- ABOUT
- VIDEOS
- TOPICS
- JOBS & TALENT
- TESTIMONIALS
- COMMUNITY
- EVENTS
- NOMINATIONS & LISTS
- SPONSORSHIP
- ABOUT
- VIDEOS
- TOPICS
- JOBS & TALENT
- TESTIMONIALS
- COMMUNITY
- EVENTS
- NOMINATIONS & LISTS
- SPONSORSHIP
Chief Data Officers are faced with a privacy versus value creation dilemma, in which privacy protection occurs at the expense of innovation (and vice versa). Wouldn't it be great if advanced techniques could be used to allow analytics services and artificial intelligence to process data without revealing any details about it? Across the board, organizations must find a way to create new value out of data without compromising privacy.
I interviewed Alan Rodriguez, founder of the nonprofit Data Freedom Foundation, to get his insights and observations regarding these hot data security and privacy topics. This is the third of four articles resulting from our in-depth discussions. In the previous two articles, we introduced the Smart Data Protocol — a data-sharing standard and an open-source solution created by the Data Freedom Foundation. In this article, we discuss three more observations and explore how the Smart Data Protocol uses several emergent privacy-preserving technologies, enabling a range of data-sharing use cases.
Observation 7 — Data Creates Value When Exchanged
Derek:
The Smart Data Protocol adds a protective shell around an individual’s data; you call this a data container or data object.
This shell wraps the data in software that provides a range of intelligent or “smart” capabilities, such as:
But what happens when data-sharing partners access the secure data inside the containers and pull out the data? Doesn’t this defeat the whole purpose of securing the data inside the data container in the first place?
Alan:
Yes, it absolutely does. This is The Big Question and the Last Mile Problem we’ve solved to create a workable data consent solution like the Smart Data Protocol.
While most attention focuses on data accumulation, it is shifting to the power of data-sharing between organizations. In many industries, we see a significant increase in collaborations across use cases ranging from fraud detection, health contact tracing, and economic systemic risk analysis to enabling new forms of user personalization across digital services.
Of course, sharing data is not without risks. The benefits of data collaborations are balanced against customer privacy, data security, and control of competitively sensitive data. These tensions have resulted in shelving many promising data-sharing opportunities long before deployment.
However, an emerging set of technologies called Privacy Enhancing Technologies (PETs) have the potential to fundamentally redefine the dynamics of data-sharing by eliminating or reducing the risks associated with complex or multi-party data collaboration. As these technologies mature, they will demand a reexamination of mothballed data-sharing projects and the exploration of previously unimaginable opportunities.
Observation 8 — Future Data Exchanges Will Require Privacy Enhanced Technologies (PETs)
Derek:
You’ve spoken about privacy-enhancing techniques having the potential to unlock enormous value. Walk us through a few examples of these techniques.
Alan:
The two most important PETs we use within the Smart Data Protocol are zero-knowledge proof (ZKP) and secure multiparty computation (SMC).
Zero-Knowledge Proof: ZKP was first introduced in 1985 in the paper “The Knowledge Complexity of Interactive Proof Systems” by Shafi Goldwasser (MIT), Silvio Micali (MIT), and Charles Rackoff (University of Toronto). ZKP has continued to evolve and solve for a broader set of use cases, most notably distributed ledgers or blockchains using proof-of-work and proof-of-stake consensus mechanisms. In response, regulatory bodies are now exploring proof-of-reserve mechanisms that enable financial institutions to prove reserve compliance without revealing individual account information.
A digital economy requires everyone to share information. ZKP expands data sharing without leaking any additional data. This is important when we need to share information and do not trust the other party not to use it for something other than the intended purpose.
ZKP technology enables others to query our data and receive an answer without revealing the actual data. A simple example involves a rental application. An applicant needs to prove their income exceeds the minimum requirement. The applicant may make a lot of money and want to keep their income a secret to avoid encouraging the property owner to raise the rent in the future. The third party receiving the income verification could use the information they received (the exact salary) to derive additional knowledge that the applicant sought to keep private. With ZKP, property owners receive a simple yes/no answer to the income verification question.
Credit card theft amounts to $130 billion in fraud. A zero-knowledge proof payment system could prevent such losses by allowing consumers to validate their bank information and balances at a retailer without ever exposing their account information and CVV code.
Put simply, ZKP technology allows others to ask questions about our data and receive cryptographically trusted answers without revealing the actual data. Upon more reflection, this is very similar to how humans usually converse by asking and answering questions. But unlike humans, ZKP technology can be trusted to generate a mathematically accurate answer.
Secure Multiparty Computation - In the late 1970s, SMC first emerged as a solution to the problem of establishing trustworthy systems in environments with no trusted third party. The first live implementation of SMC was in 2008 when it was used to determine sugar beet market prices in Denmark without revealing individual farmers’ economic positions. Research has focused on improving SMC protocols' operational efficiency/scalability to process larger datasets efficiently since the early 2010s.
