This story is part of The Privacy Divide, a series that explores the fault lines and disparities–economic, cultural, philosophical–that have developed around digital privacy and its impact on society.

advertisement

advertisement

advertisement

The math behind homomorphic encryption is complex, but CEO and cofounder Alon Kaufman uses a simple metaphor to explain how it works. Imagine that you’ve put your data inside a box to protect it, he explains. You’re the only one who has the key. With homomorphic encryption, you can then give the box to someone else, and they can put their hands in with their eyes closed. That person can shuffle around the numbers inside without ever seeing them. “It means the entity doing the math doesn’t ever see the data, doesn’t see the answers but can employ the computations,” Kaufman says. “That’s what companies want. They don’t want the raw data, they want to know the insights. They want to know if they should offer you this deal.” While the ideas behind homomorphic encryption have been around for decades in academia, where it’s been considered one of the holy grails of cryptography, it’s only recently that the technique has gotten good enough—and fast enough—to make it practical and scalable in a business context. (Compared with computation on unencrypted data, the earliest homomorphic encryption systems were a trillion times slower.) Funding for open-source encryption research from agencies like DARPA, IARPA, and the NSA has also helped. “The applications were out there because there’s more and more data being collected, and it’s clear you can get more by combining [data] rather than working in isolation,” says Goldwasser. That’s what convinced her to team up with her cofounders and try to bring the cryptographic technique she pioneered in academia to the private sector. Duality’s first products will be just for businesses, enabling them to share data with third parties that can work with the raw data in the cloud without actually having access to it. Citing privacy reasons, naturally, the company declined to name its clients, but Kaufman says its data scientists are developing algorithms for use in healthcare, insurance, and banking.

advertisement

For instance, Duality’s technology could also help companies like 23andMe and Ancestry, which have gotten into hot water with regulators over its data privacy practices. These companies would be able to process the data in the cloud or share their analysis with third parties–already a widespread practice–while keeping the raw data completely private. However, Duality’s consumer possibilities are the most intriguing. For example, let’s say there’s an app that gives you diet recommendations based on your genomic data. You might want the app’s insights but you don’t really want to share your data with the company behind it–after all, who knows who at the company might be able to access it, or what third parties the company will share it with? With homomorphic encryption, you could feasibly encrypt your genetic data, locking it in that proverbial box, Kaufman explains. Related: Tim Berners-Lee tells us his radical new plan to upend the World Wide Web “You ship this box to the analytics provider, but you don’t ever give them your key. They [analyze] the data in the box, then give you the answer. The result that comes out is still encrypted, and you take out your key, open the box, and find the answer.” There are several other companies that are offering business security solutions based on homomorphic encryption, and tech giants like Microsoft and IBM are also working on it, but Duality’s cofounders are the ones who pioneered the technique. Their solution is also one of the most advanced. The company’s algorithms won a computation challenge in November 2018 focused on analyzing a genomic dataset using homomorphic encryption, completing the task faster and with less memory use than any other industry group. Investors have taken note: the company said that month it raised $4 million from venture capital fund Team8, which is backed by companies including Microsoft, Softbank, Wal-Mart, Airbus, and AT&T. Studying genomics with privacy Last year, Duality also got a boost from the National Institutes of Health, which gave it grant to apply its privacy-protecting approach to genomics research. Duality’s tech could be a boon for the field, says Sasha Gusev, an assistant professor at Harvard Medical School’s Dana-Farber Cancer Institute who focuses on genome-wide association studies (GWAS), which use large amounts of genetic data to look for variants that are correlated with different diseases. Gusev says that data privacy is becoming an increasingly important challenge in academia, where researchers are aware of the kinds of breaches that have happened in the corporate world and want to ensure that doesn’t happen to their subjects. As a result, many researchers are reluctant to share sensitive health data, even with other academics, because of these security and privacy concerns.

advertisement

“What we need from GWAS is a fairly simple statistical computation but it relies on very sensitive data,” Gusev says. “Being able to bypass that data sensitivity and report the simple number which ends up being very meaningful was very appealing.” While he began working with the company as a consultant, Gusev then started working with Duality scientists to create an algorithm that could analyze encrypted genetic data, helping the company’s in-house data scientists understand what elements of the algorithms that he uses in his GWAS research are the most crucial for the analysis. He has co-authored an upcoming study showing that Duality’s encrypted analysis method produces the same quality of results that a non-encrypted dataset does. Related: 7 digital privacy tools you need to be using now Duality has been working with a host of other experts in a similar capacity to Gusev to develop algorithms tailor-made for specific analyses in healthcare, insurance, and banking–industries that usually rely on third-parties to do their data analysis. According to Rina Shainski, Duality’s cofounder and chairwoman, the startup’s next step is to make all of these algorithms available for companies to integrate into their systems. “We would like to be more of a platform that makes it possible to run analytics on encrypted data,” she says. This platform, which she calls a “library of tools,” is slated to launch later this year. Ultimately, Duality’s technology can’t fix everything about the rampant data violations that occur on a daily basis. Even if every company were using homomorphic encryption, they could still use your data to target you with pesky ads, score you as “risky,” or influence your vote. To address those concerns, we’ll still need regulation to step in to ensure that companies’ practices are secure and good for consumers. But as Kaufman says, technology is the thing that created the data security problem–and technology can also help offer a chance to fix it.