TNO’s view of 2030: Digital privacy and security for everyone

In this article, Erik Meeuwissen (Senior Consultant) and Maaike van Leuken (Researcher) discuss a number of topics including Self-Sovereign Identity (SSI). SSI is one of the technologies TNO is working on in the area of privacy in relation to data sharing.

Less and less control over how your data is shared

We work with privacy-sensitive data in order to protect the digital security of organisations and the general public. In recent years, however, it has become clear that the public have less and less control over how their data is shared. At the same time, a large part of our private lives is being recorded in ‘digital environments’: from our financial affairs in banking apps, healthcare details in hospital information systems to borrowing a book from the library.

Self-Sovereign Identity (SSI)

SSI gives the user control over which (personal) data is shared with whom. The recipient can quickly verify this shared data electronically, for example for authenticity and validity. The process uses cryptographic technologies, such as ‘(decentralised) public-key cryptography’, ‘zero-knowledge proofs’ and in some cases also ‘distributed ledger technologies’.

This enables an efficient exchange of verifiable digital information, where a high level of trust can be achieved. Even between parties who do not naturally trust each other.

Ownership of your data

Maaike: ‘From a privacy perspective, digitisation presents many challenges, but just as many opportunities for improvement. SSI allows us to own our data and choose who to share it with.

Think of it like showing your ID at the supermarket to buy alcohol. Now, the cashier can see your entire passport, including your nationality and place of birth. If you were to digitise this process, you could strip away data to show only what is relevant to a particular situation: in this case your date of birth.

We can go even further by using zero-knowledge proofs that confirm you are 18 without even sharing your date of birth. Being in control of your own data: that’s what SSI is all about.’

The challenge is adoption by society

SSI is a technology that originated around 10 years ago and is now in its adolescence. We can do many things already, but SSI technology has not yet reached maturity. The biggest challenge is now adoption by society.

Cryptography can be used to encrypt information but also to prove its origin. Of course, malicious users also adapt to the latest technologies. That is why it is very important to recognise deviant behaviour early so action can be taken.

Erik: ‘If a failure is imminent or an attacker has access to parts of the infrastructure, TNO creates algorithms to detect this kind of behaviour early. We want to make sure that an attacker, who aims to achieve his goal in small steps, can never do so’.

Digital security in all sectors: from finance, government and tech to logistics

TNO works on the assumption that all digital environments could be a target in the coming years. That is why it has many ongoing research projects with partners in areas such as the financial sector and government. On a more specific level, TNO then focuses on technological niches that have not yet been covered. ‘Big tech is seeking to monopolise the SSI market,’ says Maaike, ‘and we are trying to remain a step ahead.’

Erik: ‘Working in this field remains a cat-and-mouse game, as cyber attacks are getting smarter and smarter. Another aspect to mention is that detection research at TNO has mainly focused on office environments. But these attacks can also target vital processes, posing an immediate risk to life. That is why we are also broadening our research to include operational technology (OT).’

The future: ‘self-healing’ technologies

What does the future hold? Maaike: ‘In three years’ time, I would like to see the first big SSI pilot within TNO, with everyone at TNO logging in to their computer via SSI for a week. At the same time, SSI needs to be used within government agencies and the medical profession. By 2030, SSI technology could prevent a huge amount of errors and enable healthcare providers to engage in their core task instead of typing up documents’.

Erik: ‘We are also carrying out research into “self-healing” technologies that can respond even faster to attacks and disruptions, just like the human immune system. AI will play a big role in this. But it remains still difficult to say what the future holds. And technology alone won’t solve all of our problems. Partnerships to ensure that our work has an impact within society are just as important’.