Video: These ideas could have a big impact, for example on consumer-facing technologies…
As we keep participating in more complex data processes, as people, we know that we have to maintain some sort of privacy…
Alexandra Henzinger has some important ideas about how to do that.
Her input on cryptography is going to be essential to the process of balancing user privacy with new capabilities, and scaling the kinds of systems and services that power our modern applications. We want to benefit from all of the big advances that are going on – but not at the expense of giving over our personal data to faceless operators.
Just think about an individual search query and how it works – in traditional operations, the server sees a lot of your information, for example, your location, and might use it or transfer it to other third parties in ways that you might not like. That’s part of why it’s so important for companies to post a privacy policy on a web site – but in so many cases, that privacy policy doesn’t seem to provide the ironclad protection that users need.
As Henzinger puts it, we’re giving up control over our data.
But, she says, we don’t have to do that: rather than suffering through it, we can use modern cryptography to make the queries opaque to the server, and still get a computational result.
Not only that, but Henzinger and her team have done some work to create an information retrieval system that works much faster than anything previously used. This is really impressive when you get in there and study how it’s made, and it overturns the idea that a server has to be able to see what it’s processing.
When Henzinger explains how they did came up with this, she talks about a system where 99.9% of all of the server’s work can be done ahead of time before the query comes in.
Then the server just has to do that little bit of additional work to facilitate the encrypted process.
It’s reusing the same work for multiple queries, too.
As Henzinger points out, this gives us the power to search hundreds of millions of documents with just a little bit of computing power.
“This might sound like science fiction, but we can actually use cryptography to ask a question to a server and have the server answer our question without learning anything about what our question was,” she says. “So this technique is called private information retrieval. And it works by having the user send up an encryption of a search query to the server … our server is really going to learn nothing about the user’s query, in a strong cryptographic sense. And this is because all the server sees is the encryption, which looks like just a sequence of completely random bits to anyone who doesn’t know the secret key. However, it turns out that using properties of the underlying encryption scheme, (the) server can actually still compute the answer to our search query under encryption, and then ship this back to us.”
It is, as she says, a huge success story, and it has lots of applications for the next 50 years.
Here’s some of how she describes the project and its capacity:
“Today, we can search over, and we could synthesize, the entire wealth of human knowledge with a click. In the next 50 years of innovation… we’re going to have to think really hard about how to protect and secure our information. And this means protecting our data, protecting our users, and protecting our interests. And we can do this with cryptography.”
All of this is important.
We need to protect our data. Standards like HIPAA alone can’t do much to reckon with how the promise of AI (not to mention other new methods and executable designs) will affect the use of our personal information.
But this cryptography idea could solve a lot of these problems.