Comment by mrob
6 years ago
It is not inherently spyware, because fully homomorphic encryption exists. This in theory allows cloud computing providers to operate with no knowledge of their customer's data or computations. It's in general too computationally expensive to be practical, but that's not the same as being impossible.
If I encrypt the data how is the service able to handle it?
As an example you offer an online document cleaner, the user uploads his document and you do the magic on it, but if you encrypt the document then the backend can't read it. The document needs to be decrypted somewhere.
The point of homomorphic encryption is that you don't need to decrypt it. Fully homomorphic encryption allows for arbitrary computations on encrypted data. This is mostly of theoretical interest now, but it's mathematically possible.
Could I write a spelling and grammar checker that works under such a system? Or a language translation service. Or a red-eye reduction or image filtering (Instagram/Snapchat type filters) algorithm on photos? In a context where the author of the document is not the same and doesn’t trust the author of the algorithm(s) and both authors wish to keep the details of their content/algorithm hidden from the other party.
It’s a genuine question for which I’ve done a small amount of google/Wikipedia reading, but I suspect the answer is “no, of course not”, but I’ve been surprised before by tech/crypto solutions that I didn’t know the details of.
3 replies →
No. This is exactly the problem homomorphic encryption solves, albeit slowly. For an alternative more practical approach see Intel SGX.
It is the same as being currently practically impossible. Which may change in the future, of course, but doesn't help us particularly with the current situation.
So it's spyware unless they use homomorphic encryption?
…which nobody does.
Yet
AFAIK homomorphic encryption exists only on paper; it's not something you can find in use within SaaS applications. Until that changes, GP's point stands.