In a world that’s constantly hyping the next big thing, it’s natural to be wary when a family of technologies is described as transformational. This label has been recently associated with Privacy Enhancing Technologies (PETs), a category known for its ability to enable and preserve the security and privacy of data when it is being used or processed. Technologies become transformational in context, and that is certainly the case for PETs where the emergence of the global digital economy and the simultaneous need for hyperlocalization has created a need to reshape the way we leverage data.
While often necessary, silos and barriers put in place to support regulatory, competitive, and/or security considerations also significantly limit data usage. PETs bridge that chasm, allowing organizations to use data to extract value while still respecting the reasons that those silos and barriers were established — a classic ‘have your cake and eat it too’ scenario.
The quality that makes PETs most unique is the fact that the technologies protect data while it’s being used, allowing entities to securely and privately leverage data assets across boundaries. Data has three states: at-rest (in the file system/database), in-transit (as it moves through the network), and in-use (during processing). When we think about the ways data is meaningfully used or processed, we generally come back to two basic functions: search and analytics (which includes AI/machine learning). Searches and analytics are performed over data to identify information and extract insights that generate value for the organization.
PETs enable these functions to take place in a secure and private capacity, allowing data to be used in ways that was not previously possible in order to unlock value. While there are varying perspectives on which technologies constitute PETs, the three core pillars are homomorphic encryption, secure multiparty computation, and trusted execution environments.
The ability to use data securely and privately across silos is imperative for businesses and it has made PETs an increasingly prominent focal point for a broad range of influential organizations and governments around the world. The United Nations operates a Privacy Enhancing Technology-focused lab and recently released its “UN Guide on Privacy-Enhancing Technologies for Official Statistics” which aims to help National Statistic Offices protect data when analyzing and disseminating sensitive information.
Another in-depth report, this one published by The Royal Society, explores how PETs can help to balance the risks and rewards of data use, leading to wider social benefit. In April 2023, The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued its updated Zero Trust guidance to state that an organization achieving the ‘Optimal’ implementation threshold “encrypts data in use where appropriate” — a practice only possible through the use of PETs.
Further, the United States and the United Kingdom recently announced the winner of a Prize Challenge to drive innovation in PETs that reinforce democratic values. In the White House release on the effort, Arati Prabhakar, Assistant to the President for Science and Technology and Director of the White House Office of Science and Technology Policy, affirmed the potential impact of PETs: “Data has the power to drive solutions to some of our biggest shared challenges, but much of that data is sensitive and needs to be protected. Privacy-enhancing technologies are the only way to solve the quandary of how to harness the value of data while protecting people’s privacy.”
PETs are already having an impact today for use cases relating to cross-silo data sharing and collaboration. Both the UN Guide and Royal Society reports include sections outlining use cases as well as case studies. But, what do data-driven businesses users need to know about PETs? Here are four key considerations:
- PETs are business enabling. Both the amount of data available and organizational necessity to leverage that data to extract value will continue to grow. The need for these PETs-powered capabilities has never been greater and will only continue to increase: Gartner analysts predict that “by 2025, 60% of large organizations will use privacy-enhancing computation techniques to protect privacy in untrusted environments or for analytics purposes” (Gartner “Innovation Insight for Federated Machine Learning,” March 2022).
- PETs uniquely foster secure and private data usage. The ability to overcome data silos and barriers to leverage data securely and privately changes the game. Organizations can protect data — and their interests — while still ensuring its usability. It is critical to continue to educate the market on the power of PETs to ensure data is protected throughout its processing lifecycle.
- Standardization and regulatory actions are catalysts to the adoption of PETs. PETs are ready and are being adopted today; there are solid examples of PETs being used at scale to solve business and mission challenges. While the capabilities PETs enable are transformational and thus organizations are moving forward with their use, wide-scale adoption would be accelerated if standardization bodies provided some broad implementation guidance. Further, if regulated organizations are incentivized by the regulator to put PETs to use in operational settings, such as for financial crime detection in banking, it will have a substantial impact on broader adoption for regulated use cases.
- PETs can enable Trusted AI. Organizations everywhere are looking for ways to implement AI/ML without compromising security, and that is made possible through Privacy-Preserving Machine Learning (PETs + ML). Privacy-Preserving ML provides an innovative path to extracting critical insights and driving collaboration AI/ML efforts while preserving both IP and necessary data sensitivity requirements and compliance standards. PETs contribute to the broader ML landscape in two substantial ways: by protecting models during evaluation (sometimes called inference) and training, allowing an organization’s focus to remain on the business benefits of the results derived rather than the risks inherent in the ML model itself and its surrounding activity.
The need to securely and privately leverage data is not a passing trend. Whether led by market demand or regulation, organizations must be ready to operate at a global scale in a world that prioritizes data protection and privacy. PETs uniquely deliver solutions to this challenge. As demonstrated by the increasingly prevalent applications for Privacy Enhancing Technologies across verticals, a growing number of organizations are taking advantage of these business-enabling capabilities. We’re at a tipping point as the need to operate globally while respecting data silos and boundaries is becoming ubiquitous. Efforts to expand our collective understanding of the value that PETs can deliver will drive our ability to leverage data securely and privately across these silos, affirming the business-enabling capabilities of these transformational technologies.
About the author: Dr. Ellison Anne Williams is the Founder and CEO of Enveil, the data security company protecting data in use. Building on more than a decade of experience leading avant-garde efforts in the areas of large-scale analytics, information security, computer network exploitation, and network modeling, Ellison Anne founded the startup in 2016 to protect sensitive data while it’s being used or processed – the “holy grail” of data encryption. Powered by homomorphic encryption, Enveil’s solutions provide trusted compute, enabling previously impossible business functionalities for intelligence-led decision making.