the key recovery centralised and in the hands of a company or foundation, which then can become a single point of failure. That just moves the hacking target.
The solution is converting the recovery into a series of steps where users can (mostly) blindly follow the procedure. Even if the explanations are hard to apprehend, just know that as users, this is just a couple of clicks away.
If you lose your phone/keys you can simply allow your physician to re-grant access (additional details in the whitepaper).
People who find this solution unsatisfactory (because they don’t feel they can trust their own doctor), would be able to use the ZeroPass app, which in turn uses 2 out of 3 trusted contacts as recovery references for all keys and passwords ( not just Iryo specific).
The ZeroPass app section further explains the (opt-out) in emergency cases, that ensures there will always be a distributed backup plan, ensuring the chances for data loss and other accidents are minimized, making lost keys a thing of the past.
These are a myriad of technologies that when working in tandem (and are abstracted away behind the simple user interface) can help move society towards a new data protection paradigm. Ensuring verifiable security and end-user ability to force slow-moving and massive systems like healthcare to treat participants in accordance to their consent- not because institutions want to, but because cryptography doesn’t work without people issuing their sharing (re-encryption) key.