Enhancing Privacy: Innovative Technologies for Responsible Data Collection | Solving the Online Security Problem with Emerging Technologies: Part 2

In this series of articles, we will look into how various new-age technologies can increase user security online.

Now, we discussed various types of security challenges in the first part of this series. Now, one of the prominent challenges is too much data collection by digital platforms.

Now, some of the reasons that digital platforms mention for which they need to collect so much data are -

?

• Verifying user identity and eligibility for the services.?
• Customization of services for the users.
• Monetization.?
• Security and fraud prevention.
• Compliance with regulations.

So, I'll analyze each case to explore ways to either reduce data collection needs or enhance user privacy, especially in instances where mandatory collection is necessary.

Available Technologies

So, let us note the technologies that can assist us in achieving our goals.

Zero-Knowledge Proofs?

Zero-knowledge proofs are a type of cryptographic technique through which an entity can prove to another entity the possession of information without sharing the information.?

One simple example is that one entity can prove that she has the required credentials to log in to an online service without actually showing the credentials.

Decentralized Identity Solutions

Decentralized Identity provides systems that enable individuals and entities to control their identities (by controlling identifiers and credentials) without the need for a central authority.

Federated Learning

Federated learning is a machine learning system where a machine learning model is trained across multiple decentralized edge devices (such as smartphones, IoT devices, or other endpoints) without exchanging raw data.

Homomorphic Encryption

Homomorphic encryption is a cryptographic method that enables computations on encrypted data without the need for decryption. It allows operations on encrypted data, and when the results are decrypted, they are equivalent to the same operations performed on the plaintext data.

Differential Privacy?

Differential privacy is a framework for creating privacy-preserving algorithms, safeguarding individual privacy during data collection and analysis. Its goal is to minimize the impact of including or excluding an individual's data on analysis outcomes, offering a rigorous and quantifiable definition of privacy guarantees.

Secure Multi-Party Computation (SMPC)

Secure Multi-Party Computation (SMPC) is a cryptographic method enabling multiple parties to jointly compute a function over their inputs while maintaining privacy. It ensures that computations on sensitive data are done securely and collaboratively, preventing any party from revealing private information. SMPC prioritizes privacy and confidentiality in collaborative computations.

Verifying User Identity and Eligibility

Say an online platform needs to verify user identity and eligibility for the services it provides - to check whether the user is over a certain age or resident of a specific country, etc.??

The platform may need to do this to abide by various regulations such as know-your-customer, anti-money laundering regulations, child protection laws, etc.?

Now, the prevalent practice is to collect a whole lot of PII i.e. Personally Identifiable Information from the users, and then validate those PIIs using user documents such as social security, passport, birth certificate, salary slips, etc.?

The problem is the process makes the user vulnerable. Not only, is the user oversharing by providing whole documents that contain a lot more information than what we are trying to prove, but the information and documents provided can fall into the wrong hands.

Zero-knowledge proofs and decentralized identity solutions offer alternative approaches to attaining the same goals while preserving user privacy.

Zero-Knowledge Proofs (ZKPs)

Digital platforms can implement ZKPs to verify user identity without requiring users to disclose sensitive personal information. For example, users can prove that they are over a certain age without revealing their exact birthdate.

ZKPs can be used to verify eligibility criteria without disclosing unnecessary data. For example, users can prove that they meet certain income thresholds without revealing their specific income details.

ZKPs enable selective disclosure, allowing users to prove specific statements about their identity or eligibility without revealing unrelated information. This ensures that only relevant information is disclosed for verification purposes.

While ZKPs can prove that we possess some information, we cannot really substantiate the validity of the information using ZKPs. For example, using ZKPs we can claim that our age is over 18 and cryptographically support that claim, we still need to validate that claim.

One way of doing this is using decentralized identity solutions.?

Decentralized Identity Solutions

Digital platforms can adopt SSI (Self-Sovereign Identity) principles, where users have full control over their identity and data. Users can manage their digital identities through decentralized identifiers (DIDs) and verifiable credentials, empowering them to selectively disclose information as needed.

Users can provide Verifiable Credentials to validate the claims they made using ZKPs - say to prove their age is over 18 and to prove their citizenship.?

Verifiable Credentials are digital proofs that validate identity attributes, are issued by trusted entities, and are cryptographically secure for verification.

