Tide Protocol

Data and data infrastructure are the lifeblood of digital systems addressing health population management and future preparedness. It’s likely that every other “Solve Submission” depends upon it.

Mass data breaches and privacy exploitation is proving one of the biggest challenges of the century as it impacts individuals’ health, safety, finances, social interactions and even threatens the integrity of voting.

Even with best of intentions, governments and the most well resourced companies in the world are falling victim, so what chance do smaller organizations have to protect sensitive consumer data? It’s their vulnerable citizens, patients and customers ultimately paying the cost.

Tide removes the threat of mass data breaches by locking individual’s sensitive data inside organisations and handing those individuals the only key to their data. This grants individuals full control and transparency over their data and identity. It also means in the event of a breach, nothing sensitive is exposed.

Every individual that interacts with organizations today leaves a digital footprint. In the event of a breach, these footprints, which reveal sensitive information can be exploited or inadvertently cause serious damage.

Securing data remains elusive. In 2019 with over $100B invested in cyber security, there were a recorded $2T in losses. That’s over 15B individual’s data records leaked, stolen and exploited – and these are only the reported statistics.

Continued breaches leave individuals untrusting of organizations with their information, often leading to a degradation in data quality, quantity or participation in efforts that would bring significant benefit to their communities.

This impacts efforts like virus tracing, where governments have been forced to sacrifice effectiveness in order to gain acceptance and adoption of their platforms. Some countries have even introduced legislation criminalising inappropriate access to tracing data in an effort to address community concerns. Tide’s solution guarantees the integrity of digital systems by removing the need for trust. It removes the liability of protecting sensitive data for organizations and grants individuals full sovereignty over their data and identity. This creates a new trust baseline with the necessary security, consent and accountability for data to safely flow for research, tracing and care.

Tide is cybersecurity infrastructure, with no central point of failure, that dramatically reduces exposure risks from mass data breaches and privacy loss for organizations with sensitive citizen data and grants those citizens sovereignty over their data and identity.

Individuals’ data is uniquely encrypted, with the only key to that data remaining in the custody of the individual. Those cryptographic keys are entrusted by the individual to a zero-trust custody layer (i.e. a tamper-proof, decentralized network, that automates cryptographic-key-management, without compromising security). Along with the key, the layer holds user’s instructions governing access to the data for approved purposes.

Since the keys to sensitive data are held outside of the organization, in the event of a breach the exposed organization and even their privileged employees have no access to the sensitive data.

The solution is underpinned by a suite of new cryptography developed under an Australian Research Council grant in conjunction with Professor Willy Susilo and his team at UOW.

There is absolutely no change to the user experience, including any limitation to a particular device or interface.

Our solution uniquely addresses the needs of organisations (governments / enterprises), down to individuals interacting with them, via a transparent model and technology.

In solving the challenges organizations face protecting sensitive consumer data and complying with punitive privacy legislation, we’ve created a model that incentivises them to embrace privacy and individual’s data sovereignty. This in turn means that all citizens, patients, or customers interacting with those organizations are granted the benefits of holding the only key to their data and identity.

We have gone to great efforts to ensure that no new onus is put on individuals to enjoy the benefits, whether that be related to user experience, knowledge, expense or access to technology.

With a background in elite military cyber-intelligence, our team are well versed in how to protect sensitive data and how it can be exploited in the wrong hands.

Our advisory board of tech entrepreneurs, media titans, cybersecurity researchers and forward-thinking politicians have facilitated conversations with tier one enterprises to tailor a solution to their concerns and needs.

We’re also engaging directly with governmental organizations influencing or drafting new legislation to protect citizen data, including the OECD, Australia, the US and UK with inroads into Asia.

Whether it’s a system with preventative care and treatment records, tracing platforms, vaccine research or AI platforms predicting future pandemics - all rely on the integrity of the data infrastructure that fuels them.

Existing measures to combat data breaches are ineffective. Lack of reliable accountability for sensitive data access has resulted in low trust in organizations. Governments lack the critical mass of volunteered data needed for effective tracing. Forceful appropriation of data threatens the rights of citizens in countries around the world.

Tide is the only solution that addresses the needs of those systems without compromising individuals’ sovereignty and privacy.

Generally cybersecurity aims to lock down anything sensitive with perimeter security and provide access to the data via “keys” in the form of passwords, API keys or cryptographic keys. The trouble is, organizations manage the keys to their own security, and when you hold the keys, you are the biggest point of failure – when you’re breached you hold both the data and the access keys. Tide decentralizes the keys outside of the organization.

Other solutions aim to separate individual’s sensitive data itself from organization, which either means a middle man holding all that data (which simply shifts the central point of failure) or individuals become responsible for hosting, maintaining and ensuring availability of their data, which is an unrealistic burden on a typical user. With Tide, the data is uniquely encrypted but remains with the organization in a form they cannot access. It’s the keys to the data they are now in the custody of the individuals – but to remove the burden of managing those keys, they’re managed by a zero-trust decentralized network controlled by no single entity and with no single point of failure. The Tide network autonomously operates the keys in the manner instructed by the individual in accordance with permitted data use with the organization they’re interacting with.

