Why PSI, DP, and SMC Are the Future of Data Privacy

DZone 's Guide to

Why PSI, DP, and SMC Are the Future of Data Privacy

In this article, we discuss why Private Set Intersection, Differential Privacy, and Secure Multi-Party Computation are the future for data management.

· Security Zone ·
Free Resource

Privacy regulations like GDPR and CCPA are changing the way data is collected and used. Data-driven organizations use data collaboration to understand their customers and research organizations that rely on data collaboration to advance research are being restricted. As more privacy regulations come online, what can organizations do to future-proof their use of data, whilst still adhering to privacy regulations?

Technology is now available that will allow organizations to continue to collaborate without ever exposing or moving the underlying data. 

Private Set Intersection (PSI) enables organizations to identify common individuals without revealing anything else. This is key to being able to properly organize data into a geometry that is ultimately consumable by computational algorithms.

Differential Privacy (DP) places mathematical guarantees on privacy in the presence of any amount of side information including knowledge about who is in the intersection. 

Secure Multi-Party Computation (SMC) enables organizations to jointly compute a function while keeping the inputs from being observed.  

All three of these are in fact a perfect combination of mathematical guarantees on how to do useful things with data while preserving privacy and intellectual property.

You may also like: Getting Started With Spark Streaming.

PSI, DP, and SMC in Action

Picture this: one data owner has information about cancer rates in the general population and another has information about food purchases over twenty years. A researcher is trying to understand how long-term patterns of food consumption might lead to cancer. To gain this understanding, they need to match food purchases with cancer diagnostics.

They need to intersect data in the food purchase panel with the cancer diagnostics to build an attribution analysis. It is a requirement of the numerical algorithm that all the pieces line up appropriately. PSI allows these data owners to find the commonality between the two data sets without revealing anything about the members that do not overlap. 

At this point, Differential Privacy and Secure Multi-party Computation take over, as we compute the attribution between food and cancer diagnosis. Applying Differential Privacy will create uncertainty around the PSI operations. Even though all parties know with certainty who was included in the original problem formulation, applying Differential Privacy guarantees that the output of any analysis will be uncertain as to who was included in that analysis within certain probabilistic boundaries. 

Finally, the attribution analysis can take place using Secure Multi-party Computation. Secure Multi-party Computation never moves or exposes the underlying data but yields results that are consistent with co-locating the data. It is a very powerful approach that relies on secret shares that are protected with one-time pad encryption; a technique that cannot be cracked. All the operations in the analysis are computed with Secure Multi-party Computation and require communication between the parties. The result is an attribution analysis that has been properly constructed without compromising data privacy, the IP of each data owner, or data residency requirements.

As regulations continue to evolve and threaten to clamp down on an organization’s ability to generate insights, new technology holds promise for not just organizations but also for consumers that demand privacy protection. Secure Multi-party Computation, Private Set Intersection, and Differential Privacy will make it possible for organizations to continue to generate insights and satisfy future privacy regulations thereby future-proofing their data.

Further Reading

data insights ,privacy ,compliance ,share data ,gdpr ,ccpa ,psi ,differential privacy ,daas ,privacy laws

Published at DZone with permission of Roberto Cervantes . See the original article here.

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}