Core Technical Innovation
Our core technical uniqueness is innovation with NoPeek privacy, partially developed at MIT. It has 6 notable capabilities.
- Social proximity: We were the first to publish a decentralized contract tracing protocol and the first to launch a US app for privacy-preserving contact tracing (mid-March 2020).
- Uploading by citizens: NoPeek computational privacy goes beyond consent or anonymization-based data protection. Our NoPeek module is able to create latent representations that share the knowledge to solve the problem at hand, without revealing the actual data. This is achieved by extracting non-sensitive knowledge from the raw data and securely aggregating it at a population scale. Furthermore, we make use of differential privacy and Secure Multi-Party Computation (SMPC) for user data and representation learning models. This unique technology provides an extra layer of protection based on cryptographic guarantees, which protects user data even in the event of device or central server compromise. Citizens can rest assured that sharing information from their mobile phones will not result in any of their raw data being released to the world.
- Downloading by citizens: Conversely, our app can deliver personalized healthcare information to a user’s phone without the server knowing which message was delivered to which phone. In most cases, the phone downloads a large dataset partition from the server database and downselects a tiny portion relevant to citizens. In other cases, the server sends the algorithm to the phone and the phone runs this algorithm to find the answer locally.
- Avoiding data silos: Concerns about data privacy amongst both users and organizations lead to the formation of “data silos'' – where data becomes compartmentalized and restricted to specific groups. An inability to collect this data for analysis leads to massive inefficiencies, which in turn can lead to poor response or execution in a crisis. This not only increases costs but also sub-optimizes outcomes for stakeholders. Our approach is radically unique by breaking this chain of privacy → data silos → inefficiency using powerful, new computational privacy methods.
- Beyond the limits of consent or anonymization: Today’s data protection schemes fall short due to data breaches and illegal data harvesting that lead to issues for citizens (identity theft, financial fraud, job discrimination, targeting (e.g. for advertising, robocalls) as well as organizations (inferred trade secrets, employee poaching). It is well known that consent or anonymization-based schemes are too weak when rogue employees or state actors are involved in data breaches. To avoid data breaches, the best practice is to prevent raw data from ever reaching the server; i.e. “no peeking allowed”.
The best of both worlds, privacy, and crowdsourcing: Traditional NoPeek solutions are simple on-device calculations with no uploads of raw data. However, they limit the possibilities of crowdsourced collective knowledge. Our open-source software based on SMPC, federated or split-learning for un/supervised machine learning, and differential privacy - enhances “NoPeek” to allow for safe crowdsourcing. We explain more in the Privacy Preserved AI for Healthcare section.