Joint NSF-NIST Workshop

The federal government has a long history of data collection. The collection of potentially sensitive information on the citizenry dates back to the Constitution (while not specifically required by the constitution, the first decennial census asked about gender, race, relationships, slaveholder status, and in some states, occupation) and the requirement that some government-collected information be shared at least to the patent act of 1790. The 20th century saw growing concern with privacy of that data, perhaps most famously through the 1890 article “The Right to Privacy”, leading to a patchwork of laws, regulations, and policy to restrict access to and misuse of government held data.

The 21st century has seen a growing awareness of the need to better utilize this data to support public safety, leading to efforts such as the Terrorism Information Awareness program that was established after the 9/11 attack and the 1/21/2021 Executive Order on Ensuring a Data-Driven Response to COVID-19 and Future High-Consequence Public Health Threats. At the same time, there has been growing concern that such programs, even using already collected data shared only within the government, could be misused leading to substantial public harm. The rise in data breach incidents (and the recognition that government is not immune) has made clear the external risk of misuse of the data; more comprehensive datasets increase the potential damage of such a breach. As a result, efforts to improve data sharing and use have proven challenging, and lagged behind private enterprise creation of large and comprehensive (and largely unregulated or lightly regulated) datasets.

Recent years have seen significant research advances in data sharing and data privacy. For context, we outline a few areas here, but recognize that these field is substantially larger and more diverse.

Several advances have given us new ways to use data with reduced privacy risk. These broadly fall into:

• Formal privacy techniques. Through incorporating non-determinism into the results of data analysis, formal privacy methods limit the extent to which information specific to individuals can be reliably ascertained from the results. While showing some practical success, more complex data have proven more difficult.
• Computing with Encrypted Data. Applications of Secure Multiparty Encryption, and more recently Fully Homomorphic Encryption, provide new opportunities to use data while controlling the risk of disclosure. The basic idea, that the data remains encrypted and thus not at risk of disclosure while it is being used, seems an ideal solution. Research successes include techniques for machine learning and encrypted database management systems. However, real-world use has been limited (although they do exist).

The next wave of privacy technology research needs to focus on the real-world challenges that are not yet addressed by the technology. In many cases, the data agencies would like to share highly complex data sets, for example, survey data with hundreds/thousands of variables of different types and complex survey design that makes it very challenging to apply emerging technologies. This workshop aims to identify key cross-cutting challenges and spur research to address them.