PRIVACY-PROTECTED CONTACT TRACING TO FIGHT COVID-19 · 11 | Confidential Kurt Rohloff...

| Confidential1 Kurt Rohloff [email protected]

PRIVACY-PROTECTED

CONTACT TRACING TO FIGHT COVID-19

Winner of The

2018 iDash

International HE

Competition

KURT ROHLOFF, CO-FOUNDER AND CTO

[email protected]

ALON KAUFMAN, CO-FOUNDER AND [email protected]


A FEAR AND A VISION


CONTACT TRACING

• Contact Tracing is finding everyone who came into contact with an infectious individual.

• For COVID-19, this include everyone who was in close proximity in the last 14 days.

• Contact Tracing permits a quick and effective response.

Diagram Source: CDC


Contact Tracing: It Takes a Network

Contact Tracing is a MAJOR Data Sharing Challenge.

Data sharing for contact tracing is a vital less-painful step in strengthening our collective response.

What about privacy?Medical *and* Location Data

How to enable contact tracing while protecting privacy?


Secure Digital Collaboration

Privacy & regulation

Security

AI &Advanced Analytics

Cloud

PAIN POINT

• Privacy, Regulations & IP Concerns Have Been Barriers• Data Owners and Health Agencies have been

hesitant to share data due to privacy regulations.

• Impossible to get Adequate Individual Opt-In• This has Slowed Responses.• Many Countries have Removed Privacy Laws

after Delays.

• How can we Make it Acceptable for Data Owners and Health Agencies to work?


SECURE DATA ANALYTICS COLLABORATION

ENABLES SECURE COLLABORATION BETWEEN DATA OWNERS/CUSTODIANS AND MODEL OWNERS

Privacy

Regulation

Security

Business secrets

The Privacy Solution

PAIN POINT

AI & Advanced Analytics

Cloud

Data Monetization

Model Monetization

Auditing and Investigations


THE PRIVACY SOLUTION: DATA UTILITY AND PRIVACYCollaboration on Protected Data

Pri

vacy

& C

on

tro

l

Data Utility

Max privacy

Max utilityNo utility

No privacy

Acceptable tradeoff

Ideal solution


PRIVACY ENHANCING TECHNOLOGIES: DEFINITIONS AND OVERVIEW

Definition

Typical Use Case

Drawbacks

Different PETs are all part of a toolbox used to address different problems

Secure Hardware Enclave

Data secured using secure hardware.Data inaccessible to any process outside of secure hardware.Allow applications to run on sensitive information

Running applications on sensitive data on dedicated hardware in less-trusted environments (e.g., cloud)

- Hardware-dependent

- Requires software modifications

- Demonstrated susceptible to attack

Secure Multiparty Computation

Allows parties to perform a joint computation on individual inputs without revealing underlying data

Benchmarking between collaborating parties where aggregated output is adequate

- Output (result of analysis) is known by all parties and can be used to infer sensitive data

- Deployment are often complex to implement

- Typically requires intensive communication between parties, driving high costs

Differential Privacy

Aggregated data that includes randomly generated noise, therefore limiting each party’s ability to reverse-engineer individual inputs

Aggregated data analysis when individual, precise results are not needed (e.g., Census Data)

- Results are directionally correct, but not precise

- Limited number and type of computations can be run due to added noise

Homomorphic Encryption

Data and/or models encrypted at rest, in transit, and in use.

Computations run on encrypted Data

Can be combined with other methods, like SMPC, to offer hybrid approaches.

Cases where flexibility in computation is desired, and regulatory compliance, precision, and security are necessary

- Performance slower vs. computations in the clear; typically best for batch or “human scale” computation


PRIVACY ENHANCING TECHNOLOGIES: COMPARING TECHNIQUES

Secure Hardware Enclave

Secure Multiparty Computation

Differential Privacy Homomorphic Encryption

Hardware Independent X ✔ ✔ ✔

End-to-end encryption X X X ✔

Exact results for general computations

✔ ✔ X ✔

Accurate for individual-level insights

✔ ✔ X ✔

Support for cryptographic access delegation

X X X ✔

Enables Collaboration on multiple data sets

✔ ✔ X ✔


WHAT IS COMPUTATION ON ENCRYPTED DATA?

Data Owner encrypts its sensitive data1

3

+ =

Encrypted results returned to Data Owner, who decrypts them

2Data Owner sends encrypted data to a Computation Service, which applies computation

=


PRIVACY-PROTECTED COVID-19 CONTACT TRACING

• HE secures data while it is used, while older forms of encryption secure data only “at rest” or “in transit”

• HE allows for analytics, including machine learning and AI models to be applied to encrypted data

• HE computations yield the same output as if the analysis was run on unprotected data

• Identify individuals exposed to COVID-19 based on location and time - without exposing personally identifiable information (PII)

• Use Homomorphic Encryption (HE) to enable organizations to analyze data while encrypted.• Enables organization to collaborate to extract insights from data, without exposing sensitive information,

such as medical or location data.

