|
Many governments have policies that address the location of data. For example, there has been a long series of disputes about the transfer of data into the United States, when those data are covered by European Union privacy rules. The latest dispute in that series concerns the transfer of data from Facebook Ireland to its US parent. For another example, the state of Georgia requires that state data never leave the United States. These policies are increasingly detached from how modern computer systems work. Indeed, the policies give engineers incentives to design systems that deliberately blur or evade questions of where data reside.
It is natural to think of computer data in the same way we do paper files. We imagine that our files are written on our computer’s hard disk as though with a tiny Etch-a-Sketch; even in the cloud, it is tempting to imagine that a discrete and distinct physical object is representing our data. There was a time when computer systems worked this way, but modern systems design has complicated this picture. For instance, it is routine to split data three ways, such that any two of them are sufficient to reconstruct the original. The advantage of this is that the system has as much redundancy as keeping two copies of everything, but with half the overhead.
These advanced data storage techniques are mostly thought of as an engineering detail, but they threaten to have significant policy consequences. Suppose I live in Ireland, and my data are split between the US, Ireland, and France in such a way that any two copies are required to read the data. Have the data left the EU? The American copy is meaningless on its own. More simply, suppose that my Irish data are stored in the US but are encrypted with the key still on Irish soil. Here again, the data present in the US are meaningless and do not diminish my privacy.
The core technology that lets us separate data location from practical access to data is cryptography. Using modern cryptography, engineers can make reliable assurances that “the data are stored in such a way that an unauthorized party without the key, will be unable to learn anything about the content.”My confidence in encryption might seem surprising, given the number of high-profile data breaches that happen regularly. There is, in fact, no conflict; a complex full-featured system with human users will typically have security vulnerabilities. But we can build small pieces of systems, such as the storage layers, with a high degree of assurance – high enough that we can safely store encrypted data even on untrusted storage devices. The ability to do this is the key enabler of the whole cloud storage industry and, in turn, of much of the modern technology industry.
Instead of focusing on location, policymakers should focus on capabilities. A good rule would say something like “data should not be transferred in such a way that the recipient can extract the following particular private aspects”or “data must be stored securely in such a way that unauthorized parties cannot learn the plaintext.”Such rules will enable the technology industry to experiment and adapt, while still holding providers accountable in the event that their products fail to adequately protect users. This post was originally published on TechPolicyDaily.
Today’s transformational startups may be different than those of the past in that they can generate economic value with fewer people.
|
