Making data sharing cheaper, faster and easier with partnership-enhancing technologies
Introduction
Part 1: Today
Part 2: Tomorrow
Part 3: Soon
PETs are coming of age. Part of this is because tools are maturing, but mostly, it’s because Gartner says so. Well no, actually it's because the market is beginning to understand what they can be used for and how that helps their business. First it is for compliance but more importantly for collaboration. Kicked off by GDPR and the wider public conversation around privacy, organisations have been forced to prioritise how they manage personal data. PETs are tools that can bring privacy features to a whole host of applications including important areas like encrypted databases and anonymous communication networks which are not covered in this paper. Instead, we explore the role PETs will play in computing: specifically how they address data liability, outsourcing risk, and processing personal information, as well as opening up new opportunities for data mixing and data acquisition. We see differential privacy, synthetic data, trusted execution environments (TEEs), verifiable computation, zero-knowledge protocols, federated learning, secure multi-party computation (MPC), and homomorphic encryption as solutions to reduce risks. But some of them, especially MPC and homomorphic encryption, open up never before possible opportunities around data collaboration. This is not the story of compliance (that would be a boring story). It is the story of good versus evil, and how sharing will beat hoarding.
PET adoption is being driven by five surprisingly non-tech trends. First, compliance legislation essentially created a market for privacy tech in the enterprise, raising the issue higher on the CTOs to-do list. Second, migration to the cloud has now reached business critical software and sensitive workloads, and with it comes risks that need more than just expensive and ineffective SLAs. Third, digital ecosystems, too, are increasing the need for multi-party coordination. Few organisations have all the necessary skills, data, and capacity to generate cutting-edge insights alone. The FAANG companies have to spend millions to do the sort of cutting-edge machine learning to drive their products. One way to solve this problem is to collectively work with partners and customers on inputs and share the outputs securely. Fourth is the fact talented people continue to develop PETs as a form of civic engagement rather than primarily for the money. For many people, especially technologists, protecting privacy is a political goal and human right. This means we see far more development than what might be expected from the size of the market. Finally, and related to civic technology, is the cryptocurrency market. This largely unregulated and dynamic market provides an experimental breeding ground with users who are both philosophically and commercially-aligned to protecting privacy. The hardest thing for a startup is to find customers with a strong enough pain point to buy a totally new and half-finished product from a company likely to be out of business in 12 months. The cryptocurrency market despite its flaws, has plenty of these customers, perfect for a fledgling privacy startup.
That's where the good news ends. There are lots of market restraints that we expect to slow the adoption of PETs. First, the common lack of market education and lack of talent which stalks the PET market. But that is normally the case for all new technologies, and is generally overcome eventually. Second, PETs are expensive. at least compared to the alternative of processing data ‘in-the-clear’ without encryption. That said, PETs, at least not yet, are not competing to be cheaper or faster. The tools are superior in one dimension: hiding the inputs, operation and/or outputs of computation. Some customers consider this a huge pain point and are willing to solve it today. Over time and with investment, performance will improve so that it is no longer materially different than non-PET tools. At least for products that are closer to the application-specific end of the spectrum rather than general-purpose. Another third issue, and one that is unlikely to go away with more resources and money; integration is particularly difficult because the entire development environment is different. Any integration with other software opens up a new and ongoing privacy risk which in turn makes development and maintenance expensive. This isn’t the case with TEEs and synthetic data however, so we can expect these tools to find a market faster. The final problem is a lack of buyer sophistication, this is the risk that buyers don’t value security highly enough to buy ‘good’ PETs versus software that just claims to protect privacy or be secure. The positioning of PETs as partnership tools as proposed in this paper, does make this less of a restraint by changing the buyer and the value proposition.
Looking at the drivers and restraints, we predict PETs will have a major impact on the cloud and machine learning markets. We expect TEEs to become widespread in cloud environments but software-based cryptographic PETs will have less of a market meaning the value-chain is unlikely to change. The same is true of machine learning. The move to partnership-enhanced machine learning, enabled by the widespread use of federated learning for greater access to data, will grow the market but not upend the market. Vendors will placate the public and rile up privacy campaigners with “data doesn’t leave your phone” slogans. PETs in the context of the Cloud and machine learning essentially grow the market and entrench current incumbents. Once PETs become a part of the corporate software stack, over, the real value can be unlocked: collaborative computing.
Expect the emergence of a larger, (maybe not global as the Splinternet becomes ever more entrenched), liquid computing and data market. We will move from cumbersome bi-lateral and multilateral data owner-data processor relationships to a more dynamic, algorithmically driven data processing and analytics market. Basically programmatic advertising exchanges but for all computing tasks. The reason not to collaborate is the fear of exposing data, secrets or confidential information. If that risk is mitigated, collaboration will thrive. Owners and processors, buyers and sellers can operate in a zero-trust model making collaboration cheaper, faster, and easier.
We predict collaborative computing to be the largest new technology market to develop in the 2020s. By 2030, data marketplaces enabled by PETs, in which individuals, corporates, machines and Governments trade data securely, will be the second largest ICT market after the Cloud.
With these opportunities over the next 10 years, we recommend:
PETs are partnership technologies first, privacy technologies second. Let’s call them partnership-enhancing technologies. Once the value proposition becomes obvious to the market, we predict that by 2030 a collaborative computing market will be one of the largest markets in the technology industry.
You may have heard of privacy-enhancing technologies or PETs. Or maybe by the more straightforward term, privacy technologies. This is the field and set of tools designed to protect individual and group privacy when interacting with the digital world. Consumer privacy is a hot button topic from the 2013 Edward Snowden revelations to the 2020 Social Dilemma Netflix documentary. The term surveillance capitalism coined by Shoshana Zuboff is an economic model of harvesting personal data for profit and highlights the loss of privacy on the Internet. Since the Snowden disclosures, we've seen a pushback against this system. Regulation from the EU like GDPR and startups using privacy as a selling point like DuckDuckGo, Brave and Jumbo. PETs are part of this larger privacy story, with technologists using code or hardware to protect privacy rather than relying on the law. We see the same trend in enterprise sales, too. Vendors are selling PETs to companies with the same promise: enhance your or your customers' privacy. This value proposition resonates for a small minority, albeit a growing minority, and maybe further regulation will grow the market. But leading with privacy is a tough sell. Companies may care about confidentiality a bit, but they really care about cutting costs and making more money.