ENCRYPT Blog Series #2: Data Privacy

Preserving data privacy without a PhD in cybersecurity
by Sotiris Diamantopoulos, Research and Innovation manager, EXUS

The need for privacy preserving processing of data has become increasingly important as more and more personal information is being collected, stored, and shared by organizations and individuals. With the rise of big data and the Internet of Things, the amount of sensitive information being collected has grown exponentially. This information includes things like personal identification numbers, medical records, financial information, and location data.

The handling and processing of this sensitive information must be done in a way that protects the privacy of individuals. This is because the unauthorized use or disclosure of personal information can lead to identity theft, financial fraud, and other forms of harm. Privacy preserving techniques and technologies (PPTs) such as de-identification, encryption, and differential privacy can be used to protect the privacy of individuals while still allowing organizations to gain insights from the data. These techniques can help organizations comply with privacy regulations, protect the reputation of the organization, and build trust with customers.

Although PPTs have matured enough to be used in real use cases, their actual uptake and deployment seems to stay behind. One reason for this lag is the difficulty non-expert users have in identifying which PPT is needed for the type of data to be processed. Differential privacy algorithms, for instance, may not be well-suited for certain types of data or use cases, and may require domain-specific knowledge to be used effectively. Similarly, most homomorphic encryption schemes support only a limited set of operations, such as basic arithmetic and Boolean operations. The same stands true also for secure multiparty computation (MPC) schemes.

Another reason behind the lag in the uptake of PPTs in real use cases is the challenges non-expert users have in configuring and deploying them. Indeed, differential privacy algorithms come with a trade-off between privacy and the utility of the data. As privacy is increased, the utility of the data may decrease. Navigating this trade-off remains a mystery for people outside the cybersecurity industry. Similarly, MPC and homomorphic computation schemes require the secure management of encryption keys and can be vulnerable to malicious participants attempting to disrupt or subvert the computation.

As a response to these challenges, ENCRYPT develops a novel recommendation tool, which aims at reducing the guessing in the selection and configuration of PPTs, by providing potential users of PPTs with information and guidance. This tool will take into account:
– the role of the users and their affinity in data privacy and PPTs
– the privacy requirements stemming from the data to be processed
– the constraints each PPT has as regards data types and sizes, infrastructure, network, etc.
– the constraints the users set as regard data utility
– the availability and type of computational resources
to come up with recommendations on the type of PPT to be used, its configuration, and potential ways for its deployment. Furthermore, considering that the majority of the users of such a tool are not experts in cybersecurity and PPTs, the ENCRYPT recommendation tool will provide explanations and justifications for its suggestions.

This recommendation tool is one of the ways the ENCRYPT project seeks to unlock the potential of PPTs in real use cases, and with that unlock the potential of the secure, privacy-preserving processing of big data for the benefit of people.