How far are we from having privacy protection by default? Reesha Dedhia, Head of Marketing, Cape Privacy, talks about how privacy is a concept that should have deep, personal meaning for every individual on the planet and why privacy protection, not merely processes meant to comply with laws, is vital.
Privacy protection has evolved over the last two decades from a niche legal discipline born out of the Health Insurance Portability and Accountability Act (HIPAA) in 1996 to become a major business imperative. Our need for it is the driver behind groundbreaking laws like the European Union’s General Data Protection Regulation (GDPR) that now shape the nature of international commerce and economic policy.
Most of us rarely think about the implications of using technologies like voice assistants, cellphones, or other smart, connected devices. But there are many places in the world where privacy could be the line between relative safety and severe oppression—or even a matter of life and death.
Loss of Privacy: A Byproduct of Modernity
Think about it this way: when you buy a car, your primary concern is purchasing a vehicle as a means of conveyance. You aren’t buying a machine to produce exhaust, but that is a byproduct that we’ve come to accept. In the same way, we’ve come to accept that, to have certain modern conveniences, we’re going to have to give up a measure of our privacy. That smart speaker seems convenient even if it’s listening in on everything we say and recording our voices. But what if we could have intelligent technologies in our homes without sacrificing privacy?
That is possible if we could protect data with strong encryption from the moment it is created and still use it for its intended purpose. The problem is that encryption makes data difficult to work with, so we tend to default to let it remain in plaintext. That’s because encryption makes data bigger, slower, and harder to use. When you encrypt plaintext data, you turn it into ciphertext and create a key – one thing becomes two. Those two things on their own are much bigger than the one, so the increase in size is exponential.
We must also consider the algorithms and the associated processes needed to use the data. The data is secure, but it is unwieldy. So, if you want to use the encrypted data, you must decrypt it. And that puts the data at risk. That is why a recent Seagate and IDC collaboration researchOpens a new window found that 68% of data that organizations collect is archived and never used. It’s safer to encrypt it and put it away than it is to decrypt it and put it to work.
See More: Data Privacy Day: Top Six Common Privacy Myths Debunked
Unlocking Data’s Full Potential
If encrypted data could be safely accessed and operationalized, it could be used to generate business intelligence and predictive intelligence through innovative machine learning analytical models. However, instead of applying encryption-in-use, whenever we need to process data, we decrypt it. It is no longer protected in that state, control over it is lost, and its audit trail becomes unmanageable.
Did the decrypted data get moved into Tableau to run a report? Where did it go from there? It becomes a major liability because you lose control over data as soon as it’s decrypted. But if data could be kept encrypted even while in use—if security and privacy protection were a default—that would represent a seismic shift in how data is collected and in how people interact with technology. You could encrypt data and keep it protected forever without hampering its utility. The combination of computing techniques known as secret sharing and secure, multiparty computation (MPC) has opened the door to this paradigm.
See More: Why Security Does Not Equal Privacy
Privacy by Default Is Within Reach
Secret sharing + MPC is getting attention and attracting the kind of investments that drive innovation and lead to performance gains and commercial viability. In fact, MPC is gaining traction in projects related to cryptocurrency. Coinbase recently acquired cryptographic security firm and MPC innovator Unbound, for example.
We’re also seeing interest from organizations heavily invested in cloud computing, where the ability to keep data encrypted opens up the massive potential for moving data into the cloud for operationalization. In the highly competitive–and data-rich financial services industry, there’s keen interest in MPC because it holds the promise of facilitating the move to the cloud where it can keep sensitive data private and secure while generating real value through better products and better product performance.
Because prediction models are run using complete datasets, the results are far more accurate without the biases that occur when using incomplete samples, synthetic data, or federated learning models. Secret sharing + MPC could well be aligned for the trajectory typical of many innovative technologies. In that case, it may not be much longer than a decade before we arrive at a point where it supports encryption by default. It will be a major for privacy–and for people–everywhere when we get there.
Are we really moving towards a world where we won’t need to actively worry about privacy protection? Tell us what you think on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We love it when you share with us!