Published on July 15th, 2019 📆 | 4461 Views ⚑
0This startup’s holy grail of encryption could unlock our data dilemma
This story is part of The Privacy Divide, a series that explores the fault lines and disparitiesâeconomic, cultural, philosophicalâthat have developed around digital privacy and its impact on society.
In 1984, Shafi Goldwasser, then a young professor at MIT, proposed a radical new idea in cryptography: that you could prove something was true without disclosing anything about it. The idea that would lay the framework for much of the cryptography we use today and eventually earn her the prestigious Nobel Prize of encryption, the Turing Award. More than 30 years later, sheâs now a startup founder, with the aim of bringing a long-awaited approach to encryption out of the closet. âAt some point it became clear that this theory, the mathematics, was efficient enough,â she says of the technique.
Part of the idea behind homomorphic encryption, as the approach is called, is to bring encryption to the places where itâs increasingly needed most. Thatâs a lot of places. In the last few years, data privacy has become a hot-button issue globally, with high profile scandals and data leaks surrounding prominent companies like Facebook and Equifax resulting in greater privacy awareness among both consumers and businesses. New privacy laws in the EU, California, and Vermont have begun to give citizens more rights around their data. But companies arenât going to stop collecting dataâif anything, data collection is only increasing.
On top of that, companies often share this data with third parties that can analyze it or use it to improve customer experiences, requiring them to give up control over the data that they own. But a growing desire to maintain a hold over data, combined with fear over regulation and public frustration, is leading companies to look for more ways to ensure that private data really does stay private.
The primary reason that companies are collecting so much data is that they can use it to look for patterns. These patterns power the algorithms that provide personalized experiences, from those annoying ads that follow you around the internet to insurance premiums that are calculated using exercise data.
Itâs the insights from analysis that are the real value of dataâmany businesses donât care about any single individualâs data, but the insights they can glean from the aggregate. Thatâs why so many businesses claim to protect user privacy by anonymizing large datasetsâthey can still look for patterns, while appeasing privacy concerns (though we know that most anonymized data is so distinct that it can easily be identified).
But Goldwasserâs startup Duality has an even greater promise: to analyze encrypted data without ever decrypting it. Based on breakthroughs from Goldwasser and several of her cofounders, who are also encryption researchers, the companyâs technology could provide an actual solution to the data privacy problem by allowing companies to keep their data fully encrypted and still find patterns in it.
The math behind homomorphic encryption is complex, but CEO and cofounder Alon Kaufman uses a simple metaphor to explain how it works. Imagine that youâve put your data inside a box to protect it, he explains. Youâre the only one who has the key. With homomorphic encryption, you can then give the box to someone else, and they can put their hands in with their eyes closed. That person can shuffle around the numbers inside without ever seeing them.
âIt means the entity doing the math doesnât ever see the data, doesnât see the answers but can employ the computations,â Kaufman says. âThatâs what companies want. They donât want the raw data, they want to know the insights. They want to know if they should offer you this deal.â
While the ideas behind homomorphic encryption have been around for decades in academia, where itâs been considered one of the holy grails of cryptography, itâs only recently that the technique has gotten good enoughâand fast enoughâto make it practical and scalable in a business context. (Compared with computation on unencrypted data, the earliest homomorphic encryption systems were a trillion times slower.) Funding for open-source encryption research from agencies like DARPA, IARPA, and the NSA has also helped.
âThe applications were out there because thereâs more and more data being collected, and itâs clear you can get more by combining [data] rather than working in isolation,â says Goldwasser.
Thatâs what convinced her to team up with her cofounders and try to bring the cryptographic technique she pioneered in academia to the private sector.
Dualityâs first products will be just for businesses, enabling them to share data with third parties that can work with the raw data in the cloud without actually having access to it. Citing privacy reasons, naturally, the company declined to name its clients, but Kaufman says its data scientists are developing algorithms for use in healthcare, insurance, and banking.
For instance, Dualityâs technology could also help companies like 23andMe and Ancestry, which have gotten into hot water with regulators over its data privacy practices. These companies would be able to process the data in the cloud or share their analysis with third partiesâalready a widespread practiceâwhile keeping the raw data completely private.
However, Dualityâs consumer possibilities are the most intriguing. For example, letâs say thereâs an app that gives you diet recommendations based on your genomic data. You might want the appâs insights but you donât really want to share your data with the company behind itâafter all, who knows who at the company might be able to access it, or what third parties the company will share it with? With homomorphic encryption, you could feasibly encrypt your genetic data, locking it in that proverbial box, Kaufman explains.
Related: Tim Berners-Lee tells us his radical new plan to upend the World Wide Web
âYou ship this box to the analytics provider, but you donât ever give them your key. They [analyze] the data in the box, then give you the answer. The result that comes out is still encrypted, and you take out your key, open the box, and find the answer.â
There are several other companies that are offering business security solutions based on homomorphic encryption, and tech giants like Microsoft and IBM are also working on it, but Dualityâs cofounders are the ones who pioneered the technique. Their solution is also one of the most advanced. The companyâs algorithms won a computation challenge in November 2018 focused on analyzing a genomic dataset using homomorphic encryption, completing the task faster and with less memory use than any other industry group. Investors have taken note: the company said that month it raised $4 million from venture capital fund Team8, which is backed by companies including Microsoft, Softbank, Wal-Mart, Airbus, and AT&T.
Studying genomics with privacy
Last year, Duality also got a boost from the National Institutes of Health, which gave it grant to apply its privacy-protecting approach to genomics research. Dualityâs tech could be a boon for the field, says Sasha Gusev, an assistant professor at Harvard Medical Schoolâs Dana-Farber Cancer Institute who focuses on genome-wide association studies (GWAS), which use large amounts of genetic data to look for variants that are correlated with different diseases. Gusev says that data privacy is becoming an increasingly important challenge in academia, where researchers are aware of the kinds of breaches that have happened in the corporate world and want to ensure that doesnât happen to their subjects. As a result, many researchers are reluctant to share sensitive health data, even with other academics, because of these security and privacy concerns.
âWhat we need from GWAS is a fairly simple statistical computation but it relies on very sensitive data,â Gusev says. âBeing able to bypass that data sensitivity and report the simple number which ends up being very meaningful was very appealing.â
While he began working with the company as a consultant, Gusev then started working with Duality scientists to create an algorithm that could analyze encrypted genetic data, helping the companyâs in-house data scientists understand what elements of the algorithms that he uses in his GWAS research are the most crucial for the analysis. He has co-authored an upcoming study showing that Dualityâs encrypted analysis method produces the same quality of results that a non-encrypted dataset does.
Related: 7 digital privacy tools you need to be using now
Duality has been working with a host of other experts in a similar capacity to Gusev to develop algorithms tailor-made for specific analyses in healthcare, insurance, and bankingâindustries that usually rely on third-parties to do their data analysis. According to Rina Shainski, Dualityâs cofounder and chairwoman, the startupâs next step is to make all of these algorithms available for companies to integrate into their systems. âWe would like to be more of a platform that makes it possible to run analytics on encrypted data,â she says. This platform, which she calls a âlibrary of tools,â is slated to launch later this year.
Ultimately, Dualityâs technology canât fix everything about the rampant data violations that occur on a daily basis. Even if every company were using homomorphic encryption, they could still use your data to target you with pesky ads, score you as ârisky,â or influence your vote. To address those concerns, weâll still need regulation to step in to ensure that companiesâ practices are secure and good for consumers. But as Kaufman says, technology is the thing that created the data security problemâand technology can also help offer a chance to fix it.
Gloss