The truth is that anything connected to the internet can be hacked. However, hacking wasn’t always a problem.
The History of Air Gap Technology
Data used to be held offline, in what’s now known as cold storage. Data on external paper cards, then moved to tape and digital media as technology evolved. The first computers built were by default on cold storage or ‘air gap’ technology.
Even when networks were initially built, much of the data still had to be manually connected to the system by adding in the media to a device. In the early days, sensitive codes and information were kept locked in vaults accessible by an authorized individual or in some cases, by multiple people required to key in simultaneously. This approach was the genesis of multi-signature authorization.
Eventually, with the invention of the internet, those computers and that data could be connected to an outside, worldwide network. The concepts upon which the internet was built had some basic principles of security within them, but the exchange of data and the ease of doing so was paramount in the original architecture of the web.
Sensitive institutions were slow to add their most critical data to the internet, and all-important military institutions initially relied on a manual air gap, where a command was sent to a person who would retrieve data devices out of a vault and connect them to a machine for a short period in which they needed to be used.
Some institutions still rely on these methods. The Russian military is famous for its continued reliance on typewriters for some of their most sensitive documents – if it’s never digital, well, it’s certainly a lot harder for your enemies to get their hands on it.
The value of air gap technology is unparalleled in its ability to hide data away from digital thievery; however, inaccessibility has always been its shortcoming. With the institutions using the tech over the course of history, having the physical manpower on hand to mount drives online at a moment’s notice was not an issue, but the corporate application of this technology requires some automation of that process to scale and serve the needs of millions of customers simultaneously.
However, how to bridge that gap without systems being online? The fact is that with a recent invention, human interaction, and the resulting security risk those touch points entail are no longer required to remotely close an air gap.
Application of Air Gap in Crypto Custody
Individuals have been storing sensitive data on cold storage devices for decades. USB thumb drives are ubiquitous across society these days, and their use for storing cryptocurrency keys began almost as soon as currencies were first invented. Over the years, the complexity of these drives has evolved, and now cold storage wallets like Ledger or Trezor are de rigueur for smaller independent investors.
However, these drives are not a viable solution for larger investors who need instant access to their funds but who do not wish to take the risk of employees carrying around their codes. Additionally, for institutions the gaping holes in the security of these devices, and their applicability to the global needs of their clients renders them useless.
Beginning in 2013, institutional grade custody providers came to market to provide offline storage of digital assets. Amongst the first of these was Xapo, a group focused on serving the needs of long-term holders of cryptocurrency. Xapo built vaults within mountains for the long-term cold storage. Since the founding of this company, many other institutions offering deep cold storage have entered the market.
Most recently, the Winklevoss twins announced a cryptocurrency-based patent in the air gap space, lending even more credibility to the application of the technology. The solutions all rely on a combination of codes on digital or physical (paper or other) media in coordination with some vaulting solution. These options are great if you don’t need to access your keys to make trades; however, trading is a key to doing business.
All of these solutions have the same issue which has vexed institutional investors for years – entirely locking them out of the market in many cases – and that problem is accessibility. The typical solution, like Xapo, requires a 2-day notice to bring your keys online manually for you to make a transaction. This delay means these solutions can’t meet the needs of active investors who need access at a moment’s notice. Additionally, the additional human interaction point represents a significant risk to data.
Remote Automated Air Gap Security (RAAS)
In early 2017, Tony Hasek, one of the founders, of Goldilock was working with a company offering deep cold storage for physical assets – mostly precious metals. He had been trading cryptocurrencies for years and was worried about the constant breaches suffered by even the largest institutions, starting with Mt. Gox back in 2011. Not wanting to carry his codes around, he started thinking about ways to keep them offline using some of the same concepts of cold storage combined with some analog technology he’d worked with back in the 90s.
Combining forces with his co-founder Jarrod Epps, who had also worked with analogue telephony solutions, the two collaborated for several months to build out an architecture which would allow all data to be kept offline in a vaulted, air gap, cold storage state until the exact moment the owner of the data wanted to bring it online (also known as ‘hot’).
By relying on a sophisticated combination of legacy offline technology as a trigger mechanism for remotely-toggling data nodes on/offline, alongside cutting-edge cryptography and biometric gateways, and adding in options for remote multi-sig approvals, the two filed a patent for a unique way to access cold-stored data at a moment’s notice. Also, they built it in a way so simple and secure that anyone with a mobile telephone could use it.
This new RAAS technology (pronounced ‘race’) allows anyone to access their data anytime from anywhere that he or she has a mobile or landline phone.
RAAS into the Future
Remotely accessible air gap technology is truly transformational for the handling of all data across the internet. Institutions such as banks, credit rating agencies, video distribution groups, software developers, healthcare record custodians, crypto funds, crypto custodians, and crypto exchanges have all reached out to get on the waiting list to use this technology.
Outside the cryptocurrency space, being able to bank, manage credit data, health information safely, even personal photos and videos will transform the way consumers interact with the internet, allowing them to do so without fear of hacking, identity theft, or hijacking of their credit.