One can construct a multiparty ZKP for situations where many people or organizations need to interact with a shared data pool. A simple example would be banks sharing data for fraud and compliance purposes without divulging the identities of specific bank customers.
It is possible to create a multiparty zero-knowledge proof with secure multiparty computation.
SMC allows individual privacy to be maintained when sharing information with untrusted third parties. It enables organizations to analyze private data held by multiple other organizations without revealing those inputs. To do this in the past, an intermediary would have acted as a middleman, raising several issues:
The third-party intermediary may misuse the data. They could sell it to another party and simply use it in an unintended manner.
The third-party intermediary may fail to secure the data. The data owners who shared the data would be held responsible by their customers and regulators.
The third-party intermediary can raise prices. Solutions created between many data trading partners are expensive to build, labor-intensive to maintain, and difficult (aka costly) to change.
With SMC, the third-party intermediary is replaced by an incorruptible algorithm that, even if breached, does not expose any sensitive information. Fundamentally, SMC relies on “secret sharing,” where sensitive data from each contributor is distributed across every other contributor as encrypted “shares.” These shares would be worthless if intercepted by a malicious third party or misused by an individual contributor because they are only decipherable once they are combined with the information distributed to other parties.
Observation 9 — We Need Standards for Secure and Private Data Exchange
Derek:
In the past, the complexity and resultant costs of individual data-sharing partnerships have been barriers to innovation. However, newer approaches to data sharing based on standards are urgently needed to unlock value that previously was too risky to pursue.
Alan:
Our nonprofit Data Freedom Foundation team began working to solve this problem over a decade ago. Our mission is to invent consent technology that operates “at the data level.” Smart Data is our solution to consent technology that secures, protects, and monitors data everywhere it moves.
We quickly realized with early prototypes that Smart Data could contain data, media, and software. In fact, we adopted the Smart Data name shortly after realizing our data objects could include software. The consequence continues to fascinate us. For example:
Software applications can be loaded into individual data containers that act like an intelligent security guard, or bouncer, that gates access to the secured data. Privacy Enhanced Technologies (PETs) are one type of software that can be executed to reveal answers about our data.
Security compliance scanning software can respond with honeypots and self-destruct triggers. Fun stuff!
Early Smart Media prototypes illustrated how we can create composable smart media objects that can be nested to create modular user experiences.
Data container transactions can be recorded on blockchains. NFTs can be placed into user experiences as modular smart media and generate revenue for their owner. Real utility and continuous revenues are exactly what NFTs need to move beyond the hype and achieve their true potential.
Dynamic Synthetic Data can be generated on the fly and changed on each query.
We envision an ecosystem of software developers selling software that imbues our data with intelligence. We imagine a process similar to how software applications are sold and loaded into mobile devices.
When I contemplate creating software that imbues our data with intelligence, I’m overwhelmed by the possibilities. We’re creating a global standard for unleashing the creativity of software engineers to solve many of our most pressing data challenges.
Emerging PETs have developed new approaches to clear the path to innovation. The speed at which organizations can adopt these new approaches will determine their capacity to get ahead of the game in data-driven innovation. If the CDO community adopts a strategic approach to PETs, their organizations may finally escape the privacy versus value creation dilemma. PETs have the potential to fundamentally redefine the dynamics of data-sharing by eliminating or reducing the risks associated with complex or multi-party data collaboration. Smart Data acts as a standard for the choreography of PETs within and between organizations.
What’s Next?
Our first article in this series explored revolutionary solutions to our data privacy and security challenges. We introduced the Smart Data Protocol that continues decades of research begun by internet standards bodies to bind contracts to data as it moves.
Our second article explored repeating programmatic themes in technology over the last two decades (software-defined networks and storage, virtual computing, and code containers), culminating with the idea of Smart Data (software-defined data).
Our fourth and final article will introduce data products and how to unlock the full value of data by managing it like any other product. Smart Data is the standard that powers cross-organizational data-sharing products. The Smart Data Protocol enables data management teams to transition to a reusable “data production line” paradigm. Ultimately, all digital businesses exist to build, use and sell data products.
About the Author
Founder, CEO and Principal Consultant of Gavroshe. Derek has over 3 decades of Data & Analytics experience, including Big Data, Information Resource Management (IRM) and Business Intelligence/ Data Warehousing fields. He established Data Resource Management and IRM Functions in several large Corporations using Bill Inmon's DW2.0 and the Zachman Framework as a basis. Derek established and managed numerous enterprise programs and initiatives in the areas of Data Governance, Business Intelligence, Data Warehousing and Data Quality Improvement. He is a founding member of MIT's International Society for CDOs.