Verifiable Credentials are issued by trusted entities such as government entities or universities but validating these credentials does not require contacting the issuing authority or document proof. The issuer digitally signs these credentials, establishing their authenticity and authority. To validate these credentials, cryptographic proofs stored in user digital wallets and the issuer's digital signatures are employed. These digital signatures, often stored on blockchains for added decentralization, contribute to the overall trustworthiness of the verification process.?

Decentralized identity solutions enhance privacy in authentication, allowing users to prove their identity to digital platforms without revealing personal information. These solutions utilize blockchain or other distributed ledger technologies to create secure and transparent identity transaction records, reducing the risk of identity theft and data breaches associated with centralized databases. Users gain more control over their digital identities, enhancing security.

Customize Services for the Users

Another reason that the digital platforms mention to justify data collection is to customize services based on user persona and requirements.

While customization often involves user profiling based on data linked to user interaction on the platforms, profiling may also involve the collection of PIIs i.e. personal data of the users.?

In any way, the user's privacy becomes vulnerable.?

Another issue is that the collected information is often shown on user profiles on platforms such as social media. This makes users vulnerable to fraud and illicit advances.?

Social media over the years moved towards a “public as default” mode of user data when it comes to what user information is shown publicly. It helps the platforms attain network effect and even supports SEO as the profile information is often discoverable from search engines. In this mode, the users need to deliberately choose the information that they do not want to be public. Over the years, social media moved from a collection of ‘close-knit groups of people who trusted each other’ to profiles that are open to everyone.?

Anyways, hybrid solutions using zero-knowledge proofs, homomorphic encryption, and federated learning (for mobile apps) can help us achieve the customization of user offerings without making users vulnerable.

Zero-Knowledge Proofs (ZKPs)

ZKPs (Zero-Knowledge Proofs) empower platforms to verify user preferences or behavior patterns without revealing the actual data. Users can demonstrate specific actions, like watching certain content, without disclosing their entire history. This customization facilitates content delivery based on user preferences, allowing platforms to personalize recommendations without accessing specific details about individual interests.

Federated Learning

This is relevant for platforms that have mobile applications.?

Federated learning enables on-device model training, allowing platforms to aggregate insights from multiple devices without centralizing raw user data. This approach supports customization based on individual behaviors without compromising sensitive information. Personalized predictions can be made without transferring raw data to a central server. The global model is updated using locally processed information from each user, fostering individual privacy while offering personalized services. Collaboration on model training across devices contributes to global model improvement while preserving user privacy.

Homomorphic Encryption

Homomorphic encryption enables platforms to compute encrypted data without decryption, preserving user data confidentiality. It's valuable for personalized services, ensuring user privacy during computations. Additionally, it supports private data aggregation by encrypting user-specific information, allowing platforms to gain insights without revealing individual data.

Differential Privacy

Differential privacy is beneficial in this context as it makes it challenging to identify specific individuals in the dataset. Customizing user experiences involves analyzing patterns and preferences through aggregated data. Differential privacy allows customization without explicitly identifying users, using controlled noise to protect against reconstructing specific profiles. Users can opt-in with consent, making informed decisions about data sharing for customization while preserving their privacy.

By combining zero-knowledge proofs, federated learning, homomorphic encryption, and differential privacy, digital platforms can provide personalized services tailored to individual preferences while preserving user privacy and meeting regulatory standards. The integration of these technologies allows for a more sophisticated and privacy-conscious approach to data-driven personalization.

Monetization

Digital platforms often require user profiling for advertisement targeting and other monetization efforts. Similar to customizing user experiences, monetization also involves aggregating user data and then detecting patterns.?

Another way some platforms may monetize is through harvesting user data and depending on regulations, it may be totally legal.

The use of federated learning, homomorphic encryption, and differential privacy may enable platforms to extract valuable insights from user data without compromising individual privacy.?

Federated Learning

Federated learning enables platforms to improve ad targeting by training machine learning models on distributed user devices without exposing raw user data. It involves analyzing local user interactions with ads to update a global model, enhancing ad relevance. This approach optimizes ad placement based on diverse user behavior and preferences, identifying suitable placements without centralizing sensitive data. Federated learning allows platforms to offer personalized ad recommendations by tailoring insights from individual devices, ensuring privacy is preserved while providing relevant suggestions to users.

