A few days into the New Year, we would like to share some thoughts about making the world a safer place. Fighting crime, in any form, requires cooperation, often between private and public organizations. Real cooperation means that you can exchange information. However, this is where the problems start. Information exchange is difficult for various reasons, particularly while protecting privacy and minimizing the impact for citizens.
MPC is ready to help make the world a safer place in 2022!
One of the simplest and most powerful ways of exchanging information is validating whether another party has information that matches with or conforms with the information that you have. Two practical examples:
- A web shop has many login details of its clients. The police has lists of leaked or stolen login details. Neither party can share these details but if they would, the web-shop could proactively inform clients that their details are compromised
- A bank has a list of positives from their AML/KYC monitoring. Other banks have similar information. Banks cannot openly share these lists amongst each other, but if they would, they could prioritize their investigations much better and save resources to investigate them more thoroughly
The solution for this problem is what we call private set intersection (PSI). It means that lists can be compared, without anybody (not even a trusted third party) seeing the underlying data. Only the matched records are disclosed. PSI works on exact numbers, but also on more fuzzy data, such as instance names or addresses, even with spelling mistakes.
We recently showed this in a human trafficking case where NGO’s and law enforcement agencies wanted to compare lists of names. We were able to compare names, often with alternative spellings, while not disclosing any information about the individuals involved. The performance was more than sufficient making the application usable in practice. Running a match against a million records can be done in near-real-time.
In the above case, Roseman Labs used Multi-Party Computation (MPC) for private set intersection (PSI). The benefits of this approach versus full disclosure of information is that the key aspects of GDPR like data minimization, purpose binding and data ownership can be guaranteed; only matched data is shared (a fraction of the total set)., The data can only be used for one purpose thus, preventing future unintended use. Most importantly, risks of re-identification, that often arise when using pseudonymized data, are directly addressed by processing all data under encryption.
MPC was known to lack performance. Fortunately, cryptographers know those days are over. MPC is ready for modern workloads. Using the right protocols and smart asynchronous programming, optimizing the network and parallelizing computation across multiple cores, enables performance for practical use today. Let’s use it, starting in 2022, to make the world a safer place! We are ready for it.