by the guest editors Rudolf Mayer (SBA Research) and Thijs Veugen (TNO and CWI)

Many branches of the economy and society are increasingly dependent on data-driven predictions, decision support and autonomous decision-making by systems. These systems often depend on the availability of large amounts of data to learn from, which may include details about individuals, or otherwise sensitive information. Disclosure of the individuals represented by this data must be avoided for ethical reasons or regulatory requirements, which have been tightened in recent years, e.g. by the introduction of the EU’s General Data Protection Regulation (GDPR). This means that the use of data is restricted, making sharing, combining, and analysing data problematic. Privacy-preserving computation tries to bridge this gap: to find a way to leverage data while preserving the privacy of individuals.

by Alessio Bianchini, Elena Sartini and Luigi Briguglio (CyberEthics Lab.)

Security is a mandatory requirement for critical infrastructures that are increasingly threatened by cyber-attacks. However, when designing cyber-shield systems to protect assets and networks we must also consider other fundamental dimensions. This article presents the experience of CyberEthics Lab. defining and applying a holistic approach based on privacy, ethics, security and social dimensions.

by Ioannis Chrysakis (FORTH-ICS and Ghent University), Giorgos Flouris (FORTH-ICS), Theodore Patkos (FORTH-ICS) and George Ioannidis (IN2 Digital Innovations GmbH)

CAP-A is offering socio-technical tools to promote collective awareness and informed consent, whereby data collection and use by digital products are driven by the expectations and needs of the consumers themselves.

by Tomasz Miksa, Tanja Šarčević, Rudolf Mayer (SBA Research) and Laura Waltersdorfer (Vienna University of Technology)

Data has become deeply ingrained in all phases and aspects of industrial and scientific research. The potential for new discoveries based on data-driven research is growing fast, due to the high volume and granularity of personal data collected by individuals, e.g., by means of ubiquitous sensors and IoT devices. However, small and medium-sized organisations typically face challenges in acquiring and storing personal data, particularly in sensitive data categories.

by Pascal Gremaud, Arnaud Durand and Jacques Pasquier (University of Fribourg, Switzerland)

Cloud-based Internet of Things commercial solutions offer an ever-growing set of possibilities. However, these come at the cost of entrusting data to the platforms running these systems. We explain how Trusted Execution Environments can be used to enforce device and user data confidentiality for an entire ecosystem.

by Andreas Abraham (Graz University of Technology), Juan Carlos Perez Braun (Atos Spain S.A.), and Sebastian Ramacher (AIT Austrian Institute of Technology)

The EU Horizon 2020 KRAKEN project is dedicated to building a trusted and secure personal data platform enabling exchange and analytics of personal data.

by Artur Rocha, Alexandre Costa, Marco Amaro Oliveira (INESC TEC) and Ademar Aguiar (University of Porto and INESC TEC)

iReceptor Plus will enable researchers around the world to share and analyse huge immunological distributed datasets, from multiple countries, containing sequencing data pertaining to both healthy and sick individuals. Most of the Adaptive Immune Receptor Repertoire sequencing (AIRR-seq) data is currently stored and curated by individual labs, using a variety of tools and technologies.

by Terence Delsate, Xavier Lessage, Mohamed Boukhebouze and Christophe Ponsard (CETIC)

INAH (The Institute of Analytics for Health) platform is created to enable ethical and secure use of medical data in statistical and medical research. This platform could benefit society and improve both patient life quality and public health while ensuring medical data privacy.

by Thomas Lorünser (AIT), Christoph Schütz (JKU) and Eduard Gringinger (Frequentis)

To enable more efficient management of airport departure and landing slots, SlotMachine envisions a new kind of marketplace in air traffic management. The platform will enable a more flexible, fast and scalable semi-automated flight prioritisation process for airlines in a fair and trustworthy way. Built with a privacy-first approach it will protect sensitive airline data from competitors and airport operators but fully unleash the potential of inter-airline slot swapping.

by Mark Abspoel (CWI), Ronald Cramer (CWI and Leiden University) and Daniel Escudero (Aarhus University)

Secure computation with integers modulo powers of two has immense practical impact due to the use of these types in modern hardware. Unfortunately, the lack of a good algebraic structure makes the task of designing secure computation protocols over these domains a complex endeavour, which we approach in this project.

by Jan Pennekamp (RWTH Aachen University), Martin Henze (Fraunhofer FKIE) and Klaus Wehrle (RWTH Aachen University and Fraunhofer FKIE)

In industrial settings, significant process improvements can be achieved when utilising and sharing information across stakeholders. However, traditionally conservative companies impose significant confidentiality requirements for any (external) data processing. We discuss how privacy-preserving computation can unlock secure and private collaborations even in such competitive environments.