Homomorphic Encryption

Homomorphic encryption allows platforms to optimize ad targeting by performing computations on encrypted user data. This ensures data privacy while delivering targeted ads based on user preferences. Platforms can also conduct ad analytics on encrypted data, preserving sensitive information and enabling accurate performance measurement. Secure data monetization partnerships with advertisers and analytics firms are facilitated through homomorphic encryption, providing valuable insights while maintaining user privacy.

Differential Privacy

Differential privacy can be used in two different scenarios - analyzing data for advert placement as well as when harvesting user data, say by selling the data.

In both cases, the use of differential privacy may protect user privacy by making it difficult to identify individual users.?

Security and Fraud Prevention

Digital platforms often require user data for security and fraud detection. However, extensive data collection and tracking can lead to widespread surveillance, as it's challenging to predict the sources of vulnerabilities and fraud in advance. This scenario can make everyone a suspect until proven otherwise.

Privacy-preserving technologies, such as Zero-knowledge Proofs (ZKPs) and Federated Learning, offer solutions to balance the need for platform security and fraud detection with protecting user privacy.

Zero-Knowledge Proofs (ZKPs)

With Zero-Knowledge Proofs (ZKPs), platforms can enable selective disclosure, allowing users to prove specific statements about their data without revealing the actual content. This ensures the verification of conditions without surveilling all user activities.

Anonymous credential systems based on ZKPs let users prove possession of attributes (e.g., age, eligibility) without disclosing identity, maintaining privacy in activities requiring verification.

In fraud detection, ZKPs enable proof of adherence to transaction rules without exposing raw user data. Users can provide evidence without revealing details, preserving privacy while allowing effective fraud detection.

Federated Learning

Federated learning facilitates collaborative training of fraud detection models without centralizing user data. Each device processes local data, updating a global model with insights from all devices. This decentralized approach avoids the need for centralized surveillance. Aggregation of insights occurs without revealing individual contributions, as users' local model parameters are combined without sharing raw data. This preserves privacy while improving fraud detection capabilities.

Secure Multi-Party Computation (SMPC)

Securing online platforms may require collaboration among different platforms. This means they may need to share user information with each other without threatening user privacy and breaking any law.?

SMPC allows multiple parties to jointly perform computations on their encrypted data without revealing the raw data. Platforms can collaboratively secure the system against vulnerabilities and fraud without direct access to each other's data.

Platforms can use SMPC to share threat intelligence in a privacy-preserving manner. By encrypting and processing threat data collaboratively, platforms can collectively enhance security without compromising individual user privacy.

Homomorphic Encryption

Homomorphic encryption enables platforms to conduct computations on encrypted data, facilitating secure analysis and fraud detection without exposing raw data. It allows secure queries and responses on encrypted data, preserving user confidentiality while detecting potential security threats.

By incorporating zero-knowledge proofs, federated learning, secure multi-party computation, homomorphic encryption, and other privacy-preserving technologies, digital platforms can strengthen security measures without resorting to pervasive surveillance of all users.

Compliance with Regulations

Various regulations may require the collection of user data either to verify user identity or to track user behavior to combat terrorism or other illegal activities.?

We have already covered user identity-related discussion in the "Verifying User Identity…" section.?

So, this section will cover a discussion on user behavior tracking for compliance purposes.

Zero-Knowledge Proofs (ZKPs)

ZKPs allow platforms to verify specific statements about user data without revealing the actual content. This enables platforms to detect user behavior anomalies without disclosing sensitive user information.

ZKPs allow users to generate cryptographic proofs of identity without sharing the actual data. This ensures that only the necessary information is disclosed for verification, minimizing the exposure of sensitive personal data.

Homomorphic encryption facilitates secure verification of identity documents and biometric authentication. By submitting encrypted documents or biometric data, platforms can conduct necessary checks without decrypting sensitive information, ensuring private yet effective identity verification.

Federated Learning, Homomorphic Encryption and Differential Privacy?

While federated learning enables on-device training of machine learning models, homomorphic encryption enables training models with encrypted data, and differential privacy involves adding noise to data to prevent the de-anonymization of user data.?

Together these techniques form a formidable combination that enables the training of machine learning models (probably unsupervised learning models such as k-mean clustering) to detect anomalies in user behavior without centralizing all data and without divulging the privacy of the users.?

Okay, let us end this article here.