EAGER: SaTC: Early-Stage Interdisciplinary Collaboration: Multi-regulation computation

Sponsor: National Science Foundation

Award Number: 1915763

Co-Is/Co-PIs: Andrew Sellars, Azer Bestavros

Abstract:

This interdisciplinary project investigates whether existing cryptographic techniques for analyzing siloed data comport with participants’ legal restrictions on data disclosure. Secure multi-party computation (MPC) is a technique from cryptography that allows several participants, each with sensitive information, to analyze their data collectively without ever sharing it. Several companies, governments, and non-profit organizations have adopted MPC to provide people with socially beneficial information (e.g., computing the city-wide wage gap while hiding individual salaries) that may otherwise be impossible or near-impossible to learn due to the sensitivity of the raw data. MPC is well-suited toward analyses of protected education, healthcare, or judicial data; however, deployments of MPC in these areas are scarce, in part due to the difficulty of assessing whether MPC technology suffices to meet legal regulations on the disclosure of data that includes personally identifiable information. The core question for this project is to develop MPC technology that simultaneously provides cryptographic and legal protection of sensitive input data.

This project has three phases, with a bidirectional flow of knowledge among cybersecurity and legal researchers in each phase. First, the investigators are identifying use cases in which information to be analyzed using MPC algorithms is subject to multiple state, federal, and international regulations that impose privacy restrictions and limit data sharing, and they examine the relevant legal constraints on information use. Second, the investigators are designing MPC protocols that, in addition to the usual cryptographic security notion that each party’s view can be simulated, also guarantee the impossibility of reconstructing any legally-protected information under legally-compliant assumptions of trust and collusion. Third, the investigators are examining critically whether the newly-developed protocols provide sufficient protection to allow parties to use regulated data without triggering additional legal constraints on data use, by analyzing the legal requirements and potential policy objections. This three-phase process will pave the way for greater adoption of MPC by demonstrating to the legal community that MPC can improve data analysis without triggering additional burdensome legal obligations or policy concerns.

For more information, click here.