PRIVACY-PROTECTED CONTACT TRACING TO FIGHT COVID-19 · 11 | Confidential Kurt Rohloff...
Transcript of PRIVACY-PROTECTED CONTACT TRACING TO FIGHT COVID-19 · 11 | Confidential Kurt Rohloff...
| Confidential1 Kurt Rohloff [email protected]
PRIVACY-PROTECTED
CONTACT TRACING TO FIGHT COVID-19
Winner of The
2018 iDash
International HE
Competition
KURT ROHLOFF, CO-FOUNDER AND CTO
ALON KAUFMAN, CO-FOUNDER AND [email protected]
| Confidential2 Kurt Rohloff [email protected]
A FEAR AND A VISION
| Confidential3 Kurt Rohloff [email protected]
CONTACT TRACING
• Contact Tracing is finding everyone who came into contact with an infectious individual.
• For COVID-19, this include everyone who was in close proximity in the last 14 days.
• Contact Tracing permits a quick and effective response.
Diagram Source: CDC
| Confidential4 Kurt Rohloff [email protected]
Contact Tracing: It Takes a Network
Contact Tracing is a MAJOR Data Sharing Challenge.
Data sharing for contact tracing is a vital less-painful step in strengthening our collective response.
What about privacy?Medical *and* Location Data
How to enable contact tracing while protecting privacy?
| Confidential5 Kurt Rohloff [email protected]
Secure Digital Collaboration
Privacy & regulation
Security
AI &Advanced Analytics
Cloud
PAIN POINT
• Privacy, Regulations & IP Concerns Have Been Barriers• Data Owners and Health Agencies have been
hesitant to share data due to privacy regulations.
• Impossible to get Adequate Individual Opt-In• This has Slowed Responses.• Many Countries have Removed Privacy Laws
after Delays.
• How can we Make it Acceptable for Data Owners and Health Agencies to work?
| Confidential6 Kurt Rohloff [email protected]
SECURE DATA ANALYTICS COLLABORATION
ENABLES SECURE COLLABORATION BETWEEN DATA OWNERS/CUSTODIANS AND MODEL OWNERS
Privacy
Regulation
Security
Business secrets
The Privacy Solution
PAIN POINT
AI & Advanced Analytics
Cloud
Data Monetization
Model Monetization
Auditing and Investigations
| Confidential7 Kurt Rohloff [email protected]
THE PRIVACY SOLUTION: DATA UTILITY AND PRIVACYCollaboration on Protected Data
Pri
vacy
& C
on
tro
l
Data Utility
Max privacy
Max utilityNo utility
No privacy
Acceptable tradeoff
Ideal solution
| Confidential8 Kurt Rohloff [email protected]
PRIVACY ENHANCING TECHNOLOGIES: DEFINITIONS AND OVERVIEW
Definition
Typical Use Case
Drawbacks
Different PETs are all part of a toolbox used to address different problems
Secure Hardware Enclave
Data secured using secure hardware.Data inaccessible to any process outside of secure hardware.Allow applications to run on sensitive information
Running applications on sensitive data on dedicated hardware in less-trusted environments (e.g., cloud)
- Hardware-dependent
- Requires software modifications
- Demonstrated susceptible to attack
Secure Multiparty Computation
Allows parties to perform a joint computation on individual inputs without revealing underlying data
Benchmarking between collaborating parties where aggregated output is adequate
- Output (result of analysis) is known by all parties and can be used to infer sensitive data
- Deployment are often complex to implement
- Typically requires intensive communication between parties, driving high costs
Differential Privacy
Aggregated data that includes randomly generated noise, therefore limiting each party’s ability to reverse-engineer individual inputs
Aggregated data analysis when individual, precise results are not needed (e.g., Census Data)
- Results are directionally correct, but not precise
- Limited number and type of computations can be run due to added noise
Homomorphic Encryption
Data and/or models encrypted at rest, in transit, and in use.
Computations run on encrypted Data
Can be combined with other methods, like SMPC, to offer hybrid approaches.
Cases where flexibility in computation is desired, and regulatory compliance, precision, and security are necessary
- Performance slower vs. computations in the clear; typically best for batch or “human scale” computation
| Confidential9 Kurt Rohloff [email protected]
PRIVACY ENHANCING TECHNOLOGIES: COMPARING TECHNIQUES
Secure Hardware Enclave
Secure Multiparty Computation
Differential Privacy Homomorphic Encryption
Hardware Independent X ✔ ✔ ✔
End-to-end encryption X X X ✔
Exact results for general computations
✔ ✔ X ✔
Accurate for individual-level insights
✔ ✔ X ✔
Support for cryptographic access delegation
X X X ✔
Enables Collaboration on multiple data sets
✔ ✔ X ✔
| Confidential10 Kurt Rohloff [email protected]
WHAT IS COMPUTATION ON ENCRYPTED DATA?
Data Owner encrypts its sensitive data1
3
+ =
Encrypted results returned to Data Owner, who decrypts them
2Data Owner sends encrypted data to a Computation Service, which applies computation
=
| Confidential11 Kurt Rohloff [email protected]
PRIVACY-PROTECTED COVID-19 CONTACT TRACING
• HE secures data while it is used, while older forms of encryption secure data only “at rest” or “in transit”
• HE allows for analytics, including machine learning and AI models to be applied to encrypted data
• HE computations yield the same output as if the analysis was run on unprotected data
• Identify individuals exposed to COVID-19 based on location and time - without exposing personally identifiable information (PII)
• Use Homomorphic Encryption (HE) to enable organizations to analyze data while encrypted.• Enables organization to collaborate to extract insights from data, without exposing sensitive information,
such as medical or location data.
