Mark Zuckerberg says that the age of privacy is over. Those who feel socially invulnerable and are totally confortable to give control over their personal data into the hand of American startup companies might skip the rest of this article. Those who believe that privacy will remain a precious asset and precondition of freedom and democracy in the future, might start to worry if the rising use of web-services and the ubiquity of access to all kind of potentially confidential information concerning their life or the company they work for might become a threat important enough to abstain from using those kind of applications in certain contexts.
What options do exist besides full trust in the cloud providers and negociating appropriate SLAs? Is it possible and technically feasible to manage privacy within the web without relying on the web-application providers like Google, Salesforce or Facebook to respect privacy concerns and implement the necessary measures to avoid unsollicited access to private data and abuse from outside and inside the service platform?
Actually, the question is not a new one and the common response to it is the use of proxies that intercept confidential data and replace them with anonymized data. This must happen in a completely transparent way to not break the system. A prominent example is the use of anonymization proxies (e.g. Proxify) to hide IP addresses to ISPs. However, protecting data that is stored on the system of a SaaS provider is much more sophisticated.
Here are some ideas how such a solution can be realized to anonymize specific data used in web-applications.
Network: Van Jacobson proposes a solution on the network level by switching from the current location based architecture to a new paradigm called Content Centric Networking that uses content objects as the principal abstraction and that allows to build in security features on the data level. This idea probably will remain an idea for a long time since it would represent a revolution that requires replacing robust and well-understood equipment on a running system all over the world.
Database: Another idea is to use a proxy between web-application and database, which would need to be deployed on the premises of the SaaS provider. The proxy intercepts SQL queries between application server and database, identifies confidential data and replaces them. Some advanced Database Firewalls are able to identify user-based data-streams and match them against their firewall rules. The advantage of this approach is that it works generically for all web-applications without changing any line of code. However, the architecture is quite complex and has several open questions: how to manage keys (must be stored outside the SaaS provider)? Whom and how to specify, which kind of data to be protected?
But maybe the answer will not be a technical but a political one? The awareness for data privacy is growing strongly, at least in Europe. France ponders a Right-To-Forget law. Will the solution be at the end in the hands of politicians and judges?