New tools for building trust in digital services

Trust in digital services is difficult to build because it’s hard to prove the claims services make about how they use data. New tools need to be developed to show how services can be more transparent. At IF we’ve been exploring about what those tools could be.

Over the last few months, we’ve been using Google’s open-source project, Trillian. This software is used to store data in a way that makes it possible to check if anything has been changed or deleted.

Current uses of Trillian

Google’s Certificate Transparency uses Trillian to store a log of all HTTPS certificates. Log entries are submitted by Certificate Authorities as they issue new certificates. Browsers then use this to warn people who visit websites where the HTTPS certificate is missing from the log. This is why it’s important to ensure the log’s ‘integrity’ — that log entries haven’t been deleted or changed. There are many other potential uses for this technology. For example, DeepMind Health are exploring how Trillian can log access to health records.

Blockchain is often referenced as a way of ensuring the integrity of a dataset. Trillian works as an alternative for datasets that are centrally stored and managed. An advantage of Trillian is that it doesn’t require the resource intensive and environmentally damaging processes needed when ensuring integrity in a decentralised system.

How Trillian ensures data integrity

Trillian uses Merkle trees to store data. Besides just storing data, Merkle trees contain representations of individual items of data called hashes.

Hashing software turns unique items of data into a unique hash. The software used to create hashes makes it difficult to turn hashes back into original data. This means that representations of data can be shared openly without revealing the original contents.

Hash

Hashes can also help show when data has been changed. Even when the source data changes slightly, its hash will change significantly. David Marques/IF: CC-BY

Showing the value of Trillian through example code

We’ve been exploring possible uses of Trillian with DeepMind. Our example applications show how to get started using Trillian to publish data and to check its integrity.

Trillian is still in development, so getting started with it requires a thorough understanding of its underlying technology. To help introduce Trillian to a wider audience of developers, we’re releasing some new code and tools:

You can download these examples from GitHub and explore building your own applications that use verifiable datasets with Trillian.

Trillian is just one tool that can be used for monitoring datasets. More work is needed to show how tools like Trillian can be used to develop services that are more transparent about how they use data.