Multi-Regulation Computing: Examining the Legal and Policy Questions That Arise From Secure Multiparty Computation
Authors: 
Julissa Milligan Walsh, Mayank Varia, Aloni Cohen, Andrew Sellars, 
Azer BestavrosAuthors Info & Claims
Julissa Milligan Walsh, Mayank Varia, Aloni Cohen, Andrew Sellars, Azer BestavrosAuthors Info & ClaimsPages 53 - 65
Abstract
This work examines privacy laws and regulations that limit disclosure of personal data, and explores whether and how these restrictions apply when participants use cryptographically secure multi-party computation (MPC). By protecting data during use, MPC offers the promise of conducting data science in a way that (in some use cases) meets or even exceeds most people's conceptions of data privacy. With MPC, it is possible to correlate individual records across multiple datasets without revealing the underlying records, to conduct aggregate analysis across datasets which parties are otherwise unwilling to share for competitive reasons, and to analyze aggregate statistics across datasets which no individual party may lawfully hold. However, most adoptions of MPC to date involve data that is not subject to privacy protection under the law. We posit that a major impediment to the adoption of MPC - on the data that society has deemed most worthy of protection - is the difficulty of mapping this new technology onto the design principles of data privacy laws. While a computer scientist might reasonably believe that transforming any data analysis into its privacy-protective variant using MPC is a clear win, we show in this work that the technological guarantees of MPC do not directly imply compliance with privacy laws. Specifically, a lawyer will likely want to ask several important questions about the pre-conditions that are necessary for MPC to succeed, the risk that data might inadvertently or maliciously be disclosed to someone other than the output party, and what recourse to take if this bad event occurs. We have two goals for this work: explaining why the privacy law questions are nuanced and that the lawyer is correct to proceed cautiously, and providing a framework that lawyers can use to reason systematically about whether and how MPC implicates data privacy laws in the context of a specific use case. Our framework revolves around three questions: a definitional question on whether the encodings still constitute 'personal data,' a process question about whether the act of executing MPC constitutes a data disclosure event, and a liability question about what happens if something goes wrong. We conclude by providing advice to regulators and suggestions to early adopters to spur uptake of MPC. It is our hope that this work provides the first step toward a methodology that organizations can use when contemplating the use of MPC.
Supplementary Material
This work examines privacy laws and regulations that limit disclosure of personal data, and explores whether and how these restrictions apply when participants use cryptographically secure multi-party computation (MPC).
- Download
- 846.26 MB
References
[1]
Aysajan Abidin, Abdelrahaman Aly, Sara Cleemput, and Mustafa A. Mustafa. An mpc-based privacy-preserving protocol for a local electricity trading market. In CANS, volume 10052 of Lecture Notes in Computer Science, pages 615--625, 2016.
[2]
Micah Altman, Aloni Cohen, Kobbi Nissim, and Alexandra Wood. What a hybrid legal-technical analysis teaches us about privacy regulation: The case of singling out. BU J Sci. & Tech. L., 27:1, 2021.
[3]
David W. Archer, Dan Bogdanov, Yehuda Lindell, Liina Kamm, Kurt Nielsen, Jakob Illeborg Pagter, Nigel P. Smart, and Rebecca N. Wright. From keys to databases - real-world applications of secure multi-party computation. Comput. J., 61(12):1749--1771, 2018.
[4]
Jack M Balkin. The fiduciary model of privacy. Harv. L. Rev. F., 134:11, 2020.
[5]
Mihir Bellare and Phillip Rogaway. Entity authentication and key distribution. In 13th Conference on Advances in Cryptology (CRYPTO), pages 232--249, 1993.
[6]
Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corporation, Financial Crimes Enforcement Network, National Credit Union Administration, and Office of the Comptroller of the Currency. Joint statement on innovative efforts to combat money laundering and terrorist financing. https://www.federalreserve.gov/newsevents/pressreleases/files/ bcreg20181203a1.pdf, December 2018.
[7]
Dan Bogdanov, Sven Laur, and Jan Willemson. Sharemind: A Framework for Fast Privacy-Preserving Computations. In Sushil Jajodia and Javier Lopez, editors, Proceedings of the 13th European Symposium on Research in Computer Security - ESORICS'08, volume 5283 of Lecture Notes in Computer Science, pages 192--206. Springer Berlin / Heidelberg, 2008. ISBN 978--3--540--88312--8.
[8]
Dan Bogdanov, Liina Kamm, Baldur Kubo, Reimo Rebane, Ville Sokk, and Riivo Talviste. Students and taxes: a privacy-preserving study using secure computation. Proc. Priv. Enhancing Technol., 2016(3):117--135, 2016.
[9]
Peter Bogetoft, Dan Lund Christensen, Ivan Damgård, Martin Geisler, Thomas P. Jakobsen, Mikkel Krøigaard, Janus Dam Nielsen, Jesper Buus Nielsen, Kurt Nielsen, Jakob Pagter, Michael I. Schwartzbach, and Tomas Toft. Secure multiparty computation goes live. In Financial Cryptography, volume 5628 of Lecture Notes in Computer Science, pages 325--343. Springer, 2009.
[10]
Keith Bonawitz, Vladimir Ivanov, Ben Kreuter, Antonio Marcedone, H. Brendan McMahan, Sarvar Patel, Daniel Ramage, Aaron Segal, and Karn Seth. Practical secure aggregation for privacy-preserving machine learning. In ACM Conference on Computer and Communications Security, pages 1175--1191. ACM, 2017.
[11]
Boston University. JIFF: Client side library for performing MPC in JavaScript. https://github.com/multiparty/jiff-client, 2022.
[12]
Ran Canetti, Ben Riva, and Guy N. Rothblum. Two 1-round protocols for delegation of computation. IACR Cryptol. ePrint Arch., page 518, 2011.
[13]
Aloni Cohen and Kobbi Nissim. Towards modeling singling out. In Theory and Practice of Differential Privacy, 2018.
[14]
Henry Corrigan-Gibbs and Dan Boneh. Prio: Private, robust, and scalable computation of aggregate statistics. In Proceedings of the 14th USENIX Symposium on Networked Systems Design and Implementation (NSDI), pages 259--282, Boston, Massachusetts, USA, 2017. USENIX Association. ISBN 978--1--931971--37--9. URL https://www.usenix.org/conference/nsdi17/technicalsessions/ presentation/corrigan-gibbs.
[15]
Ivan Damgård, Kasper Damgård, Kurt Nielsen, Peter Sebastian Nordholt, and Tomas Toft. Confidential benchmarking based on multiparty computation. In Financial Cryptography, volume 9603 of Lecture Notes in Computer Science, pages 169--187. Springer, 2016.
[16]
David Evans, Vladimir Kolesnikov, and Mike Rosulek. A pragmatic introduction to secure multi-party computation. Foundations and Trends® in Privacy and Security, 2(2--3):70--246, 2018. ISSN 2474--1558. URL http://dx.doi.org/10.1561/3300000019.
[17]
Federal Register: The Daily Journal of the United States Government. Request for information on advancing privacy-enhancing technologies. https://www.federalregister.gov/documents/2022/06/09/2022--12432/requestfor- information-on-advancing-privacy-enhancing-technologies, 2022.
[18]
Joan Feigenbaum, Benny Pinkas, Raphael Ryger, and Felipe Saint-Jean. Secure computation of surveys. In EU Workshop on Secure Multiparty Protocols, pages 2--14, 2004. URL https://www.cs.yale.edu/homes/jf/SMP2004.pdf.
[19]
Dario Fiore and Rosario Gennaro. Publicly verifiable delegation of large polynomials and matrix computations, with applications. In CCS, pages 501--512. ACM, 2012.
[20]
Ben A. Fisch, Binh Vo, Fernando Krell, Abishek Kumarasubramanian, Vladimir Kolesnikov, Tal Malkin, and Steven M. Bellovin. Malicious-client security in blind seer: A scalable private DBMS. In IEEE Symposium on Security and Privacy, pages 395--410. IEEE Computer Society, 2015.
[21]
Thanos Giannopoulos and Dimitris Mouris. Privacy Preserving Medical Data Analytics using Secure Multi Party Computation. An End-To-End Use Case. PhD thesis, National and Kapodistrian University of Athens, 09 2018.
[22]
Google, Inc. Analytics in exposure notifications express: FAQ. https://github. com/google/exposure-notifications-android/blob/master/doc/enexpressanalytics- faq.md, 2021.
[23]
Nick Hart, David Archer, and Erin Dalton. Privacy-preserved data sharing for evidence-based policy decisions: A demonstration project using human services administrative records for evidence-building activities. https://ssrn.com/ abstract=3808054, 2019.
[24]
Marcella Hastings, Brett Hemenway, Daniel Noble, and Steve Zdancewic. SoK: general-purpose compilers for secure multi-party computation. In 2019 IEEE Symposium on Security and Privacy (SP), 2019.
[25]
Lukas Helminger and Christian Rechberger. Multi-party computation in the gdpr. In Privacy Symposium 2022 - Data Protection Law International Convergence and Compliance with Innovative Technologies (DPLICIT), 2022.
[26]
Dennis Hofheinz and Victor Shoup. GNUC: A new universal composability framework. J. Cryptology, 28(3):423--508, 2015.
