01 Apr Modern Crypto Offers A Solution to Data Privacy Concerns
BLOG. If we want to use personal data to enhance our lives and society, we need to do it in a way that can be trusted and does not compromise our privacy. Danish scientists offer a solution where data is encrypted at all times and not a single person or organisation can unlock the data and thus identify individuals. In other words: Privacy by design.
A company or a public authority can work with sensitive personal data – also from external sources – without ever getting access to identifiable data. And individuals can donate or sell their personal data fully anonymously. The secret is called SMC. More about that in a sec.
If we want to give individuals (and neither the state nor tech giants) control of their own data (and thus lives) and at the same time use our personal data to enhance our lives and societies, we need to use modern cryptography. Privacy concerns and distrust are high on the agenda due to the current business model of the internet; (ab)use of personal data – or in other terms ‘surveillance capitalism’. At the same time, we hear that protecting data of strategic importance and personal data can distort the value of big data. Consequently, privacy-preserving use of personal data has been a long-standing challenge in scientific research.
There is a solution: Secure Multiparty Computation (SMC). It is almost impossible to understand for ordinary people, but how many understand, how an airplane flies anyway? It is a matter of understanding the perspectives of flying and the perspectives of cryptography – and trusting those behind the solutions. The scientists behind Secure Multiparty Computation come out of the university in Copenhagen and Aarhus and the Alexandra Institute.
With SMC, data is divided into pieces that reveal nothing about the original data (so-called secret sharing) and placed on two or more servers. The real value of SMC is that now the servers can run any computation without breaking this basic property. Hereby the individual servers know nothing about the data that they hold and process, as a group, and we – the users – do not need to trust individual servers, organisations or persons with our personal data.
SMC can for example ensure better matching and pricing between buyers and sellers in an auction. This solution can replace the traditional auctioneer and more importantly ensure integrity and confidentiality by the virtues of advanced cryptography. This use case was the original breakthrough in 2008 where the same group of scientist and experts applied SMC to solve a real trust problem between Danisco a large monopolist and Danish farmers delivering inputs to Danisco.
Another example: In use of statistics, SMC can keep the raw data encrypted at all times, and only the intended results are revealed. It can also be used when merging sensitive data across existing public databases, e.g. health data from the Danish Health Data Organisation and socio-economic background data from Statistics Denmark. SMC can merge the data and securely produce anonymous, aggregated statistics. Since neither of the organizations can access the encrypted data, compromising the system would require breaches at both institutions. In other words, SMC can help the public sector use data without putting the public trust at risk.
However, if one organisation or person controls all the servers, then it is no longer anonymous. Therefore the method is not 100% secure (nothing is – neither is crossing the street on foot).
According to Kurt Nielsen, Associate Professor at Copenhagen University in business economics and co-founder and CEO of Partisia, Secure Multiparty Computation in general can create more trust in use of personal data for all sectors. He explains that SMC opens up the possibility for data collaboration with highly sensitive data and data obtained directly from the sources (e.g. actual transactions), as opposed to data from indirect sources (e.g. digital footprints or bought from data brokers). Data derived directly from the original sources are typically more correct and updated than data from indirect sources.
Partisia, which is a commercial offspring from Aarhus University and the Alexandra Institute, aims to set a new standard for privacy enhancing software solutions that computes directly on encrypted data.
“Secure Multiparty Computation is better than more traditional ways of anonymising, as they add noise and then arrive at an aggregated average and that degrades the value of data,” explains Kurt Nielsen “With SMC the use sensitive data in done in a secure and anonymous way to makes it possible to implement privacy-preserving personalized medicine as an example.”