crossing borders of organizational silos - use … · data-driven services on confidential data...
TRANSCRIPT
CROSSING BORDERS OF ORGANIZATIONAL SILOS -
USE CASES OF MPC IN DECISION MAKING
@HEILIGE GEESTTAFEL, COSIC, KU LEUVEN, 2018.11.30
BALDUR KUBO
ACCOUNT MANAGER
E-MAIL: [email protected]
WEB: sharemind.cyber.ee
DATA-DRIVEN SERVICES ON CONFIDENTIAL DATA
ABOUT CYBERNETICA
• Estonian ICT company, founded in 1997
• Successor of the Institute of Cybernetics of Estonian Academy of
Sciences
• Mission-critical e-government, information security, radio
communications and surveillance products and systems
• We inspire new areas of advancement with research and
development
• Team of 140 people, 10% PhD-s
50% exports (Main markets: Indonesia, USA, EU).
2
DATA-DRIVEN SERVICES ON CONFIDENTIAL DATA
CYBERNETICA’S OPERATIONS
• Software:Sharemind® Platform for Confidential Data Analysis
SplitKey Authentication and Digital Signature Platform
UXP® for Interorganisational Data Exchange
TIVI® Internet Voting (subsidiary with Smartmatic)
• Systems:Coastal Maritime Communication
Border Surveillance
• Secure Software Development: energy (smart-grid), tax and customs, homeland security, defence, cybersecurity, authentication and digital signatures
• R&D: information security (cryptography), consulting
3
DATA-DRIVEN SERVICES ON CONFIDENTIAL DATA
HIGHLIGHTS
• Privacy Analytics/IQVIA, Canada – healthcare data/pharmaceutical research, Sharemind MPC (2018)
• Police and Borderguard - Processing of biometric data. Process and risk analysis, design (2018)
• Positium LBS – R&D of a Privacy-preserving tourism statistics system on mobile Big Data, Sharemind HI (2016+)
• Smart City government – employee satisfaction and dedication survey. Thank you, Alexandra Institute and Partisia for the shared efforts leading to success, Sharemind MPC (2016).
• CentAR (ITL,Ministry of Education and Science)- Privacy-preserving linkage and statistical analysis using administrative data, Sharemind MPC (2015, 2016)
DATA-DRIVEN SERVICES ON CONFIDENTIAL DATA
SERVICES
Differentiation
Risk
Compliance
• Privacy by Design- consulting and training- process design
• Selection of Privacy-enhancing technologies
• Qual.-/Quant assessment
• Mapping of attack vectors
• Cryptographic security analysis
• Analysis of privacy leakage
• Support of compliance assessment
De
plo
ymen
t o
f P
riva
cy-E
nh
anci
ng
Tech
no
logi
es
DATA-DRIVEN SERVICES ON CONFIDENTIAL DATA
HOW TO GET/SHARE THE BEST DATA?
Today’s data analysis tools are not
designed for processing confidential
data in an accountable way.
This is hurting owners and data-driven
service providers. They find it hard to
launch new offerings.
PROPRIETARY
DATA-DRIVEN SERVICES ON CONFIDENTIAL DATA
VAT AVOIDANCE WAS A 100M€+ PROBLEM
VAT
Socia
l tax
Incom
e tax
Alcoho
l exc
ise
Tobacco e
xcise
Fuel
excis
e
Packagin
g excis
e
ME
UR
DATA-DRIVEN SERVICES ON CONFIDENTIAL DATA
MPC WOULD PROTECT THE HONEST TAXPAYER
Tax and
Customs
BoardCompanies
VAT declaration
(encrypted)
Risk analysis
queries
Risk
scores
Sharemind-based risk analysis system
matches encrypted declarations without decrypting them and finds companies witha risk of VAT fraud
• Confidentiality of honest
taxpayers is guaranteed from
both internal leaks and external
attacks.
• There is no single party who can
decrypt data and, thus, break
privacy. Control is distributed
among parties.
