Modern technologies have brought along modern challenges, some of them related to privacy. And so the new stack of technologies and methods were developed to face those issues, one of which are Privacy-Enhancing Technologies (PET). In this article we’re going to explain what PETs are and how they work. Read on for details…
What are Privacy-Enhancing Technologies?
Privacy-enhancing technologies or PETs are designed to prevent data leaks while balancing privacy with usability. They come in different forms, with one of them preventing bad actors from identifying data owners. So, if a leak were to occur, these technologies would make the data virtually useless to cybercriminals.
Other PETs are meant to avert data breaches completely, relying on cryptographic protection during data processing.
PETs can also come in the form of remote auditing services that monitor and ensure that data is only being processed for the right purposes. As a result, the chance of data leaks and breaches is minimized.
It is up to every company to decide how it wants to treat the user data and which technologies it will use to do so.
Generally speaking, there are two distinct types of PETs:
Data masking
This is where VPNs fit in, both for corporations and individual users, as it will encrypt all data traveling through the networks — as well as the rest of the Internet. In that sense, we advise everyone to use a VPN, for both security and privacy purposes.
Pseudonymization and obfuscation are other forms of data masking. In this case, the data gets either distorted, masked, or replaced with fake data. Some companies go as far as utilizing machine learning algorithms to create synthetic data to confuse and deter hackers.
Additionally, businesses can also protect their customers by minimizing the amount of data they collect. This is known as data minimization.
Cryptography
Cryptographic tools are another popular form of PETs and they are regularly used for securing crypto assets in crypto wallets.
There are also different methods of encryption that provide a different level of protection. One method, homomorphic encryption, involves encoding data so that operations on the data can still be performed without decryption. In a way, this is similar to how you can open a zip folder and make changes to the files within the archive.
Homomorphic encryption has two main types: full homomorphic encryption (FHE) and partial homomorphic encryption (PHE).
Another form of cryptography, secure multi-party computation (SMPC), involves encrypting parts of a chunk of data by multiple parties, which is similar to how P2P swarm systems work.
Then there’s differential privacy in data cryptography which is similar to obfuscation. In this method, the data is obscured through a layer of statistical noise. This method is often used in statistics as it can hide data pertaining to individuals while still revealing data that allows for identification of group-related patterns.
Finally, we have the zero-knowledge proof (ZKP) that works similarly to homomorphic encryption, where data can be utilized without revealing it. ZKP allows for validation of the data without decryption.
Choosing the right PET(s)…
There are multiple solutions in today’s market and it is up to every entity to decide for themselves which fits best to their existing systems. In that sense, IT admins should:
- Identify the volume and type of data their business handles. For instance, is the majority of the data structured or unstructured?
- Identify the third-party services your data is shared with. And if the data is passed between third parties, the homomorphic encryption may be the best option.
- Distinguish the data parts you need and, is it possible to negate sensitive data that can be used to identify individuals?
- Identify what the data will be used for.
- Assess your IT infrastructure and your network capabilities. This will help determine if a particular PET is compatible with your enterprise’s resources.
The bottom line
PETs come in different forms and sizes, each designed to solve a specific problem. While some are better at aggregated analytics, others are better suited for precise results. Likewise, some may be ideal for deriving insights from data, while others are best for data exploration.
Different industries need different solutions and there is no one-size-fits-all product. It will be up to IT admins, privacy experts and the management to select and finance the procurement of the solution that best suits each organization’s needs.
It is an important decision and should not be taken lightly. So, if you’re involved in such an endeavor, make sure to treat it accordingly. Your company data is on the line, after all.