A closed system that puts the customer’s needs before the custodian, increases the data custodian’s total cost of ownership (TCO), increases system complexity, and reduces scalability opportunities. It’s a new paradigm that breaks away from existing standards and practices and system models for the sole purpose of protecting the privacy and data of the customer. It operates on the premise that no one is trusted to hold this data without risk of breach for any reason whatsoever, and that any such breach is limited to attack vectors only. At the extreme, the model offers protection of user data from court order and custodial threat of harm.
Not to be confused with Forrester’s network security model by a similar name.
Your personal data or data intended for your personal use is under constant attack by others. Whether you are aware of it or not, or whether it concerns you to know this or not, it is, and it applies to ALL data about you. This breach is so vast that even technical insiders that are concerned with this fact feel powerless to do anything about it.
There are many ways our data leaves our control, for instance:
- Sold or leased without your knowledge*
- Shared with other third parties (multi-level)
- Stolen by cyber criminals
- Stolen by rogue custodial employees
- Lost (or stolen) resulting of custodial negligence
- Court order (taxing authority, criminal and family law matters, etc.)
Our data is used in nefarious ways on both a macro and micro level and we have no control over the limits of such breach. Your personal data can be used against you in a micro way, whereas our personal data collectively can be used against you and me in a macro way. For instance, sentiment analysis of such things as social media for “social scoring” as is currently being done overtly in China**. This could not have been achieved without our data being mined as the source of their research and development of refining sentiment analysis.
** Without glorifying it with a named mention, it is important to know that social scoring is already in the United States. If discovered, be sure not to provide yours or anyone else’s name into its collector even if just “curious”.
Technical Description (50,000 Feet)
The 0Trust model is the exact opposite of where the technical industry has (de)evolved to. For instance, it is customary to design systems in “tenant” fashion, hosted in the “cloud”, in a shared database. Even for non-tenant-based systems, the data is not generally encrypted, and for those systems that are encrypted, there is no real means of ensuring that system administrators do not have access to the data. That is, the organization cannot survive the Judicial Challenge.
The fundamental premise is that only the system or application have access to the underlying user data, and that data is always encrypted at rest. Only the end user and the application hold the key to the data, and the application never allows the key to rest. If the application goes down, only the end user can restore the data, and so the application must rest upon high availability. So, at least partial high availability is compulsory (for the keys).
The data defies Big Tech and eliminates the possibility of such things as sentiment analysis, shadow banning, or even thought shaping into the hive mind via
aggregation assimilation — because the data is not stored in shared storage nor does it have access to the data.
If this sounds difficult, costly, complex, and inefficient, it’s because it is. Mainly because all of our infrastructure design is premised on trust somewhere, and so we must break through our existing models at a high cost for the sake of putting our users’ needs before ours, because in the next paradigm they will adapt and demand. Think that’s crazy? Have a look around and what do you see? Social unrest everywhere; the age of “woke”.
Use Case Predictions
The introductory use cases for this model are expected to be narrow because the cost to maintain such a model exceed what the industry is used to today. I predict that an increase in data breach will sharply rise to the level that forces industry to rethink its posture. Attempts will be made to mitigate data breach in short strokes that do not actually solve the underlying problem of data and privacy breach, while increased awareness of the user base will likely drive both fringe and luxury use cases, until the financial use case is discovered. Bitcoin and Monero will also aid in the increased awareness as so-called hackers use it as a means of black market payment and ransom, while at the same time the tech and monetary world postures about crypto currency. As awareness increases alongside data breach velocity, so will additional use cases, until it becomes the prevailing standard and practice.
What I am about to suggest sounds unthinkable and for those I invite you to reflect back 10, 5, even 2 years. And so the 0Trust mindset will also challenge the world, and there will be critical moments in certain jurisdictions that will attempt and succeed in making this model illegal without providing a back door for the judicial and intelligence arms. Some will comply, and others will move into other jurisdictions. Eventually, this model will either succeed or fail worldwide until it becomes obsolete by computing advances, but until that time the liberty vs. statist mindsets will battle in all things, your data and privacy will not be spared from this battle. For those that chuckle at this thought I call your attention to President Obama’s recent surrender of control of the Internet prior to relinquishing his presidential powers — the power to regulate the Internet now rests in the hands of the Globalists.
Judicial challenge is critical to this model; that is, it is imperative for the custodians of the data to go before a judge or magistrate, under oath, to declare that they are incapable of complying with the court’s order to surrender data concerning their customer. It is a legitimate way of demonstrating that there is no means by which to access the data without redesigning the system/application, which could present great risk to the system as a whole.
The 0Trust model assumes that the custodians will be subject to irresistible forces that will lure them to be vulnerable to the breaches outlined above. The goal isn’t to thwart human nature, but to resist it by surviving the breach. The model itself eliminates the majority of risk because it eliminates the “weak” link — the custodians.
Nothing presented herein purports to protect against the custodial hardware being taken, where the application and data likely rest. A forensics capable actor that acquires the underlying hardware or data might be able to reverse engineer the application and data with brute force, which is no different to the physical access risks that apply to data protection concerns today. This includes virtual acquisition for forensic analysis as in a P2V snapshot. The model assumes this, however, and its mission is to be resistant to that breach too.
I have done it, and so can you, and since it provides competitive edge appeal the early
adopters disruptors are likely to steal market share in many categories.
A(lmost Non Political) Warning
I believe that our privacy and data protection rides solely on the American Constitutional mindset; the preservation of our individual civil liberties, and its spiritual foundation. In America, its Constitution used to be a universal common belief left, right, and center. There is a “communal” revolution taking place that thwarts that spirit in every way and so it must be stamped out regardless of your politics. Even if that anti-constitutional mindset served ones politics today, the result of what will fall will be turned on everyone tomorrow.
Update: released July 19th, 2019. I had hoped to release this post with an accompanying open source library, but I did not finish removing the proprietary aspects, and so I decided to release this article without.
UPDATE July 4, 2020: Everything is moving much faster that expected. The
judicial challenge I wrote about in this article it being struck at the base in the name of the “Warrent-Proof Encryption”. At least it has a name now: