Today’s federal agencies face a serious dilemma regarding the use of data to improve mission outcomes and better serve the public. While data can be used in an increasing variety of ways to create new and transformational mission impacts, many such uses bring potential risks to the privacy of the individuals whose data is involved. How can agencies fulfill their obligation to harness the power of advanced technology in service to the nation while also safeguarding the privacy of citizens?
The answer lies in a burgeoning field of study: privacy-enhancing technologies. These technologies encompass a suite of frameworks, tools, and techniques designed to protect individuals' privacy while still allowing for impactful data analysis and sharing.
As the use of AI, Internet of Things, and other cutting-edge tools accelerates, the need to adopt privacy-enhancing technologies becomes more urgent than ever. Yet, despite recent executive orders encouraging their use, including the “Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence,” and “NIST SP 800-226 “Evaluating Differential Privacy Guarantees,” institutional barriers impede widespread deployment throughout the federal space.
Let’s explore privacy-enhancing technologies through the lens of a specific framework that is explicitly referenced in the recent mandates: differential privacy. For years, organizations have relied on traditional methods of privacy enhancement. Such methods generally focus on removing or scrambling personal identifiers to make data anonymous and reduce the risks related to deliberate public release or unintentional leakage. Unfortunately, evolving technology means that these traditional methods are becoming more vulnerable to attack. As organizations collect greater amounts of data and computing power increases, it’s becoming less difficult for bad actors to re-identify “anonymized” data, increasing the risk that sensitive information could be revealed. Differential privacy brings that risk back down by taking a wholly different approach to safeguarding sensitive data.