Maintaining Public Health Should not Mean the Death of Privacy, Says Turing Award Winner
Computer scientist Shafi Goldwasser’s startup Duality Technologies develops a technology that allows authorities to monitor the spread of coronavirus and gain meaningful insights from encrypted data, without compromising the privacy of citizens
Goldwasser, 61, a professor at MIT, UC Berkeley, and Israel’s Weizmann Institute of Science, is a Turing Award and Gödel Prize laureate. She is also the co-founder and chief scientist at Duality Technologies Inc., a Tel Aviv and Maplewood, New Jersey-based startup that develops technologies for sharing and analyzing encrypted and anonymized data.
This may sound even more surreal to Israeli citizens, as it stands in contrasts to everything their government has been telling them for the past few months to justify the controversial surveillance means it authorized the Israel Security Agency, also known by its Hebrew acronym Shin Bet, to use to track coronavirus carriers and people they have been in contact with.
Duality has raised $19 million since its founding in 2017 from backers including Intel Capital, think tank and startup foundry Team8, and Hearst Corp.'s venture capital arm Hearst Ventures.
Duality’s technology, which enables multiple parties to collaborate on sensitive data while preserving privacy, is based on Goldwasser’s research into optimizing data science computations on homomorphically encrypted data.
According to Goldwasser, the idea came long before Covid-19 as a way to let financial institutions collaborate with money laundering investigations without compromising their customers' personal information. With Duality’s system, “multiple banks can perform a money laundering probe without letting on that their customer is a suspect,” she said.
Now, according to Goldwasser and co-founder and CEO Alon Kaufman, Duality’s system is being used to conduct epidemiological investigations without revealing the sick person’s identity.
With Covid-19, it is no longer about a private company trying to monetize its technology, a bank that wants to make more money off of commissions, or a researcher working on a treatment for diabetes, Goldwasser said. “This affects all of us, it grinds the economy to a halt,” she said. “There are a lot of scientists and medical staff that are doing their jobs but a lot of the discourse is not just about stopping the pandemic anymore but also about jump-starting the economy,” she added.
The main question, according to Goldwasser, is how to do this safely. The U.S., Israel, and other developed countries are facing a dilemma: they can gather a lot of data to use for monitoring the virus but the challenge is to do that while maintaining people’s privacy, now and in the future, she said.
According to Kaufman, there are currently two extreme models that are complete opposites. If you look at China, he said, people have no privacy at all and the government just gets into their phones grabbing whatever information it wants. “But, you have got to hand it to the Chinese government that it did stop the virus from spreading and knows, at any given moment, who has been exposed and who has not, who can use public transit, and who can go back to work,” he said. This, Kaufman said, represents 100% efficiency but 0% privacy.
The second extreme is a utopia, in terms of privacy, Kaufman said, but this means you get 0% efficiency in preventing the virus from spreading. “Up until four or five months ago, the choice was clear cut—it was privacy advocates against tech giants—when it is either privacy or money it is easy to know who the bad guys are but, now, it is more complicated.” Infringing on privacy is no longer just so that companies could make more money, Kaufman said, it is a way to handle a public health crisis.
Duality’s product allows us to play on both fields, Kaufman said. It can use the Ministry of Health’s list of confirmed patients and correlate it with civilian location information to get a clear picture of how many people were exposed in a given area, without letting on who these people are, he explained. “Why do tech giants or the Shin Bet need to know who is sick? The technology allows us to analyze the data without disclosing sensitive information,” he added.
“Whoever has the location data has no business knowing who is sick, but they can use the technology to figure out that 250 people were exposed to coronavirus in Tel Aviv on a given day,” Kaufman said. This is a way to manage the process of returning to normalcy, Kaufman said. “It is not China but it is also not a utopia, it is the middle ground.”
The idea behind Duality’s technology is to allow queries to be sent to a database and receive answers without revealing the questions, Goldwasser said. Apple and Google, for example, have location information on almost anyone with a mobile phone, so, Goldwasser explained, authorities can use Duality’s system to inquire who was in the vicinity of confirmed patients, without letting these companies know what they're asking.
The technology is not only capable of contact tracing—which means figuring out who was exposed and contacting them anonymously—but it can also process the encrypted information to reveal the types of locations where the virus travels more easily from person to person, Goldwasser explained.
These calculations and statistics can be used to figure out, for example, if students can get infected just from entering a lecture hall together even though they are sitting apart, Goldwasser said. “Once there are answers to this type of question, you can create relevant protocols,” she added.
Duality’s technology can model certain behaviors very accurately to propose guidelines, Goldwasser said. It could be, for example, she said, that students should enter the hall one at a time or more entrances should be opened at once, or, perhaps, the hall needs to be remodeled.
The idea, Goldwasser said, is to allow a return to normalcy, while letting authorities monitor the situation and gain insight without exposing any private information, “If I was in contact with someone who was sick, the government has no business knowing every place I went to over the past two weeks, it just needs to know that there has been contact.”
This virus is not going away tomorrow, Goldwasser said, it is here for the long run and it is vital to find ways to manage it without letting the health crisis become a privacy crisis.