The largest privacy breaches are caused by data thieves stealing the contents of corporate or government databases. Imagine a database that can do useful work without having any useful information in it. For instance, imagine a server that can answer questions about the items you purchased, your schedule for next Thursday, your favorite movies, or countless other details like other databases hooked up to the Internet—but if someone snuck through the firewalls, cracked the password layer, or found some way to get superuser control on the machine, he would find nothing he could use. Even if the evil hacker/ninja snuck into the server room and hooked the hard disk up to a forensic analyzer, there would be no juicy info available.
A database like this sounds impossible. How could the database answer questions about next Thursday without knowing something about what’s going to happen next Thursday? It’s got to have the data there somewhere, right?
Others have suggested suboptimal solutions to protecting sensitive data. But even if it’s locked away inside some electronic safe hidden in a virtual stonewalled chamber buried inside a cyber castle wrapped by an impenetrable software moat filled with digital acid that dissolves any bad bits that come in contact with it, the data is present and remains vulnerable to someone smart enough to simulate a privileged user.
The solution I’ve developed in this chapter is unique. The data is present, ...