Presented by

  • Dan Shearer

    Dan Shearer
    https://cv.shearer.org/w/CV_List_View

    Dan Shearer has been involved in Open Source since before it had the name, leading on to his interests in digital human rights. His career in open source projects started with Samba and related projects, and includes embedded, real-time, virtualisation and simulation codebases. LumoSQL is his current project, embedding a new form of data security called Lumions into the standard SQLite database used by billions of people. Lumions use Attribute-based Encryption to store permissions such as read, modify, delete etc into the data, and LumoSQL makes every row in a database into a Lumion. In addition, the team is working on a way of adding a timestamp as a reliable permission to Lumions.

Abstract

Our private lives and data are often sold by giant tech companies, or inspected by many national spy agencies. Privacy laws are essential to challenge this behaviour, but they do not help individuals because digital life is too fast for the laws to keep up. This is true even in EU countries with very strong laws, and in Australia, realistically even the most savvy citizen cannot enforce their rights to digital privacy. We need a new approach, and we need it much sooner than legal and human rights campaigners can deliver it. Society is generally is becoming more aware of privacy rights, just as it seems technically impossible to deliver them. That seeming impossibility has recently turned around, thanks to advances in traditional cryptography and some very fortunate facts of mobile software. A joint effort by the LumoSQL team, cryptographers from the Faculty of Engineering at Vrije Universiteit Brussel and some wonderful open source contributors has produced four promising inventions. Today the four inventions are a mixture of testable code, published academic work and unfinished proposals: * Enforceable permissions that are part of the data, so that enforcement is a matter of mathematics, not software. This uses Predicate Encryption. We are developing this as an Internet standard, so that encrypted data can travel across clouds and devices and always be readable by anyone who satisfied the permission requirements. This is the Lumion standard, which is light on detail but big on ambition * A small and compatible extension to the common SQL database language so that these rich permissions are accessible to any application which uses SQL, and for inclusion in any SQL database. We call this SQL-PE, for Predicate Encryption * A small and compatible extension to the SQLite SQL database used for storage on every phone and device. This includes the new SQL-PE permissions system, with Lumion storage for encrypted data with permissions. We call this LumoSQL, and it is the first mainstream database with per-row encryption. LumoSQL is backwards-compatible with SQLite, the most-used software anywhere * A way of reliably including concept of time as an additional permission for data, e.g. "this row of transaction data will not be visible to the tax department until June 2023". We distribute time publicly as Lumions, and call the distribution system "Not Before Time". This is a kind of upside-down PKI, with a reduced problem space that hopefully reduces the main objections to PKI The combined effect of these inventions is that we, the end users, can authoritatively dictate permissions that apply to our data, turning the existing power structures upside down. Take-aways from this talk: * practical actions (including for non-technical attendees) that reduce their privacy risk in everyday living, and in privacy emergencies * an invitation for contributions from the more technically-inclined. We need help in science communicators, C and Rust development, statistical analysis and infrastructure operations * actions for politically engaged citizens. The 2022 Federal Election showed that local politics can have national effects. Urgent changes in privacy law are needed * evidence that the immediate future of privacy could be less bleak than it seems now, whether you come from a human rights, technology, legal or commercial background YouTube: https://www.youtube.com/watch?v=ITGZzOubUNg LA Archive: http://mirror.linux.org.au/pub/everythingopen/2023/clarendon_auditorium/Tuesday/Enforcing_Privacy_Rights_Against_Big_Tech_and_Big_Surveillance.webm