I know it has been many months since my last update. Truth be told, the last rejection hurt A LOT.
We applied for the following grant: Privacy-Preserving Data Sharing in Practice (PDaSP)
Description
In todayâs hyperconnected and device-rich world, increasing computational power and the explosive growth of data present us with tremendous opportunities to enable data-driven, evidence-based decision-making capabilities to accelerate scientific discovery and innovation. However, to be able to responsibly leverage the insights from and power of data, such as for training powerful artificial intelligence (AI) models, it is important to have practically deployable and scalable technologies that allow data sharing in a privacy-preserving manner. While there has been significant research progress in privacy-related areas, privacy-preserving data sharing technologies remain at various levels of maturity in terms of practical deployment.
The NSF is legally required to provide a response within 30 days. I submitted our grant proposal on 23 September 2024. I waited. Waited some more. Finally, after the 30 days were nearly over, I sent them an email on 21 October 2024. This is what they sent back.
Dear Edward,
Thank you for submitting your company's Project Pitch to America's Seed Fund powered by the National Science Foundation.
Upon reviewing your submitted Project Pitch, I regret to inform you that you are not invited to submit a full proposal to the NSF SBIR/STTR Phase I program.
Your proposed project was not invited for the following reasons:
- This Project Pitch does not sufficiently articulate the development of a new, high-risk, technological innovation, as defined in the SBIR/STTR solicitation.
Thank you for submitting your Project Pitch. The NSF SBIR/STTR program aims to fund the development of new high-risk technology innovations, as defined in the current SBIR/STTR solicitation (see https://seedfund.nsf.gov/apply/). On reviewing your Project Pitch I was unable to find a detailed description of a new high-risk technology innovation that you are planning to develop during the proposed Phase I project. The high-level objective of the project is described, but no clear details are provided regarding a new technical innovation. It seems that the proposed project is still at the concept formation stage. A successful Project Pitch must not only describe the problem and objectives but also detail the new technical innovation(s) on which the proposed project will be based. During the next quarter, or later, you are welcome to submit a new Project Pitch that focuses on providing specific details of your technical innovation, the key technical insight that underpins your innovation, and the cutting-edge research needed to de-risk the innovation for subsequent development into a product or service.
The NSF SBIR/STTR Phase I program is designed to support high-risk technology innovation. As stated in our SBIR/STTR program solicitations, projects that are not responsive to the objectives of the NSF SBIR/STTR Phase I program include:
Evolutionary development or incremental modification of established products or proven concepts.
Straightforward engineering efforts with little technical risk;
Evaluation or testing of existing products
Basic scientific research unconnected to any specific market opportunity or potential new product, process or service.
Projects seeking funding for non-technical activities (such as business development, market research, and sales and marketing) as well as manufacturing, indirect research and development, and patent costs. Note that NSFâs Beat The Odds Boot Camp activity represents an exception to the aforementioned restriction.
Please reference our current NSF SBIR/STTR Phase I program solicitation for more details:
I wonât give a name because of NDA stuff but I had help putting together my proposal. The man who helped me is in charge of winning grants for startups AND works for one of the most well known and respected Universityâs in the State of Florida. Heâs also worked for the National Science Foundation reviewing grant proposals. He knew exactly what should and should not be in the grant proposal.
When my proposal was rejected, this is what he said.
Hi Edward. I am sorry to hear about this email. I thought you covered the new, high-risk part well. Perhaps investors would be interested without the NSF blessing? Remember, it is never a waste to pursue a dream. Let me know if you would like to discuss this development further.
My submission
Briefly Describe the Technology Innovation?
Mass Address proposes the development of a privacy preservation platform, aimed at addressing the critical challenge of securely sharing identification. This concept leverages distributed networks and cloud computing to store and manage personally identifiable information (PII) in a secure and decentralized manner. The technical innovation is a theoretical architecture that fragments PII into individual pieces, each stored on separate servers within the Google Cloud Platform (GCP), managed by different legal entities. This approach ensures that no single entity would have access to the entirety of any individualâs identity, significantly enhancing privacy protections.
The origins of this proposed theory stem from the 2017 Equifax data breach, where the personal identities of over 140 million individuals, including my own, were stolen. This breach exposed the vulnerabilities of centralized identity management systems. Additionally, inspiration was drawn from the U.S. Department of Defense Special Access Program, which compartmentalizes classified information so that no one person involved in a project or operation has access to the complete picture. Similarly, this theoretical solution would fragment identities to reduce the risk of data exposure.
This proposed solution is high-risk because it introduces a novel, unproven approach to decentralized identity management. A major challenge to validating this theory is whether state governments and other entities would be willing to manage the nodes responsible for storing fragmented identity data. The complexity of coordinating across multiple legal entities, along with technical concerns around data retrieval and privacy, adds significant risk. However, the potential to redefine how personal information is protected presents a compelling high-reward opportunity, aligning with NSFâs focus on supporting early stage, high-impact innovations.