Homomorphic Encryption secures data throughout the entire lifecycle
Schematic of data flow:
| Confidential12 Kurt Rohloff [email protected]
PRIVACY-PROTECTED COVID-19 CONTACT TRACING
Secure Query 1
• Input: Unique identifier (Phone number, email) of infected individual and date range
• Output: Locations, dates, and times where mobile device was pinged
• How its privacy enhanced:
• Location data providers cannot see PII inputted or received by healthcare authorities
• Healthcare authorities cannot see PII related to unexposed individuals
Secure Query 2
• Input: Locations, dates, and times where mobile device was pinged
• Output: Individuals at the same place and same times as infected individual
• How its privacy enhanced:
• Location data providers cannot see PII inputted or received by healthcare authorities
• Healthcare authorities cannot see PII related to unexposed individuals
Action
• Healthcare Authorities can
• Contact individuals suspected of exposure
• Contact exposed businesses
• Better coordinate with local health, law enforcement, and government agencies
Duality has developed a SecurePlus Query capability for privacy-protected contact tracingAllows healthcare authorities to identify COVID-19 exposures without:1. sharing sensitive information with location data providers nor2. viewing information pertaining to unexposed individuals
| Confidential13 Kurt Rohloff [email protected]
CAPABILITY SCREENSHOTS AND FLOWS
| Confidential14 Kurt Rohloff [email protected]
SECURE QUERY 1: GIVEN A PHONE NUMBER OF A CONFIRMED COVID-19 CASE, SHOW WHERE THEY HAVE BEEN IN A GIVEN TIMEFRAME
Screenshot: Healthcare authority can input the phone number of individuals confirmed to have COVID-19. This is encrypted, ensuring it cannot be viewed by location data providers
Screenshot: Healthcare authority can receive a list of locations and times where people with confirmed cases have been in a specific timeframe
Input Output
How it’s privacy enhanced:• Location data providers cannot see PII inputted or received by healthcare authorities• Healthcare authorities cannot see PII unrelated to query
| Confidential15 Kurt Rohloff [email protected]
SECURE QUERY 2: GIVEN THE LOCATION INFORMATION OF A CONFIRMED COVID-19 CASE, SHOW WHO ELSE WAS AT THE SAME PLACE AT THE SAME TIME
Screenshot: Given results of previous query, healthcare authority can input the locations and times where individuals confirmed to have COVID-19 have been
Screenshot: Healthcare authority can receive a list of contact information for individuals that were in the same place at the same time as a confirmed case, indicating they may have been exposed to COVID-19
Input Output
How it’s privacy enhanced:• Location data providers cannot see PII inputted or received by healthcare authorities• Healthcare authorities cannot see PII related to individuals who were not potentially
exposed to COVID-19
| Confidential16 Kurt Rohloff [email protected]
SUMMARY AND ACTIONS
Healthcare Agencies
• Perform contact tracing while preserving privacy of confirmed and suspected COVID-19 cases
• Cannot access data about individuals not potentially exposed to COVID-19
• Can use information to contact individuals and businesses who may have been exposed, coordinate response with local government, law enforcement, and healthcare
Data Providers
• Can help healthcare agencies identify people and businesses exposed to COVID-19
• Cannot see PII regarding confirmed or suspected COVID-19 individuals
• Protect the privacy of individuals not potentially exposed to COVID-19
| Confidential17 Kurt Rohloff [email protected]
UNDERLYING TECHNOLOGY
| Confidential18 Kurt Rohloff [email protected]
PALISADE C++ LIBRARY
https://palisade-crypto.org
• A general-purpose open source lattice encryption library.• Supports major homomorphic encryption schemes.
• Consortium of contributors from Duality, NJIT, MIT, Raytheon BBN, Lucent Govt. Systems, Intel, and more • Heavily funded by US Federal Government / DoD, IC and NIH
• Open-Source public release under 2-clause BSD license
• Optimized hardware-specific math libraries and custom implementations are supported• Highly Modular and Extensible
| Confidential19 Kurt Rohloff [email protected]
PRIVACY STANDARDS – HOMOMORPHIC ENCRYPTION
• Homomorphic encryption is being developed as a privacy standard.
• Derive value from data while protecting privacy
• Industry Standard Consortium Body
• HomomorphicEncryption.org
• Co-founded in 2017 with (mostly) biannual meetings since then.
• Next (virtual) meeting hosted by ITU-T
| Confidential20 Kurt Rohloff [email protected]
HOMOMORPHIC ENCRYPTION COMMUNITY
• Broad International Engagement• USA, Canada, Korea, Japan, China, Singapore, Australia, UK, Ireland, Italy, Israel, Germany,
Egypt, Brazil, UAE, etc…
• Industry• Intel, Microsoft and Duality Technologies sponsored last meeting• Samsung, SAP, IBM, Mastercard, Intuit, etc…
• Government• Korean Credit Bureau, NIST, US DoD, CSE, NIH, etc…
• Academia• MIT, UCSD, Stanford, NJIT, EPFL, Royal Holloway, etc…
• Interested? GET INVOLVED