Let’s Eat a Private Cake

After I left Ant Financial/Alibaba, I was filled with gratitude toward Ant Financial, Alibaba, and our global partners for 3 incredible years – they have been an absolute blast. No one is enabling global financial inclusion at the rate Ant Financial is, and I’m grateful to have gotten an opportunity to foster that. I worked in China, Israel, The USA, Canada, Colombia, Mexico, Brazil, India, Indonesia, Singapore, Thailand, Malaysia, the Philippines, South Korea, Hong Kong, Japan, Macau, Germany, Russia, The UK, Finland and several other countries. The work has grounded me and helped me understand how enabling global trust at the scale Ant does helps people self-actualize. I will forever be an Aliren.

As for what’s next for me – I am going to take a stab at building cryptographically powered privacy, without reliance on the legal system. This effort is called TripleBlind. We are building an API that will enable bulletproof privacy as a service, allowing the option to enforce privacy mathematically.

As more and more of our information is stored and transacted with in the digital world as opposed to the analog world, the current approaches we take to such private transactions fall short. The default approach is to slap some mumbo jumbo legalese into a privacy policy with the expectation that no one will ever read it. The evidence would suggest that these approaches don’t work – because they leave open the option to abuse the trust afforded to them by their end users.

The legal/contractual approach to privacy falls short for several reasons:

  1. It still leaves open huge holes to allow misuse of the data, intentionally or otherwise, both internally and externally. Breaking compliance requires just one incompetent or malicious actor in the entire organization. E.g. the major credit bureau using “admin/admin” as their credentials for their primary database. Or the major credit card issuer keeping all of their credit pull information in an unsecured S3 bucket.
  2. The custodians or owners of the data cannot consent to every operation performed on that data. While they might have the option to do so on paper, there’s no way to enforce it. It relies on the right organizational processes and structures in place, which are fallible, if they even exist. If the privacy policy is in the way of a particular operation, the data custodian can unilaterally change the privacy policy contract on the actual data owner. If you’re lucky, you might get an email at 3am telling you that the contract changed and you somehow already consented to it.
  3. The western world also has a tendency to take rule of law for granted. As we shift to a world where the vast majority of internet users are not from the western world, incumbent approaches that assume contracts can actually be enforced are inherently “broken”.

The core thesis around TripleBlind is that privacy enforced data & algorithm interactions can unlock the tremendous amount of value that is currently trapped in private data stores and proprietary algorithms. If we move from a world of “don’t be evil” to “can’t be evil”, we can enable entities to freely collaborate around their most sensitive data and algorithms without compromising their privacy, allowing them to work together to create compounded value in a way never before possible.

Around privacy, I believe we can have our cake and eat it too – let’s eat a private cake.