At the heart of this theoretical framework is the concept of the âsingularity,â which would represent a person's unified, authenticated identity, verified by state and federal agencies. After authentication, the PII would be fragmented and stored on separate servers, becoming immutable and read-only. Access to this singularity would be controlled solely by the identity owner, ensuring maximum privacy and security.
Briefly Describe the Technical Objectives and Challenges?
The primary objective of this Phase I project is to research and validate the technical feasibility of a privacy-preserving application, with a focus on scalability, security, and adaptability across various sectors. Our goal is to prove that this unproven concept of fragmented PII storage can serve as the foundation for a decentralized identity management system. The key technical objectives and challenges are as follows:
1. Privacy-Preserving Data Fragmentation and Distribution:
â˘Objective:
Research and develop the theoretical architecture required for a system capable of fragmenting and distributing PII across multiple servers, each governed by different legal entities, while maintaining the integrity and security of the data.
â˘Technical Approach:
We will measure transactional costs across a distributed network configuration on Google Cloud Platform (GCP) to determine whether the infrastructure can securely separate and reassemble encrypted identification.
â˘Hypotheses to Test:
Is the transactional cost between nodes low enough to make this a feasible enterprise-level identity application?- Can GCP handle the necessary data distribution and security protocols, or will we need to explore alternative cloud platforms or even custom hardware solutions to support this technology?
â˘Expected Outcome:
We aim to demonstrate that the proposed architecture can efficiently fragment and distribute large datasets containing complex identities across multiple servers while maintaining privacy, all without incurring prohibitive costs. We will also explore whether GCP is the optimal platform for this system, or whether other infrastructure options need to be considered. 2. Security and Authentication Mechanisms:
â˘Objective:
Experiment with security features in the singularity creation process by testing various cryptographic techniques and multi factor authentication.
â˘Technical Approach:
We will examine encryption methods such as homomorphic encryption to ensure PII remains protected during both computation and transfer. We will also test a multi-layered authentication system involving biometric data and real-time validation with federal and state databases.
â˘Hypotheses to Test:
Can storing fragmented identities actually protect them against a white box penetration test? This will validate or challenge the assumption that fragmenting data across multiple entities enhances its security, even when the system is subject to internal threats or adversaries with knowledge of the system's inner workings.
â˘Expected Outcome:
A validated security model that ensures the privacy and integrity of PII from the moment of its creation, through storage and access. This includes testing the ability of fragmented storage to withstand sophisticated penetration testing, ensuring the system can maintain its integrity against known attack vectors.
Briefly Describe the Market Opportunity?
A consent-based, privacy-preserving application is poised to address growing concerns around data privacy, identity theft, and the secure management of personal information across a variety of industries. The increasing prevalence of cyberattacks and the growing complexity of regulatory frameworks like GDPR, CCPA, and other privacy laws have created significant demand for innovative solutions that can both protect privacy and enable secure, reliable identity management.
We believe our proposed solution offers a revolutionary approach to these challenges, and several key markets represent substantial opportunities for its adoption.
-Traffic Management and Public Safety
The initial research focus for a consent-based identity solution is the traffic management sector, a market ripe for innovation, particularly in the realm of secure, decentralized identity management. As cities adopt smarter traffic control systems, the need for secure, verifiable, and privacy-preserving identification of vehicles, drivers, and traffic controllers is becoming increasingly important.
According to recent studies, the global smart transportation market is projected to reach $285 billion by 2030, driven by the demand for improved safety, efficiency, and data-driven management of traffic. Our proposed idea could provide a unique solution for this market by enabling secure identity verification for all entities involved in traffic management while preserving individual privacy through its decentralized architecture.
If successful, we anticipate strong interest from municipalities, state agencies, and private transportation companies seeking to enhance their operations while maintaining regulatory compliance and public trust.
Briefly Describe the Company and Team?
Mass Address Incorporated, founded in 2016 by Edward W. Hood, a cybersecurity professional with over 23 years of experience in managing mission-critical IT services, is dedicated to developing a secure, privacy-preserving identity management solution. The companyâs consent based concept aims to revolutionize how personal data is stored, shared, and secured, though further research is required to validate its feasibility.
Florida Agricultural and Mechanical University (FAMU) is a key strategic partner in this project. As a leading Historically Black College and University (HBCU) with a strong reputation in cybersecurity research and a commitment to diversity in STEM, FAMU brings valuable expertise to this collaboration. Its College of Science and Technology, particularly the Department of Computer Information Systems, has made significant contributions to privacy-preserving technologies and decentralized systems, directly aligning with the projectâs goals.
Led by Dr. Samuel Kofi Erskine, Assistant Professor of Cybersecurity and Principal Investigator, FAMUâs research team will apply its expertise in privacy frameworks and cryptography to ensure rigorous technical validation of this project. Dr. Erskineâs focus on safeguarding digital identities and building scalable privacy-preserving systems is crucial to the projectâs success. With FAMUâs support, Mass Address will address challenges in scalability, security, and adaptability across key sectors such as traffic management, healthcare, and finance, benefiting from FAMUâs commitment to solving real-world challenges through cutting-edge research
2025 is year 9 of pursuing my dream.