Hackers are continuously scouting the web for poorly secured databases. This is why companies should be aware of what is yet to come.
Since privacy and security are becoming the top concerns for those on the internet, Google as one of the largest tech company on the web wants to help by introducing 'Private Join and Compute', the secure multi-party computation (MPC) tool designed to help organizations work together with confidential data sets.
The tool is designed with privacy in mind, and allows organizations to trade data sets and glean aggregate insights about other parties’ confidential data without actually disclosing anything about individuals represented in the data set.
The data stays encrypted, and only the results of calculations based on the data will be revealed.
Private Join and Compute works by using a cryptographic protocol called Private Set-Intersection (PSI). Google has already employed this on its Password Checkup Chrome extension which allows users to match their login credentials against an encrypted data set of over 4 billion credentials Google knows to be unsafe, but without revealing the details to anyone, including Google.
Private Join and Compute is open source, and can be found on GitHub.
In the inter-connected world, most data sets available on the internet have fields like email addresses and phone numbers that can be used to identify each record.
In PSI, identifiers like these and their associated data are encrypted with private keys. This is to ensure that the data cannot be deciphered by any other third party.
The organizations can then exchange this encrypted data with each other, followed by encrypting the identifiers a second time with their respective private keys. This double-encrypted data is again traded, and then joined with the other party’s double-encrypted data set to discover intersections among the two data sets.
According to Google on its blog post:
"But when you’re working with sensitive data, how can one party gain aggregated insights about the other party’s data without either of them learning any information about individuals in the datasets? That’s the exact challenge that Private Join and Compute helps solve."
In the example above, by processing the city’s rider data set and the point-of-sale data set from merchants using Private Join and Compute, it allows the city to determine the total number of train riders who made a purchase at a local store without revealing any identifying information about the riders or their purchases.
“Using this cryptographic protocol, two parties can encrypt their identifiers and associated data, and then join them,” said Google
"They can then do certain types of calculations on the overlapping set of data to draw useful information from both datasets in aggregate. All inputs (identifiers and their associated data) remain fully encrypted and unreadable throughout the process.”
Once the intersecting data set has been identified, calculations. Things like count, summation, or average, can be performed on it to reveal aggregate statistics. But the underlying data remains concealed using a process called homomorphic encryption.
This type of encryption enables only certain types of computation to be performed directly on encrypted data without having to decrypt it.
Given by the number of data breaches and other mishaps by companies, and other incidents involving third-parties access to data, this technology is indeed promising.
PSI can be the privacy preserving option to perform various kinds of data analytics.
For Google, this is also crucial as it also include the ability to track ad campaign effectiveness.