Please can someone help provide a response to this post. Please do not repost my original content as a response.

TOPIC: Privacy-Enhancing Computation

With the Internet becoming more incorporated into our everyday lives, the topic of privacy is getting important as well. According to Pew Research Center, 79% of Americans are concerned about companies misusing their personal data, and 70% believe that their data is less secure than it used to be just five years ago (Auxier, et al., 2019). That's why the new trend in Privacy-Enhancing Computation is getting a lot of attention lately. In a nutshell, technology is about making sure that if even the data is obtained by malicious players, people's privacy is not affected. One of the easiest ways to achieve this is by anonymizing data. For example, if a medical company conducts the research, they remove all PII (Personally identifiable information) information so that nobody can identify the person behind the research. Another example is research conducted by HR about gender and race equality and pay gaps (Levy, 2021).

Obviously, companies are investing in the technology because they care about other people, but because governments are creating privacy regulations. Some of the most strict regulatory acts are GDPR (GDPR, n.d.) and California Consumer Privacy Act (CCPA) (CCPA, n.d.). The goal of regulations is to prevent harm to individuals, protect their dignity and avoid personal data misrepresentation and discrimination.

While data anonymizing is a simple way to achieve privacy, it often causes a loss of useful data and makes data less useful. So, there are other privacy-enhancing computation technologies. The most common of them are presented below, ordered from most secure to less secure.

Homomorphic Encryption

We are familiar with standard encryption - it's when the data is encrypted at rest or when it is stored on a physical device, such as a hard drive. However, there are many programs that can steal the data during computation when the data is in not protected yet. Homomorphic encryption allows performing operations on encrypted data without decrypting and compromising during computations (Cobb, 2022).

Secure Multi-Party Computation (SMPC)

SMPC is another encrypted computation mechanism, which essentially guarantees that no entity has access to the entire dataset, only to some parts. In this case, even if one part is compromised, the entire dataset is still protected.

Differential Privacy

With Differential privacy, the entire dataset is presented after hiding individually identifiable data. In some cases, some artificial data can be added, but the goal of such datasets is to present patterns, so data addition or modification does not affect the patterns but adds more privacy protection.

Trusted Execution Environments

The idea behind Trusted Execution Environment or TTE is to split the processor into two parts when the secure data is only processed in the specifically designated part. It can be a co-processor or special chip. An example is a T1 chip in the new Apple Macs.

Zero-Knowledge Proof

With this approach, the public data lacks some identifiable information, but there is a third party entity that serves as a prover of the information, so the data consumers know that the data is not bogus.

Should Jumbo Carpets invest in privacy-enhancing computation technologies?

I believe that this should be a concern for any company that stores data about the customers, especially credit card data. While it is hard to imagine that employees in Jumbo Carpets are knowledgeable enough to know about the latest cybersecurity trends, the company should only purchase the software that guarantees to take care of privacy for them.

Questions

1. How concerned are you about your online privacy?

2. Do you think companies will handle your personal data ethically or will not hesitate to sell it to anyone?

3. Is it possible that new regulations can impact freedom of speech?

4. Will you continue using your favorite apps, such as Google or Facebook, knowing that they sell data about your search to other companies or governments?

5. Should the government be able to obtain private information if they suspect the person is planning a crime?

References

Auxier, B., Rainie, L., Anderson, M., Perrin, A., Kumar, M., & Turner, E. (2019, November 15). Americans and Privacy: Concerned, Confused and Feeling Lack of Control Over Their Personal Information. Retrieved from Pew Research Center: https://www.pewresearch.org/internet/2019/11/15/americans-and-privacy-concerned-confused-and-feeling-lack-of-control-over-their-personal-information/

CCPA. California Consumer Privacy Act. (n.d.). Retrieved from State of California Department of Justice: https://oag.ca.gov/privacy/ccpa

Cobb, M. (2022, February). Privacy-enhancing technology types and use cases. Retrieved from TechTarget: https://www.techtarget.com/searchsecurity/tip/Privacy-enhancing-technology-types-and-use-cases

GDPR. General Data Protection Regulation. (n.d.). Retrieved from Intersoft Consulting: https://gdpr-info.eu/

Levy, I. (2021, February 19). Adding Privacy-Enhancing Computation To Your Tech Stack. Retrieved from Forbes: https://www.forbes.com/sites/forbestechcouncil/2021/02/19/adding-privacy-enhancing-computation-to-your-tech-stack/?sh=7211c4053de5