by Bart Kamphorst (TNO), Daan Knoors (IKNL) and Thomas Rooijakkers (TNO)

Researchers in oncology require comprehensive patient data to reflect on cancer care and prevention. However, given the complexity of cancer, some research questions require patient data that is distributed over multiple registries, and it can be challenging to access or exchange such highly sensitive health data. To get around this problem, the Netherlands Comprehensive Cancer Organisation (IKNL) and the Netherlands Organisation for Applied Scientific Research (TNO) have collaboratively developed algorithms that enable survival analyses on distributed data with rigorous privacy guarantees.

by Marie Beth van Egmond, Thomas Rooijakkers and Alex Sangers (TNO)

Criminal transaction flows can be obfuscated by spreading transactions over multiple banks. Collaboration between banks is key to tackling this; however, data sharing between banks is often undesirable for privacy reasons or is restricted by legislation. In the MPC4AML project, research institute TNO and Dutch banks ABN AMRO and Rabobank are researching the feasibility of using Secure Multi-Party Computation (MPC) to detect money laundering.

by Gabriele Spini and Alex Sangers (TNO)

Social welfare programmes are complex, and individuals who might be entitled to a form of social assistance are sometimes unaware of it. Identifying these individuals is a difficult task potentially requiring large amounts of sensitive personal data; access to these data is regulated by law and typically limited. Cryptographic techniques, however, can help in identifying eligible welfare beneficiaries while minimising the amount of data that is revealed in the process.

by Stefanie Grimm, Stefanie Schwaar and Patrick Holzer (Fraunhofer ITWM)

During the course of process digitalisation, new possibilities arise to efficiently check billing transactions. Our previous research has led to the development of auditing methodology using machine learning for several industries. To take this approach to the next level, we are helping organisations to collaborate through federated learning that complies with all aspects of confidentiality and security restrictions.

by Davide Basile (ISTI-CNR)

By combining research from model-based software engineering, dependable computing, and formal methods, it is possible to create a contract-based design methodology to enforce security accountability and reputation of distributed digital entities provided by potentially mutually distrusted organisations.

by Lasse Nitz, Mehdi Akbari Gurabi, Avikarsha Mandal and Benjamin Heitmann (Fraunhofer FIT)
 
Many European organisations suffer from a lack of sufficient resources to provide satisfactory and timely response and recovery (R&R) actions when targeted by cyber-attacks. R&R capabilities can be significantly improved through sharing of information related to incident detection and handling. In this context, privacy-preserving technologies can enable data sharing, while protecting privacy- and security-critical information. The technologies to achieve this are being developed and evaluated in the SAPPAN project.

by Balázs Pejó, Gergely Biczók and Gergely Ács (Budapest University of Technology and Economics)

How vital is each participant’s contribution to a collaboratively trained machine learning model? This is a challenging question to answer, especially if the learning is carried out in a privacy-preserving manner with the aim of concealing individual actions.

by Markus Hittmeir, Rudolf Mayer and Andreas Ekelhart (SBA Research)

The microbial communities on the human body are subject to extensive research. While individual variations in the microbiome reveal valuable information about health and diseases, they also allow for the identification of individuals among populations of hundreds. The resulting demand for solutions to protect the privacy of participants in microbiome studies can be met by adapting well-known anonymisation techniques.

by Akira Campbell (Inria), Thomas Kleinbauer (Saarland University), Marc Tommasi (Inria) and Emmanuel Vincent (Inria)

‘Cost-effective, Multilingual, Privacy-driven voice-enabled Services’ (COMPRISE) is a Horizon 2020 project that provides tools to facilitate the deployment of conversational AI while maintaining the European values of privacy, accountability and inclusiveness. A major aim of the project is to provide the means for app developers to not only add voice-based interaction to their apps but also to facilitate the improvement of the underlying AI models in various European dialects and languages while maintaining a high level of data privacy.

Tanja Šarčević and Rudolf Mayer (SBA Research)

Anonymising data has become increasingly important due to the legal constraints imposed by authorities such as the EU’s GDPR and for ethical reasons relating to privacy. One large drawback of anonymised data is its reduced quality (utility). Therefore it is crucial to quantify and minimise the utility loss prior to data sharing. We take a closer look at the question of how well this utility loss can be estimated for a specific task, in terms of effectiveness and efficiency of the resulting dataset. Our evaluation shows that the most valuable utility metrics are also the most expensive to measure, and thus often, a suboptimal solution must be chosen.

Next issue: July 2021
Special theme:
"Privacy-Preserving Computation"
Call for the next issue
Image ERCIM News 126
This issue in pdf

 

Image ERCIM News 126 epub
This issue in ePub format

Get the latest issue to your desktop
RSS Feed