Ensuring protection in data sharing: Privacy Enhancing Computation

By Aditya Abeysinghe

Data privacy has become a much debated issue with a plethora of personal and business communication applications, websites and mobile apps available today. Who intercepts data, who has authority over data and what is done to these stored data without user consent has caused users to concern about their privacy when communicating over third party applications. While many applications today ensure encryption, masking and other techniques to hide the original form during transmission between two users many say that these techniques are easily decodable by eavesdropping middle parties during transmission. Therefore, research has focused on a new avenue to solve this issue by enforcing technologies that ensure privacy of data. These collections of technologies used for ensuring consumer privacy is called Privacy Enhancing Computation (PEC).

How does PEC ensure privacy?

Data used at present is mainly of two categories: data in use and data at rest. To understand what these two mean, let us take an example of a user utilizing a social media app and is texting some messages to a friend. Data that is texted at the time of texting is data “in use”. If the same user has sent messages previously to his friend, then those data is stored somewhere in data servers for later use. That data which is stored is data “at rest”. PEC concerns about data in use. In other words, data that is transmitted between two or more users.

Consider the same example where two users send messages. Data is encrypted at the user who is the sender of messages and then decrypted at the other user who is the receiver of messages. Both encryption and decryption is done by the social media app they are using, i.e. the middle party with which they are interacting. The main issue in privacy in communications lies in this middle party; can this middle party be trusted? To solve this issue PEC requires a trusted third party where communications are secured and transmitted.

Many business applications today use real-time processing of data using various Artificial Intelligence (AI) and Machine Learning (ML) algorithms. This form of analytics use data in use as opposed to analytics on data that is stored. To ensure privacy in such type of analytics, PEC recommends use of privacy-aware ML techniques.

PEC also concerns about computation that transforms data before processing. Several technologies are used for this purpose: differential privacy, secure multiparty computation, homomorphic encryption and trusted execution environments. Of these technologies, homomorphic encryption is considered the most secure, whereas trusted execution environments is considered the least secure technique.

Does PEC solve privacy issues?

PEC actually became a real-world solution recently. Hence, the number of applications that are actually using PEC is limited. While research has shown that privacy is secured with advanced cryptographic techniques used in PEC, it has been seldom tested in many general use and specific use applications at present.

For many businesses, PEC is too complex to be implemented as it requires heavy computation on the business side and large investments need to be made to meet these demands. The returns for a business by implementing a PEC solution is debatable as it can cater only a specific set of users with such technologies.

Image Courtesy: https://www.techradar.com