Another innovation is the method by which individuals authenticate with organizations using Tide. Although its a familiar username / password mechanism, it is fully decentralized, and the password is never shared with any third party.

Tide is a suite of entirely novel, open source, technology. We have a number of patents pending. The core technology includes the following components:

Zero-Trust-Custody-Layer

A decentralized network that securely holds end user keys in the cloud-based and autonomously performs key actions in accordance with user instructions. It’s layer 3 distributed ledger technology. Using Tide’s unrivalled Secure MultiParty Computation schema, the entire layer operates as a decentralized swarm with 70% fault-tolerance – where each node operates oblivious of the key and the data, but the swarm as a whole performs cryptographic functions, such as encryption, decryption, digital signing and random-key-generation at high speed.

Decentralized Authentication

It’s the first password based authentication that is fully protected against Offline Dictionary Attacks as well as malicious/compromised node MITM attacks.

It supports multi-factor authentication as well as single password auth. It also operates as a decentralized OAuth solution. All standard centralized-like features, such as change-password and forgot-password recovery are built in.

It offers platforms and their users a ubiquitous authentication experience that is device independent, orders of magnitude more secure than any existing password authentication and removes the need for entities to store and protect honeypots of passwords. Perhaps most valuable is the complete identity sovereignty offered to end users who not only hold the only key to their accounts, but no longer entrust password credentials with any third party in order to authenticate – removing the possibility of impersonation.

Our whitepaper describing the Tide protocol in its entirety:

https://tide.org/whitepaper

A self published paper on the first generation of our decentralized password authentication mechanism and the cryptography we developed to hide passwords in a decentralized network:

https://tide.org/splintering

Working proof of concepts for developers:

http://h4x.tide.org/

Our open source code based, where developers can fully replicate a working environment:

https://github.com/tide-foundation/Tide-h4x-for-Privacy

Tide’s theory of change relies on the premise that as the value of individual’s sensitive data increases, the current conventional data protection evolution path of continuing building barricades will only hinder organizations ability to operate, force managers to bypass those barricades and will result in greater occurrences and scopes of breaches. A lasting remedy can only be achieved through a commercially-viable unconventional concept that puts individuals as the top authority over their data. A model that can prove its value to trickle-up the chain, such as Tide, will explode.

As an input to Tide’s ToC, we have the unique mix of skills focused on solving this problem (see Tide’s team), emergence of decentralization principles providing implicit global trust within open economies (multiple Bitcoin research), seed funding (see financials), increased global awareness of privacy, increased regulatory compliance for privacy protection and the increasing occurrences of security breaches to personal data within organizations.

As Outputs, Tide achieved the invention of a novel cryptographic model that can guarantee digital ownership (see patents) and the design of a new open protocol for handling sensitive consumer data (see Tide’s whitepaper).

The Outcomes of that body of work will materialize in an ecosystem of organizations “handing over” the control of their consumer’s sensitive data over to an external consumer-controlled automated custodian which is openly-managed by a consortium unrelated parties that are incentivised by a viable commercial model of fair compensation (similar to many successful models of blockchain node operator models).

The lasting Impacts would show a decrease in exploitation of personal data (such would be rendered eradicated without access), Reduction in breach exposure for the participating organizations (scope of breaches will be minimized due to model), Reduction in liability of holding sensitive data, Reduction in insurance, maintenance and security costs for the organizations (ref OECD / UK CMA reports), Increased trust in organizations adopting the tech, Increased willingness to share more sensitive data for the embetterment of organization/consumer interaction leading to higher conversion rates (ref Boston Research Group market research).

Together with our esteemed members of our advisory board (former chief economist for one of Australia’s leading banks and a university professor), we’ve have designed a detailed expansion model that gives us realistic projections based on very conservative assumptions. It’s important to note that our model takes into account the constraint that Tide is a deep-tech outfit in its early stages and won’t hit the market with any live customers before its 2nd year.

For the purpose of this question, we’ll be considering “meaningfully affected audience” as audience will take up the opportunity to engage fully with the technology and will gain significant benefits such as increased engagement levels, increased satisfaction levels due to trust and some will even benefit from both direct and indirect monetary rewards. The rest of the “directly affected ones” would be individuals that our target organization applied our technology over.

On its first year, Tide expect to only have individual participating in piloting the technology, therefore the quantum is irrelevant as can be deemed as zero.

On its 2nd year, while targeting a single market, we expect to impact 3,914,015 individuals with 117,420 of them taking full meaningful advantage of the technology.

On its 5th year, we expect to be operating in 7 international territories and reach an impacted audience of 200,233,417 individuals with 75,447,049 of them to be meaningfully affected.

