Procuring Privacy? Balancing Privacy-Enhancing Tech’s Tradeoffs
Imagine a machine learning company that handles personally identifiable information (PII) announces a data breach. Because machine learning models rely on enormous datasets to train their decision-making instinct, said data is now in the wrong hands. This could potentially mean the loss of troves of consumers’ PII. Investors and affected customers go into damage-control mode.
But before panic sets in, the company also announces that their models are trained on synthetic data. In other words, data that is generated from an original set but does not retain any real information. Because synthetic data is untethered from the original PII, this makes the risk factor plummet, and everyone breathes a little easier.
Synthetic data, in this case, is an example of privacy-enhancing technology (PET). And because of use cases like this, the Department of Homeland Security’s (DHS) Chief Privacy Officer, Lynn Parker Dupree, recently announced the goal to implement privacy by design into more of the DHS’s systems, partly by ramping up its use of PET. But what exactly are PETs—and what can (and can’t) they do for U.S. privacy and security policy? Despite their innovative approach to data privacy and security, PETs are not a quick fix for either.
PET’s definition isn’t always agreed upon. Sometimes, the term is used interchangeably with general privacy technology. But PET is also described as a subset of privacy tech, which is the description this article will assume for definition purposes. In practice, PET tends to be an umbrella term for technology that enhances data privacy and security proactively instead of reactively. This includes everything from homomorphic encryption to synthetic data to data anonymization and minimization.
The technology group has serious potential to anticipate privacy and security needs in products. It can decrease the amount of PII needed to operate services, like in the machine learning case above. It can let you replace Social Security Numbers from data for secure portability, which the DHS is already looking into. And organizations may even find that they’re already implementing PETs through practices like data anonymization.
On the other hand, PETs are not airtight. A report from the Federal Reserve Bank of San Francisco points out that “a main risk to these PETs is the fact that they are designed to be reversed.” In the case of machine learning and synthetic data, a recent study warned against designating it a privacy catch-all, stating that the process does not always untether from the original data completely. Researchers even recently demonstrated how to exploit homomorphic encryption to leak data. At the governing level, the Ada Lovelace Institute points out that PETs can inspire false assumptions about the actual security and privacy of technology by eroding accountability.
With these tradeoffs, PETs could mean a number of different things for U.S. privacy and security policy. First, PETs can’t stand alone. They need to be part of a holistic strategy that considers their benefits and their drawbacks. In addition, starting at the federal level, implementing national data privacy and security legislation is critical. Without a policy nucleus, PETs will go only so far before running into the consequences of a “wild west” of data. Currently, companies that could be covered under federal privacy and security legislation operate without high-level guidance and in a patchwork of varying state laws. A legislative foundation would be a force-multiplier for PETs and vice versa.
At the state and federal agency level, decision-makers need to understand the bigger picture around the technology group. However, the PET market is difficult for buyers to navigate because of the lack of set standards and vocabulary. For example, the Privacy Tech Alliance argues that this vague dynamic contributes to a confusing market and calls for stakeholders to “develop and promote voluntary, shared, consensus driven vernacular in the privacy technology market.” The Rise of Privacy Tech’s seven privacy tech principles offers a framework to pin the concept down. In the DHS’s case, it needs to know exactly what counts as privacy enhancing and what doesn’t—both when they’re building the technology and when they’re buying it.
The DHS is already taking critical steps like working with external privacy advocates and screening products to set privacy criteria, but they must vet any PETs strictly before procurement or implementation. Dupree also acknowledged that bringing in PETs will require internal collaboration with their procurement office, for example, to ensure that these changes are embraced agency wide. Part of this joint work should include the meticulous screening of potential privacy-enhancing products, given that PETs would likely pass existing privacy criteria more easily because they are designed for non-PETs.
PETs are efficient tools when linked to other data privacy and security policies, so understanding the landscape of their tradeoffs is key to implementing privacy proactively. It is only by doing so that we will continue to successfully innovate solutions to data privacy and security.
Image credit: md3d
