According to The Next Web, Google is tackling the problem of poorly secured databases with a secure multi-party computation (MPC) tool called Private Join and Compute with open-source availability. It relies on Private Set-Intersection (PSI), a cryptographic protocol that Google already uses on its Password Checkup Chrome extension, which allows users to match their login credentials against 4 billion compromised credentials within encrypted data sets that keep the individual details secure.
“Using this cryptographic protocol, two parties can encrypt their identifiers and associated data, and then join them,” said Google in an announcement. “They can then do certain types of calculations on the overlapping set of data to draw useful information from both datasets in aggregate. All inputs (identifiers and their associated data) remain fully encrypted and unreadable throughout the process.”
Google cites an example of a city who wants to figure out if the cost of operating public train service on the weekends results in increased revenues at the city’s local businesses. Using the Private Join and Compute, the city can process rider and point-of-sale data sets to determine how many train riders made a purchase without revealing any identifying info about them or their purchases.
So while the data can still be calculated to reveal aggregate statistics, a process called homomorphic encryption keeps the underlying data private so that certain types of computations can be performed directly on encrypted data rather than have to decrypt it first and leave in vulnerable for a period of time.
PSI allows companies to keep data private while not hindering them from performing basic data analytics tasks, such as Google’s need to track the effectiveness of ad campaign. Data-handling by third parties is one of the biggest concerns in the world on technological security and privacy, so this new method is exciting for many companies that handle lots of data and want to avoid a breach or scandal.