SoylentNews is people
SoylentNews
The topics of security and data have become almost inseparable as enterprises move more workloads to the cloud. But unlocking new uses for that data, particularly driving richer AI and machine learning, will require next-generation security.
To that end, companies have been developing confidential computing to allow data to remain encrypted while it is being processed. But as a complement to that, a security process known as fully homomorphic encryption is now on the verge of making its way out of the labs and into the hands of early adopters after a long gestation period.
Researchers like homomorphic encryption because it provides a certain type of security that can follow the data throughout its journey across systems. In contrast, confidential computing tends to be more reliant upon special hardware that can be powerful but is also limiting in some respects.
Companies such as Microsoft and Intel have been big proponents of homomorphic encryption. Last December, IBM made a splash when it released its first homomorphic encryption services. That package included educational material, support, and prototyping environments for companies that want to experiment.
[...] With FHE, the data can remain encrypted while being used by an application. Imagine, for instance, a navigation app on a phone that can give directions without actually being able to see any personal information or location.
Companies are potentially interested in FHE because it would allow them to apply AI to data, such as from finance and health, while being able to promise users that the company has no way to actually view or access the underlying data.
While the concept of homomorphic encryption has been of interest for decades, the problem is that FHE has taken a huge amount of compute power, so much so that it has been too expensive to be practicable.
But researchers have made big advances in recent years.
[...] Maass said in the near term, IBM envisions FHE being attractive to highly regulated industries, such as financial services and health care.
"They have both the need to unlock the value of that data, but also face extreme pressures to secure and preserve the privacy of the data that they're computing upon," he said.
But he expects that over time a wider range of businesses will benefit from FHE. Many sectors want to improve their use of data, which is becoming a competitive differentiator. That includes using FHE to help drive new forms of collaboration and monetization. As this happens, IBM hopes these new security models will drive wider enterprise adoption of hybrid cloud platforms.
(Score: 2) by VLM on Wednesday April 07 2021, @01:53PM
The way the Federal Census handles privacy is simply locking up the data for 70 years then release everything in plaintext.
Meanwhile, you have to trust them that they won't go all 1940s Germany on releasing your private data during those 70 years, HOWEVER they do extensive aggregate data analysis, most of which might be correct? and they publish that aggregate data.
So an analysis of reported race in some city 80 years ago can be done from primary sources, literally look at the returned forms and see who's white vs jewish vs black vs asian vs whatever.
Now if want an analysis you have to talk the census dept into doing it and then trust their results and you wait for awhile for them to get around to it and they publish it and everyone has a level playing field.
With homomorphic encryption, VERY theoretically, your process would look like "obtain encrypted individual census results" "spend terawatt-hours doing homomorphic operations to generate a percentage breakdown of a city by race" "ask the census oracle server to decrypt one, and precisely one, message today which theoretically is this supposedly legit statistical analysis and not something illegal (cross my fingers behind my back)"
Of course everyone who's ever done a "workplace feelings" survey at work knows you can abuse aggregated data to de-anonymize it. If your company has 1050 employees worldwide in the category of 29 years of age with 7 years experience and 2 years at the company, your workplace feels survey is anonymous. If your boss has 3 employees and you're the only guy in that "aggregated category" then your survey is completely de-anonymized. You see this with medical records, break down the aggregate data to individual blocks in a subdivision with enough finely aggregated demographic criteria and you can completely deanonymize the data, so there's lots of HIPPA whining about it, especially if you rub one report up against another report.
The problem is homomorphic encryption is, or used to be, so incredibly inefficient, that it would be faster and cheaper and more environmentally responsible to buy the Census dept a supercomputer and then politely ask them for legal results rather than trying to calculate it yourself. Its really really really slow. Or used to be.
There was some online game theoretical proposal where you could have open source untrusted clients do something between homomorphic and digital cash transactions with each other such that if some individual client was "cheating" for at least some values of cheating, then at least half the other clients could unblind the anonymity of the cheating player.