May 17, 2018
If you need to bring together dispersed data—or data scattered across numerous platforms—for research, commerce, or really any purpose, you’ll generally need a trusted third-party to be a broker and repository of that data. However, the recent cascade of data breaches and misuse has significantly eroded trust in the ability of any third-party to keep sensitive data safe.
But what if there was some sort of technology that could act as that trusted third-party?
That’s the role secure multiparty computation (MPC) is perhaps poised to play. An encryption concept that’s been a theoretical possibility since the 1980s, MPC provides the ability to bring together data from multiple sources and perform computations on it—without ever revealing the underlying data. That might sound a bit like magic, given that currently with encrypted data, you can’t do anything with it unless you decrypt it first, at which point it becomes vulnerable. But it’s a concept grounded in math, not magic. And a recent New America event, organized by the Open Technology Institute, explored how we might harness the power of MPC in the future.
But first, let’s make the concept of MPC less abstract. It can work in a few different ways. The most common method involves dividing each participating entity’s data into random “shares,” which are then divvied up among the parties in an initial communications step. This produces encrypted data that provides the desired output—and only the desired output—when finally combined. In the real world, the use of MPC has been used in ways you might not expect: The first use of MPC was about 10 years ago, in the Danish beet market—not necessarily an obvious place to begin applying new privacy-enhancing technologies! There’s only one commercial beet processor in Denmark, to which all farmers sell their beets. However, farmers aren’t keen on having anyone know the price at which they’re willing to sell, believing that it will show their economic hand. An MPC protocol was successfully developed that allows the farmers to securely submit their offer prices (via an applet they download) and to ultimately calculate the market-clearing price of beets. Thanks to MPC’s encryption, at no time can anyone intercept or see the price a farmer is offering.
However, it’s really only been in the past three years or so that we’ve seen an increase in the number of other practical implementations of MPC—including the study of gender pay gaps in Boston, avoiding spy satellite collisions, and detecting VAT tax fraud in Estonia—and a broader embrace of their potential benefits.
At the New America event, Senator Ron Wyden (D-Oregon), in his keynote, gave a full-throated defense of strong encryption, saying that he’s “prepared to shut down the United States Senate” if efforts were made to weaken encryption through governmental backdoors, an idea he contended is “bad for security, bad for liberty, and bad for the American economy.” He also argued strongly in favor of secure multiparty-computation, with its potential to put “data to work and protect it at the same time.”
Building from the math and working your way up, MPC can perform all the functions of a relational database and run statistical analyses. “In theory we can do anything. That was one of the first results of MPC [research],” said Ben Kreuter, a software engineer for Google. One of the ways Google is attempting to put MPC to greater use is by building a better model for predictive typing on smartphones: Users obviously consider the information they type into their phones sensitive, but MPC protocols could be used to bring together this data to analyze without anyone’s private messages being revealed.
As for transparency, there’s no problem with making all the algorithms of an MPC protocol public, since they can’t be used to compromise the process. However, as the event panelists noted several times, it’s important to understand that MPC only protects inputs. In other words, depending on what the output from the protocol is, it might need to be protected separately.
While neither the time needed to develop MPC applications nor the attendant costs of development is yet easily quantifiable, it’s likely that these two aspects of MPC will diminish as technology improves. In fact, the main obstacles to future MPC application might be more bureaucratic, legal, and cultural than anything else, according to Amy O’Hara, a senior research scholar at the Stanford Institute for Economic Policy Research.
O’Hara used the opioid epidemic to make the deeper point. Bringing together data on opioid overdoses would require agreements among a potentially gargantuan number of entities: federal agencies, emergency response teams in every county, Google (for data on treatment centers), and possibly other parties. In addition to legal considerations, data preparation costs (to ensure compatibility and correct results in an MPC setting) could prevent parties from agreeing to participate. And, culturally, some institutions might balk at a new method of data use, in turn looking for language in their regulations to say no. (“That’s not what we do!” as O’Hara phrased it.) Even so, MPC might be the only way the most sensitive data can be brought together securely. (Here, O’Hara used the example of matching adoption addresses to sex-offender addresses.)
A fireside chat-style conversation with former U.S. Census Bureau Director Robert Groves closed the event, and provided a fuller look at the role MPC could play vis-à-vis the current momentum behind evidence-based policymaking in government. “There are large proportions of the American public that believe all the data is shared; that if you give an answer to the Census Bureau, it is known within minutes by every other agency,” Groves said. “Only when you’re on the inside do you realize the opposite is true. We are hampered in federal agencies [when it comes to] combining data.” Data is necessary to help us understand, and potentially solve, some of society’s most important problems. While at times technology appears to be the enemy—particularly when we talk about it in relation to data, as we do with MPC—it may hold the keys to achieving the dual goal of putting data to beneficial use, while also avoiding misuse.
As Senator Wyden put it, “I don’t think those two are mutually exclusive.”