Quick—what's the first image that comes to mind when you hear the word "encryption?" Maybe a "Mission Impossible" action movie about recovering a stolen, encrypted hard drive? In the real world, putting a password on a .ZIP file before sending it to someone else is as close as most of us ever get to secret agent territory. But encryption is coming to the masses, and it’s about to radically change how financial institutions do business.
A decade ago, cryptographers joked that they were the poster boy nerds for “pocket protector” advertisements. Today, however, they’re the hottest commodities in the high-tech job market, with companies like Apple, IBM, Microsoft, and Oracle all aggressively competing for the skills they need to integrate encryption capabilities into their products. Many of these experts, however, turn down lucrative contracts to start their own companies, creating radically new technologies that challenge the very nature of how we do business—and some technologies that challenge very nature of the business we do.
We've all heard how "blockchain technology" (hailed as the biggest "Next Big Thing" since the Internet itself) enables Internet users to transfer value between two parties, with no centralized authority needed. In fact, ATB recently made headlines as one of the world's first financial institutions to apply these cryptographic tools to securely send a cross-border payment to a large European bank in Germany. The transfer was faster, regulatory compliant, significantly cheaper, and involved far less overhead than the way such payments are made today.
Bitcoin has transferred over $100B USD as of 11/1/2016
The cryptographic innovation making so much news today is called a “blockchain.” Put simply, a blockchain is a new kind of decentralized, public database that saves thousands of identical copies of itself on the internet. A complex structure of incentives ensures that each network participant is rewarded for playing by the rules, while making the rewards for breaking the rules too low to justify. Incoming transactions to the blockchain are broadcast and verified via a complex mathematical process called a “consensus algorithm” that, essentially, uses complex mathematics to accept only valid transactions. Anyone with a valid blockchain token can “spend” that token to send a transaction to the blockchain. Once spent, however, the transaction is irreversible and that token can only be spent by its new owner.
Because the blockchain’s rules and incentives are transparent to everyone, the system can quickly resist any hacker’s efforts to trick or game the system. This security comes from the blockchain’s structure itself, which works like a slowly-growing stack of blocks. Verified transactions are encrypted together into blocks, which stack on top of each other forever, with each block mathematically linked to the blocks below. The older (and therefore “further down”) a block is stacked in the “block chain,” the more secure and immutable those transactions become. In just a few hours after a blockchain transaction is confirmed, thanks to the encryption that underpins the blockchain, the resources needed to for any attacker to overcome the network’s security and steal the blockchain’s coins become astronomical (in fact, right now, experts estimate that an attack on the Bitcoin network would cost several billion dollars—and would only game the network for ten minutes! To date, there has never been an instance of a working blockchain being hacked and having its funds stolen).
For financial institutions, blockchain technology offers a few key benefits that we’ve never seen before. With the rules known to everyone and no need to trust a central authority, the blockchain offers proof, transparency, and immutability in an extremely neutral way. And, because it lives on the Internet, anyone anywhere in the world can reference the blockchain to view proof of exactly which transactions actually happened.
Every transaction has a party (perhaps a seller), and a counterparty (perhaps a buyer). The blockchain enables companies to compete for customers in a transparent way on a global scale, because, no matter how far apart they might be, both the business and the customer know that every party in the transaction must always operate on only a single, perfectly-verifiable and recorded series of events, thus significantly reducing risk for both parties. Soon, other blockchains will record feedback on experiences that internet customers have had in dealing with any number of far-flung companies, and only those with the highest global reputation scores will be able to successfully compete for customers. This is one of the most compelling values blockchain can deliver.
While blockchain tech ensures that both parties on the same page, other projects are working to extend the capabilities of the blockchain itself. One project, Ethereum, has created a blockchain that is programmable, meaning that coders anywhere in the world can interact and configure the Ethereum blockchain to execute and react to pre-programmed conditions that autonomously move value around the blockchain. Simple smart contracts that enable online stores to receive payment and ship the order to a customer automatically already exist, but, in the near future, however, extremely large and complex “Digitally Autonomous Organizations” (DAOs) will also emerge, incorporated on the Ethereum blockchain, that allow programmers to deploy extremely complex governance structures that cannot be hacked, and whose code is open and transparent to everyone participating.