Homomorphic Encryption secures data throughout the entire lifecycle

Schematic of data flow:


PRIVACY-PROTECTED COVID-19 CONTACT TRACING

Secure Query 1

• Input: Unique identifier (Phone number, email) of infected individual and date range

• Output: Locations, dates, and times where mobile device was pinged

• How its privacy enhanced:

• Location data providers cannot see PII inputted or received by healthcare authorities

• Healthcare authorities cannot see PII related to unexposed individuals

Secure Query 2

• Input: Locations, dates, and times where mobile device was pinged

• Output: Individuals at the same place and same times as infected individual

• How its privacy enhanced:

• Location data providers cannot see PII inputted or received by healthcare authorities

• Healthcare authorities cannot see PII related to unexposed individuals

Action

• Healthcare Authorities can

• Contact individuals suspected of exposure

• Contact exposed businesses

• Better coordinate with local health, law enforcement, and government agencies

Duality has developed a SecurePlus Query capability for privacy-protected contact tracingAllows healthcare authorities to identify COVID-19 exposures without:1. sharing sensitive information with location data providers nor2. viewing information pertaining to unexposed individuals


CAPABILITY SCREENSHOTS AND FLOWS


SECURE QUERY 1: GIVEN A PHONE NUMBER OF A CONFIRMED COVID-19 CASE, SHOW WHERE THEY HAVE BEEN IN A GIVEN TIMEFRAME

Screenshot: Healthcare authority can input the phone number of individuals confirmed to have COVID-19. This is encrypted, ensuring it cannot be viewed by location data providers

Screenshot: Healthcare authority can receive a list of locations and times where people with confirmed cases have been in a specific timeframe

Input Output

How it’s privacy enhanced:• Location data providers cannot see PII inputted or received by healthcare authorities• Healthcare authorities cannot see PII unrelated to query


SECURE QUERY 2: GIVEN THE LOCATION INFORMATION OF A CONFIRMED COVID-19 CASE, SHOW WHO ELSE WAS AT THE SAME PLACE AT THE SAME TIME

Screenshot: Given results of previous query, healthcare authority can input the locations and times where individuals confirmed to have COVID-19 have been

Screenshot: Healthcare authority can receive a list of contact information for individuals that were in the same place at the same time as a confirmed case, indicating they may have been exposed to COVID-19

Input Output

How it’s privacy enhanced:• Location data providers cannot see PII inputted or received by healthcare authorities• Healthcare authorities cannot see PII related to individuals who were not potentially

exposed to COVID-19


SUMMARY AND ACTIONS

Healthcare Agencies

• Perform contact tracing while preserving privacy of confirmed and suspected COVID-19 cases

• Cannot access data about individuals not potentially exposed to COVID-19

• Can use information to contact individuals and businesses who may have been exposed, coordinate response with local government, law enforcement, and healthcare

Data Providers

• Can help healthcare agencies identify people and businesses exposed to COVID-19

• Cannot see PII regarding confirmed or suspected COVID-19 individuals

• Protect the privacy of individuals not potentially exposed to COVID-19


UNDERLYING TECHNOLOGY


PALISADE C++ LIBRARY

https://palisade-crypto.org

• A general-purpose open source lattice encryption library.• Supports major homomorphic encryption schemes.

• Consortium of contributors from Duality, NJIT, MIT, Raytheon BBN, Lucent Govt. Systems, Intel, and more • Heavily funded by US Federal Government / DoD, IC and NIH

• Open-Source public release under 2-clause BSD license

• Optimized hardware-specific math libraries and custom implementations are supported• Highly Modular and Extensible

https://palisade-crypto.org/


PRIVACY STANDARDS – HOMOMORPHIC ENCRYPTION

• Homomorphic encryption is being developed as a privacy standard.

• Derive value from data while protecting privacy

• Industry Standard Consortium Body

• HomomorphicEncryption.org

• Co-founded in 2017 with (mostly) biannual meetings since then.

• Next (virtual) meeting hosted by ITU-T


HOMOMORPHIC ENCRYPTION COMMUNITY

• Broad International Engagement• USA, Canada, Korea, Japan, China, Singapore, Australia, UK, Ireland, Italy, Israel, Germany,

Egypt, Brazil, UAE, etc…

• Industry• Intel, Microsoft and Duality Technologies sponsored last meeting• Samsung, SAP, IBM, Mastercard, Intuit, etc…

• Government• Korean Credit Bureau, NIST, US DoD, CSE, NIH, etc…

• Academia• MIT, UCSD, Stanford, NJIT, EPFL, Royal Holloway, etc…

• Interested? GET INVOLVED


THANK YOUKurt Rohloff

[email protected]

Duality Technologies

PRIVACY-PROTECTED CONTACT TRACING TO FIGHT COVID-19 · 11 | Confidential Kurt Rohloff...

Documents

Transcript of PRIVACY-PROTECTED CONTACT TRACING TO FIGHT COVID-19 · 11 | Confidential Kurt Rohloff...