As to the impact of any health research, improved tracing capabilities, and health outcomes as a result of Tide adoption we could only speculate.

The Tide-enabled ecosystem goal is to address needs of both consumers, businesses and organizations on a global scale by changing the approach on privacy and personal data ownership. This ambitious world-changing goal is expected to being with a modest milestone of achieve a handful of marquee pilots in the next year.

Tide's approach to scale is through population assimilation en masse. On that approach, Tide expansion is mostly based on the principle that once a business adopts the technology, their entire database is securely assimilated into Tide’s ecosystem, thereby individuals en mass.

Over the next 5 years, our go-to-market strategy is slightly more involved and, in a nutshell, involves a three-prone approach:

1. Long-tailing: Tide technology will be distributed as an open-source technology on a commercial license with incentivised developer community to promote and drive the low-end market adoption that’s looking to reduce the privacy compliance hardships and avoid the security breach risks.
2. Enterprise direction: Leveraging system-integrators growing demand to offer solutions to their customer-base in light of the continuous rise in security breaches with harsh enforcement of privacy regulatory globally.
3. Top-to-Bottom: With the aid of lobbyists and leading privacy consultants, we’ll engage governments worldwide, with the aim of promoting a more cost effective, secure and trustless solution to privacy compliance.

• Funding QA engineering efforts post pilot to launch the network.
• Creating the right combination of ques for enterprise organizations and governments to endorse and adopt the technology.

• Galvanize the open source community to crowdsource development efforts. This will be done with the publishing of new papers, that have previously generated attention on our technology as well as new community bounty programs.
• Seeking endorsement from politicians, technology thought leaders and futurists with an interest in privacy. This will be done via direct engagement and advisory board facilitated interactions and PR efforts.

6 x full time

Tide’s four founders are each industry veterans in various fields. We have independently founded, led and exited one or more ventures. Our team have built critical infrastructure for cyber-intelligence communication systems, telco operating systems, field personnel emergency response systems and pioneered VOIP technology.

We’ve attracted a world class advisory board, who provide strategic and operational support, including the former GM of DoubleClick, Former Worldwide Chairman of M&C Saatchi, a leading cryptography professor, a former politician, a former bank chief economist and others of similar calibre.

As a team, we’ve been awarded the prestigious Linkage Program grant from the Australian Research Council together with The University of Wollongong. We’ve been covered in global tech and business media from TechCrunch to Forbes. We’ve also been invited to speak at numerous events, including SXSW.

We’re a multinational, multilingual, multicultural team who’ve worked and taught in organizations around the globe. We’re extremely passionate about data privacy and creating a world where our children’s generation control technology to enhance their lives, rather than technology controlling them.

We have joint R&D, piloting and commercialization projects together with:

1. The University of Wollongong (UOW): An Australian public research university, ranked in the world’s top 200 institutions. Specifically, their Institute of Cybersecurity and Cryptology.

2. KDDI Research plays the core of research, development and think tank of KDDI group. Looking to the future beyond 2020, KDDI Research would like to strengthen and accelerate the creation of next-generation technologies and the enhancement of the ability to predict the future across the company, while promoting a seamless flow from research analysis to R&D.

3. Partnered by top tier Australian law firm Gilbert & Tobin.

Our solution provides the incentive for organizations to adopt Tide technology and pay for the services offered by the Tide network. The data and identity sovereignty benefits to individuals are an automatic by-product. The symbiotic nature of the model produces the more significant benefits to society through more productive, secure access to data.

As an open source protocol, Tide is free to download, customize and deploy.

The network charges per api call for the automation services of the Tide network. It’s a simple business model with an even simpler integration.

Organisations point inbound data to the Tide network along with business processes that require access to that data.

We’re funded via a combination of grants, investment capital and early stage piloting revenue. Once the network is fully deployed and commercially available, node operators are incentivised to grow and operate the network, which both distributes the costs and creates viral growth. Long term, our financial models anticipate revenues to more than adequately fund the necessary operations.

• Network of like minded peers and social entrepreneurs, who can benefit from our technology and help proliferate it. 
• Exposure from participation, promotion and Solve / MIT networks to potential partners.

Tide adoption in government and enterprise will require the right political tail-wind. Marquee distribution partnerships and early adopters will help generate the necessary momentum for funding and adoption at scale. 

We'd seek collaboration with Cybersecurity at MIT Sloan and associated members to pilot the technology with relevant member organizations, some of whom may ultimately also become channel partners.

We'd also benefit from collaborative research with the MIT Initiative on the Digital Economy to continue exploring the impact of Tide's model, which has already been studied and reported on by the OECD and UK's Competition and Markets Authority.

Tide is a world changing technology and venture that promises reinvent the relationship between individuals and organizations for their mutual benefit. It reduces significant risk, cost and liability for organizations, while granting their consumers unprecedented privacy and sovereignty over the date and identity. The commercial benefits of the success of Tide match the enormous social impact.