Although Ethereum DAOs had a spectacularly rough start—a hacker found and exploited a significant vulnerability that robbed millions of dollars from the first DAO—ultimately, the technology is projected to revolutionize the way financial institutions, local governments, non-profits, or even local organizations interact with their members. Anyone can start and structure their own DAO, and the Ethereum blockchain would enable anyone to inspect the code and decide whether they wish to participate. It is projected that, perhaps 15 years from now, people will be using the Ethereum blockchain to structure and track contracts both small and large, from their family’s Breast Cancer marathon donations, and auditing the budgets and spending of their local or even national governments.
Other encryption projects may deliver benefits that, for the most part, go largely unseen. Put simply, encryption means that only someone with the "unlock key" has the right to decrypt and read the data encrypted with that key. For instance, one of the largest expenses companies incur today comes in buying and maintaining the huge server farms that live in a company’s basement and that store and run the company’s networked data. Soon, however, encryption will challenge the boundaries of where our “internal and external” networks begin and end. One project, called MAIDSAFE, is leveraging encryption and an elegant “global data redundancy” solution to pose the question: Isn’t the company’s “network” defined by secure access to data itself—regardless of how or where it is stored?
Although network security experts in financial institutions around the world may look sideways at technology that stores sensitive company data “on the Internet,” they already trust the current generation of Virtual Private Networks (VPNs) products to extend our networks into the internet. An emerging protocol called MAIDSAFE may be poised to take corporate networks to the next step.
The MAID protocol works by joining the spare hard drive space of millions of MAIDSAFE network participants around the world into one “Massive Array of Internet Disks” (the “MAID” part) and assigning a secure, “cryptographically discrete disk” space (the “SAFE” part) that stores only that company’s data. Because the data is always encrypted with the company’s encryption keys, MAID data is impossible to trace, intercept, copy, delete, or otherwise read by anyone outside the company. To the user, however, no matter where they are, as long as they have Internet access and the right credentials, they can open and change their work files just like they always have.
The MAID network’s storage providers—some offering enterprise class speed and storage—are compensated via extremely tiny micro-payments transmitted using the MAID cryptocurrency (think thousandths of a cent), recorded and protected on the MAIDSAFE blockchain. The result is high availability and efficient use of Internet-connected storage. With IT budgets constantly under pressure, network administrators are becoming more and more open to solutions like these for certain applications, and MAID technology is slowly being adopted for the network’s least sensitive files. Soon, however, all of a company’s files will be protected by these specialized technologies that wrap their data in hacker-proof encrypted envelopes.
The last project cryptographers hope to surprise us with represents the “holy grail” for enterprises that take the security of their data seriously. One of the most critical risks for financial institutions today is allowing vendors or other partners to work on their customer’s sensitive data while maintaining oversight over that data to ensure that it is still safe. Because it’s virtually impossible to decrypt a company’s data without the key, however, hackers typically target the systems that decrypt their customer’s data before working on it.
One company called Kryptnostic, however, uses a revolutionary, an end-to-end encryption architecture called “fully homomorphic encryption” that, at first glance, seems to promise nothing short of a miracle. Through a series of unbelievably clever and complex mathematical tricks, their technology enables a financial institution’s vendors and partners to read and perform direct computations on the encrypted company’s data, and even write the results—all without ever decrypting it. This means that, from start to finish, a hacker would never be able to read the company’s data because it remains encrypted throughout the entire process. In other words, the potential of this technology is literally stunning. If this were a medical innovation, it would be like a heart surgeon using a Star Trek transporter to beam over a heart transplant, with no scalpels involved!
In the somewhat distant future, these cryptographic innovations, coupled with emerging tech that bring transparency, tracking and verified identity solutions, will also merge with other communication innovations like augmented/virtual reality. Soon, will an A.I. automatically help one of our customers apply for a mortgage? Or construct new and incredibly detailed financial products for them, “on the fly,” and present projections or benefits via Microsoft HoloLens technology in their living rooms?