[27]
Mihaela Ion, Ben Kreuter, Ahmet Erhan Nergiz, Sarvar Patel, Mariana Raykova, Shobhit Saxena, Karn Seth, David Shanahan, and Moti Yung. On deploying secure computing commercially: Private intersection-sum protocols and their business applications. IACR Cryptology ePrint Archive, 2019:723, 2019.
[28]
JASON Program Office. Secure computation for business data, November 2020.
[29]
Marcel Keller. MP-SPDZ: A versatile framework for multi-party computation. In Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, 2020. URL https://doi.org/10.1145/ 3372297.3417872.
[30]
KU Leuven. SCALE-MAMBA Software. https://homes.esat.kuleuven.be/ nsmart/SCALE/, 2022.
[31]
Andrei Lapets, Frederick Jansen, Kinan Dak Albab, Rawane Issa, Lucy Qin, Mayank Varia, and Azer Bestavros. Accessible privacy-preserving web-based data analysis for assessing and addressing economic inequalities. In Zegura
[32]
, pages 48:1--48:5. URL http://doi.acm.org/10. 1145/3209811.3212701.
[33]
Yehuda Lindell. Secure multiparty computation. Commun. ACM, 64(1):86--96, 2021.
[34]
Chang Liu, Xiao Shaun Wang, Kartik Nayak, Yan Huang, and Elaine Shi. Oblivm: A programming framework for secure computation. In IEEE S & P, 2015.
[35]
Gerome Miklau. How Tumult Labs helped the IRS support educational accountability with differential privacy. https://www.tmlt.io/case-studies/how-tumultlabs- helped-irs-support-educational-accountability-with-differential-privacy, 2022. Accessed: 2022-08--15.
[36]
Kobbi Nissim, Aaron Bembenek, Alexandra B. Wood, Mark Mar Bun, Marco Gaboardi, Urs Gasser, David O'Brien, and Salil P. Vadhan. Bridging the gap between computer science and legal approaches to privacy. Harvard Journal of Law and Technology, 2(31):687--780, 2018.
[37]
Charalampos Papamanthou, Elaine Shi, and Roberto Tamassia. Signatures of correct computation. In TCC, volume 7785 of Lecture Notes in Computer Science, pages 222--242. Springer, 2013.
[38]
Bryan Parno, Mariana Raykova, and Vinod Vaikuntanathan. How to delegate and verify in public: Verifiable computation from attribute-based encryption. In TCC, volume 7194 of Lecture Notes in Computer Science, pages 422--439. Springer, 2012.
[39]
Lucy Qin, Andrei Lapets, Frederick Jansen, Peter Flockhart, Kinan Dak Albab, Ira Globus-Harris, Shannon Roberts, and Mayank Varia. From usability to secure computing and back again. In SOUPS @ USENIX Security Symposium. USENIX Association, 2019.
[40]
Anjana Rajan, Lucy Qin, David W. Archer, Dan Boneh, Tancrède Lepoint, and Mayank Varia. Callisto: A cryptographic approach to detecting serial perpetrators of sexual misconduct. In Zegura [60], pages 49:1--49:4. 3212699. URL http://doi.acm.org/10.1145/3209811.3212699.
[41]
Robert Bosch GmbH. https://carbynestack.io/, The Carbyne Stack: Cloud Native Secure Multiparty Computation. Last access: January 2022.
[42]
Jennie Rogers, Elizabeth Adetoro, Johes Bater, Talia Canter, Dong Fu, Andrew Hamilton, Amro Hassan, Ashley Martinez, Erick Michalski, Vesna Mitrovic, Fred D. Rachman, Raj C. Shah, Matt Sterling, Kyra VanDoren, Theresa L. Walunas, Xiao Wang, and Abel N. Kho. Vaultdb: A real-world pilot of secure multiparty computation within a clinical research network. CoRR, abs/2203.00146, 2022.
[43]
Ira S. Rubinstein and Woodrow Hartzog. Anonymization and risk. Washington Law Review, 91(703), 2016.
[44]
James Scheibner, Jean Louis Raisaro, Juan Ramón Troncoso-Pastoriza, Marcello Ienca, Jacques Fellay, Effy Vayena, Jean-Pierre Hubaux, et al. Revolutionizing medical data sharing using advanced privacy-enhancing technologies: technical, legal, and ethical synthesis. Journal of medical Internet research, 23(2):e25120, 2021.
[45]
Sepior. Advanced mpc for superior key management & protection. https://sepior. com/, 2022.
[46]
Victor Shoup. OAEP reconsidered. J. Cryptology, 15(4):223--249, 2002.
[47]
Gerald Spindler and Philipp Schmechel. Personal data and encryption in the european general data protection regulation. J. Intell. Prop. Info. Tech. & Elec. Com. L., 7:163, 2016.
