Until fairly recently, the topic of Privacy Enhancing Technologies (PETs) was rarely discussed in the media. However, as an increasing number of companies begin to realise the benefits of this transformative family of technologies, the frequency of conversation has increased. Society more broadly has also taken notice, seeking a greater understanding of how these technologies can be leveraged to enhance and preserve the privacy of data while it’s been used or processed.
This focus on PETs was highlighted when the US and UK governments recently announced a series of prize challenges focused on advancing the maturity of PETs to combat financial crime and other pressing, data-centred challenges. Dr Alondra Nelson, Director of the White House Office of Science and Technology Policy, said the efforts would aim to demonstrate how the tools within the PETs family can be used to achieve their potential for creating value and addressing data problems across many sectors.
How are PETs already benefiting organisations? For financial services firms, being able to access more data in a secure, privacy-preserving, and efficient manner means they are able to make better, intelligence-led decisions in a business-relevant timeframe. Those additional data points and resulting insights are especially important when working to combat money laundering and fraud on a global scale. With PETs, financial institutions can prioritise customer privacy while still ensuring data is accessible when and where it needs to be, even if that location is across jurisdictions.
PETs also create a paradigm shift for public health readiness, allowing optimal secure and private data sharing between governments and health agencies. In the clinical research arena, medical professionals and public health officials can use PETs to securely search or analyse decentralised research data across organisational, privacy, and regulatory boundaries while safeguarding patient privacy and sensitive medical indicators. Healthcare organisations and entities can also use PETs to protect and enhance the operational value of their medical supply chain by enabling secure federated queries of inventory and increasing supplier visibility, allowing suppliers to respond more effectively and securely to fluctuating demand, which can prevent the depletion of essential products.
PETs have further proven to be hugely beneficial outside the traditional enterprise environments, helping to tackle climate change and fight human trafficking. Indeed, at Enveil, we partnered with the leading counter-human trafficking intelligence organization, DeliverFund, to strengthen efforts to combat human trafficking. With the largest, analyst-curated human trafficking database in the U.S., DeliverFund has significantly reduced the time it takes to identify victims and those who exploit them, going beyond detection to work on the side of prevention and risk mitigation. The collaboration further expands DeliverFund’s impact by accelerating reach and efficiency.
Given the recent focus on the capabilities enabled by PETs, it will be helpful to understanding the basic components of the category. At their core, PETs protect Data in Use by ensuring the privacy and security of the users’ interaction with data (for example, when they perform a search or analytic). By this definition, the core pillars of PETs include homomorphic encryption (HE), secure multiparty computation (SMPC), and trusted execution environments (sometimes called confidential compute).
Beyond the technologies included, there are also a number of myths and misconceptions about PETs that are being perpetuated in the market. Here are a few points of confusion we see regularly.
Myth #1: PETs aren’t ready for prime time.
Breakthroughs in recent years have firmly taken these technologies from the realm of research to commercial readiness. Gartner predicts that by 2025, half of all large organisations will be using these capabilities for processing data in untrusted environments and for multiparty data analytics use cases. PETs are already being used at scale across multiple industries, helping firms to overcome regulatory, organisational, security, and national boundaries to enable secure and efficient data usage and collaboration.
Myth #2: PETs protect Data In Use, At Rest, and In Transit.
There are already a number of established solutions for protecting Data at Rest on the file system, as well as Data in Transit as it moves through the network. The key difference with PETs is the ability to protect data while it’s being used or processed, such as when searches, analytics, and machine learning models are being run over data to extract value.
Myth #3: The individual technologies within the PETs category are competitive.
While the category of PETs continues to develop, like in all emerging areas, there is a tendency to want to compare the individual technologies to one another. The fact is that each of these technologies offer unique attributes; organisations should explore all the options available and educate themselves to determine the best fit. Those working in the PETs space need to recognise and embrace the role we play in educating the market, and in helping to differentiate the technologies while explaining their often complementary nature.
Myth #4: PETs research = PETs commercialisation
While many may assume that PETs are a relatively recent technology, researchers have long been working behind-the-scenes to develop the mathematical infrastructure that serves as the foundation for the value we enjoy today. It is important to remember that there is a difference between the PETs research and the many commercial offerings. Take the example of HE libraries, which provide basic cryptographic components. While these pieces are essential, they are only the building blocks for formulating these technologies into viable, enterprise-ready solutions.
As privacy continues to be a focal point for businesses across industries, technology is proving to be a key enabler. Initiatives such as the US/UK prize challenges are helping to further raise awareness of the role PETs play in safeguarding sensitive data without prohibiting organisations from performing the search, sharing, and analysis necessary to support critical activities. We are only beginning to see the power of this important category, and we can help advance the path to broader use by building a shared understanding of a group of technologies and their potential impact on critical data usage challenges in the coming years.