Can secure computation balance data privacy and utility?

Featured eBooks
The State of Trust in Government
Cybersecurity in State and Local Government
Building Data Literacy in the State and Local Workforce
By David W. Archer
 

Connecting state and local government leaders

By David W. Archer

|

While legitimate fears about data vulnerability have limited agencies' attempts to share information, some are turning to new cryptographic techniques to protect privacy while data is processed.

Your secret stuff just got pwned. Well, not really “just.” Data brokers, social media and plenty of other random companies on the internet have been buying, trading and letting others steal our private data for years. Worse, we’re allowing them to do it in exchange for services rendered. It says so right there in the privacy policy.

The true news is that we’re finally waking up. A 2018 Parks Associates study found that almost 40 percent of broadband households strongly believe it is impossible to keep data private from companies whose products they use, while over half of consumers strongly believe that they do not get much in return for giving up their data. Hopefully, the nation's leaders will use this newfound concern to follow and extend California’s move to protect privacy -- in ways even more meaningful than the promising 55,000-word start from European Union's General Data Protection Regulation.

The disappointing thing is that we could do so much more with private data than misuse it to sell advertising and defraud insurers. Imagine a world where corporations had the confidence to share sensitive network and cyber attack data in real-time to mitigate multi-target attacks; where pharmacogenomics could intermix genotypes and smart molecule intellectual property to prioritize and customize effective therapies while protecting the confidentiality of patients and pharma alike; where the IRS, Census Bureau, Department of Education and National Student Clearinghouse could link data to quantify the benefits and risks of college choices for students without putting collected data at risk.

One place that privacy does seem to matter is in government. By policy and statute, local and federal agencies actually do aim to assure the privacy of their constituents' personal data. Some jurisdictions go further, seeking to maintain that privacy while at the same time leveraging and cross-linking that data to learn, make decisions and deliver valuable services to those constituents. But therein lies a conundrum: at the moment, to leverage data we must first expose it across agencies, voiding their aims of privacy.

The state of information security today

Agencies that see the value in sharing data while ruthlessly guarding privacy have (we hope) already solved the problems of keeping that data secure in transit and at rest. Traditional encryption technologies such as symmetric and public key encryption, along with other thoughtful cyber hygiene, can handle these tasks well -- if they’re actually deployed.

However, until now there has been little choice but to decrypt data in order to process it. The problem is that once decrypted, that data is no longer private: insider threats and external attackers can steal it, accidents can reveal it and, because thorough deletion of data is nearly impossible, those risks extend indefinitely into the future. Legitimate fears about such data vulnerability have limited the extent to which agencies are willing to share it with other agencies or the private sector.

Several approaches are employed today to avoid such theft or inadvertent leakage. Perhaps the most well known is de-identification: the removal or obfuscation of parts of the data that are particularly sensitive, or that tie the data to individuals or organizations. However, study after study shows that de-identification doesn’t prevent re-identification. In addition, such de-identification must be done anew each time the data is used for a different purpose. De-identification can also thwart exactly the cross-dataset linking needed to generate accurate answers and prevent precise data cleaning during the analysis process. In short, de-identification doesn’t work, is expensive and destroys data utility.

Another current approach is to create synthetic versions of sensitive data -- matching statistical distributions of various data attributes -- and then sharing only the synthesized substitute. The problem here is that the synthesis process can only model distributions that are explicitly chosen and known in advance. Meaningful correlations can be lost, hiding exactly the relationships that analysts want to discover.

Even though current methods make data sharing risky, real-world examples show that agencies see value in being able to share. In the U.S. for example, juvenile justice is a popular area for data sharing. Thirty-five states have laws reaching back to the 1990s that permit data sharing in search of improved outcomes. Twenty-seven of those states share data across their child welfare and juvenile justice systems for the same purpose.

So. Sharing sensitive data offers promising value yet is risky because of the need to decrypt it for processing, and current methods fail to mitigate those risks. What to do? Some agencies are turning to new cryptographic techniques called secure computation to protect privacy while data is processed.

Secure computation is a promising alternative, though performance and usability are still being improved. Here, data is shared in full, so no utility is lost and no recurring preparation effort is needed. However, the data remains encrypted at all times -- even during computation -- and even while results are filtered by access control rules. With secure computation, input data is never “in the clear,” even if analysis platforms are hacked.

Current and potential applications

Pilot projects now underway tap secure computation for a variety of use cases involving sensitive data. In 2018, the Department of Homeland Security's Science & Technology Directorate awarded a contract for the development of a tool suite that allows sensitive cybersecurity data to be shared and analyzed while it remains fully encrypted and thus private.

In that same year, the Bipartisan Policy Center announced a pilot project to apply secure computation to evidence-based policymaking at the county level, bringing together several encrypted datasets to analyze relationships among public health and human services outcomes.

Proof-of-concept projects at the Census Bureau and in the Department of Defense also show the nascent capabilities and benefits of this new technology. More applications of secure computation are ready for pilot programs as well. Preventing satellite collisions without revealing satellite trajectory data is a promising example. Even the private sector is taking note: In Boston, the Women’s Workforce Coalition piloted secure computation in an ongoing analysis of salary differentials and fair pay.

The government has a short-fuse opportunity to combine its commitment to privacy, the emerging capability of secure computation and these nascent pilot programs to deliver new levels of evidence-based action for the public good and to push back the gathering dark of privacy obliteration in the private sector. More pilot programs are needed. We need extensive dialog and study on how to integrate such disruptive new technologies into policy and practice so that agency administrators can both comply with the statute and be comfortable with revising the policy.

NEXT STORY: Election security ramps up for 2020

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.