Colloquium: Protecting Privacy by Splitting Trust

ABSTRACT: When the maker of my phone, smart-watch, or web browser collects data about how I use it, must I trust the manufacturer to protect that sensitive information from theft? When I use the cryptographic hardware module in my laptop, need I trust that it will keep my secrets safe? When I use a messaging app to chat with friends, must I trust the app vendor not to sell the details of my messaging activity for profit? This talk will show that we can get the functionality we want from our systems without having to put blind faith in the correct behavior of these single entities. The principle is to split our trust -- among organizations, or devices, or users. I will introduce new cryptographic techniques and systems-level optimizations that make it practical to split trust in a variety of settings. Then, I will present three built systems that employ these ideas, including one that now ships with the Firefox browser.