DATA-DRIVEN SERVICES ON CONFIDENTIAL DATA
EXAMPLE: LOCATION DATA ANALYTICS
LOCATION DATA TELLS US
• How many people live in an area?
• How many people attend an event?
• How do people travel?
• How to plan better public transport?
• How long do tourists stay?
• What places are visited by tourists?
PROPRIETARY
SHAREMIND LOCATION ANALYTICS PARTNER
DATA-DRIVEN SERVICES ON CONFIDENTIAL DATA
UNSOLVED PROBLEMS
Lack of information
• Who are my customers? KYC
• Where to invest to improve employee engagement?
• How should I improve my business?
• How to exit from the world top position in imprisoner of women, USA?
• How to increase graduation of IT students from current 60%?
• How to reduce sexual assault on university campuses?
• How to get better credit? Companies/individuals.
Heilige Geesttafel
Industry, fintech, telco, gov.
UNSOLVED PROBLEMS
Ongoing Fraud
• How to ease reporting of
cheating in university?
• How to reduce
• 150b€ annual VAT tax gap?
• Informal economy?
Informal economy
EU/EFTA % of GDP (2015)
https://ec.europa.eu/home-affairs/sites/homeaffairs/files/00_eu_illegal_employment_synthesis_report_final_en_0.pdf
DATA-DRIVEN SERVICES ON CONFIDENTIAL DATA
REGULATORY PRECEDENTS IN EUROPE
• The Estonian Data Protection Agency stated that the combination of
technology and processes ensured that private data was not processed and
the requirements of the Data Protection Act need not apply.
• Assumption: no identifiable records are published.
• The Internal Oversight of the Tax and Customs Board agreed to provide
unmodified tax records after a code and process review.
• A German legal research team extended the precedent to work under the
GDPR.
DATA-DRIVEN SERVICES ON CONFIDENTIAL DATA
DATA-DRIVEN SERVICES ON CONFIDENTIAL DATA
CASE STUDIES OF DESCRIBED APPLICATIONS
• Students, taxes, GDPR validation (outdated performance numbers)
• Dan Bogdanov, Liina Kamm, Baldur Kubo, Reimo Rebane, Ville Sokk, Riivo Talviste.
Students and Taxes: a Privacy-Preserving Social Study Using Secure Computation. In
Proceedings on Privacy Enhancing Technologies, PoPETs, 2016 (3), pp 117–135, 2016.
http://dx.doi.org/10.1515/popets-2016-0019
• Tax fraud detection
• Dan Bogdanov, Marko Jõemets, Sander Siim, Meril Vaht. How the Estonian Tax and
Customs Board Evaluated a Tax Fraud Detection System Based on Secure Multi-party
Computation. Financial Cryptography and Data Security - 19th International
Conference. 2015.
• http://fc15.ifca.ai/preproceedings/paper_47.pdf (case study)
• https://cyber.ee/uploads/2013/05/T-4-24-Privacy-preserving-tax-fraud-detection-in-the-
cloud-with-realistic-data-volumes-1.pdf (performance numbers)
DATA-DRIVEN SERVICES ON CONFIDENTIAL DATA
DATA-DRIVEN SERVICES ON CONFIDENTIAL DATA
USEFUL LINKS
• Sharemind blog (legal analyses, case studies etc)
• https://sharemind.cyber.ee/
• Sharemind SDK (both source code and download)
• https://sharemind-sdk.github.io
• Sharemind-related publications
• https://sharemind.cyber.ee/research/
PROPRIETARY
DATA-DRIVEN SERVICES ON CONFIDENTIAL DATA
DATA-DRIVEN SERVICES ON CONFIDENTIAL DATA
CONSCIOUS APPLICATION OF PRIVACY ENHANCING TECHNOLOGIES RAISES ORGANIZATIONAL MATURITY
§ ☠ ✰ ❤
Compliance Risks Differentiation Values