[48]
Stephanie Strauss. A federal government privacy-preserving technology demonstration. https://medium.com/georgetown-massive-data-institute/a-federalgovernment- privacy-preserving-technology-demonstration-27415784fcda, 2021.
[49]
Josh Swihart, Benjamin Winston, and Sean Bowe. Zcash counterfeiting vulnerability successfully remediated. https://electriccoin.co/blog/zcashcounterfeiting- vulnerability-successfully-remediated/, February 2019.
[50]
UK Financial Conduct Authority. 2019 global AML and financial crime TechSprint. https://www.fca.org.uk/events/techsprints/2019-global-aml-andfinancial- crime-techsprint, 2019.
[51]
U.K.-U.S. prize challenges. Accelerating the adoption and development of privacy-enhancing technologies (pets). https://petsprizechallenges.com/, 2022.
[52]
Unbound Security. https://www.unboundsecurity.com/, 2022.
[53]
United Nations Global Working Group on Big Data. Privacy preserving techniques: Task team of the un committee of experts on big data and data science for official statistics. https://unstats.un.org/bigdata/task-teams/privacy/index. cshtml, 2022.
[54]
US Department of Education. College scorecard glossary. https:// collegescorecard.ed.gov/data/glossary/#fos-median-earnings, 2016. Accessed: 2022-08--15.
[55]
US Department of Health & Human Services . Guidance regarding methods for de-identification of protected health information in accordance with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule. https://www.hhs.gov/hipaa/for-professionals/privacy/special-topics/deidentification/ index.html, 2022. Accessed: 2022-08--15.
[56]
US Department of Health & Human Services. If a CSP stores only encrypted ePHI and does not have a decryption key, is it a HIPAA business associate? https://www.hhs.gov/hipaa/for-professionals/faq/2076/if-a-csp-stores-onlyencrypted- ephi-and-does-not-have-a-decryption-key-is-it-a-hipaa-businessassociate/ index.html, 2016. Accessed: 2022-08--15.
[57]
Ron Wyden. Student right to know before you go act of 2019. https://www. congress.gov/bill/116th-congress/senate-bill/681/all-info, 2019.
[58]
Jean Yang, Kuat Yessenov, and Armando Solar-Lezama. A language for automatically enforcing privacy policies. ACM SIGPLAN Notices, 47(1):85--96, 2012.
[59]
Jean Yang, Travis Hance, Thomas H Austin, Armando Solar-Lezama, Cormac Flanagan, and Stephen Chong. End-to-end policy-agnostic security for databasebacked applications. CoRR, abs/1507.03513, 2015.
[60]
Samee Zahur and David Evans. Obliv-c: A language for extensible data-oblivious computation. IACR Cryptol. ePrint Arch., page 1153, 2015.
Index Terms
- Multi-Regulation Computing: Examining the Legal and Policy Questions That Arise From Secure Multiparty Computation
Recommendations
FAMC: Fair and Publicly Auditable Multi-Party Computation with Cheater Detection
Information and Communications SecurityAbstractSecure multi-party computation (MPC) protocols do not completely prevent malicious parties from cheating. Though numerous researches on cheating detection are proposed, most cheater detection works do not guarantee fairness of the protocol. That ...
A privacy framework: indistinguishable privacy
EDBT '13: Proceedings of the Joint EDBT/ICDT 2013 WorkshopsIn this paper we illustrate a privacy framework named Indistinguishable Privacy. Indistinguishable privacy could be deemed as the formalization of the existing privacy definitions in privacy preserving data publishing as well as secure multi-party ...
Structuring Legal Knowledge on Data Protection: The EU-Data Protection Research Project DAPRO
DEXA '00: Proceedings of the 11th International Workshop on Database and Expert Systems ApplicationsData privacy law is a very complex matter. It is often assessed to be a non-tariff barrier to commercial transactions. Transparency in data privacy law by means of information technology clarifies the countervailing principles and assists to meet the ...
Comments
Information & Contributors
Information
Published In
November 2022
202 pages
ISBN:9781450392341
DOI:10.1145/3511265
- General Chair:
- Daniel J. Weitzner,
- Program Chairs:
- Joan Feigenbaum,
- Christopher S. Yoo
Copyright © 2022 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 01 November 2022
Check for updates
Author Tags
Qualifiers
- Research-article
Funding Sources
Conference
CSLAW '22
Sponsor:
Upcoming Conference
CSLAW '25
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 396Total Downloads
- Downloads (Last 12 months)215
- Downloads (Last 6 weeks)25
Reflects downloads up to 08 Mar 2025
Other Metrics
Citations
Cited By
View allView Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in