Using Cryptography to Assemble Valuable Customer Data While Preserving Privacy

It’s no secret that companies want information about the customers who use their products, but often struggle to get it because of customer privacy concerns and regulations. NTT Research has devised a way to use cryptography to address the issue, with a solution that enables valuable data to be passed along in aggregate while stripping out any private data.   

At the NTT Research Upgrade 2023 event, NTT Research Senior Scientist Elette Boyle explained the issue and how research from the Cryptography & Information Security (CIS) Laboratory addresses it.

Companies in numerous B2C vertical industries, from software to manufacturing, want data about how customers use their products, when they use them, what features they employ, where they encounter problems, and more. But consumers are often loath to consent to the sort of data tracking required to collect such data, and privacy laws such as in California and the General Data Protection Regulation (GDPR) in Europe often prevent such data collection.

The solution Boyle described involves a special cryptographic procedure for splitting in two a data stream that contains valuable data. The two streams are sent to two separate providers, such as NTT and perhaps a third party like the Internet Security Research Group’s Divvi Up Service. Each stream by itself is useless, containing only nonsensical data, thus ensuring privacy.

When enough data is collected to be meaningful in aggregate, each provider runs an operation on the stream they hold, resulting in a compressed data string which then gets sent on to the requesting company. The company can then, in turn, combine the strings received from each provider to reveal the aggregated data of the stream, but none of the personal data behind it.

The approach of splitting the stream through this new technology limits the complexity of the cryptographic functions at the heart of the process while still providing privacy, so the computations run faster and execute on less expensive machinery.

“The third-party services, none of them ever are exposed to the data of the individuals throughout the process,” she said. “This is a cryptographic protocol that allows us to hide data while still supporting aggregation.”

Applications of the technology include any instances where a company may want to learn aggregate information about customers. It could be statistics for mobile phone companies, car manufacturers, appliance makers, software vendors, TVs and other entertainment devices. “Let your imaginations run wild,” Boyle said.

Elette Boyle is a Senior Scientist at NTT Research, and an associate professor in the Efi Arazi School of Computer Science at IDC Herzliya, Israel. She received her PhD at MIT and BS at Caltech, both in Mathematics, and served as a postdoctoral fellow at Technion Israel and Cornell. Her research centers in the cryptographic foundations for safely maintaining and processing sensitive data. In particular, her recent focus has been on protocols for secure multi-party computation as well as underlying primitives such as function/homomorphic secret sharing.