Encrypted privacy for the public's safety

One of the many challenges government and local authorities constantly face is that of keeping up with changes and innovations coming from the outside: conflicts and emergencies, environmental factors, inputs from industries and productions and, of course, evolving technologies. Whether these are developed in the private or public sector, or the academic community, it is unquestionable that tech innovations are tightly woven into everyday life.

These innovations frequently move forward at a speedy pace, spreading across different fields and inevitably reaching a level of integration that can no longer be left to the sole responsibility of the individuals. Thankfully, governments and organizations are increasingly wisening up when it comes to new and emerging technologies, whether this means creating ad hoc policies and regulations (the UK AI bill, the European AI act, the American Privacy Rights Act, or Chat Control) or taking targeted actions towards specific platforms or providers compromising users’ privacy like the TikTok ban for federal and state employees in the USA.

The privacy trade-off

Beyond the inevitable differences -- countries and regions, purpose, area of focus -- these policies all aim to address the key aspects of privacy, where privacy is not so much in terms of data ownership or security but about the ability to selectively disclose personal information only to desired recipients. This particular interpretation of privacy is an increasingly driving force for regulators, and something the public is coming to expect: the trade-off of personal data for essential services is more acceptable when you know your information is protected and handled according to your expectations.

A practical solution to this transaction, able to satisfy both sides, lies within cryptography. There are currently a number of cryptographic and encryption techniques, integrated into modern technologies to provide the privacy users expect and organizations value. When privacy is understood as user anonymity, attribute-based credentials (ABC) and ring signatures provide good examples of such techniques. When the concern is more focused on data privacy, encryption saves the day, especially when it still allows private computing like with multi-party computation (MPC) or Fully Homomorphic Encryption (FHE).

Protecting privacy in the digital world

With more and more services and activities in everybody’s lives going digital, there is nowadays a clear need for enhanced privacy. The following paragraphs will explore some of the fields and services making a decisive switch to digital form, what risks they present to privacy and how innovative cryptography like FHE can come to the rescue.

• National databases. Local governments handle an enormous amount of sensitive data about private citizens throughout their lives, and encryption offers a way to protect this data while still enabling inter-agency collaboration and analysis. It can be used for securely sharing classified information, conducting encrypted census computations, or managing public records. This ensures the protection of national security interests and citizens’ privacy. Additionally, FHE can play a crucial role in secure e-governance initiatives, allowing citizens to interact with government platforms without compromising their personal data.

• Online voting: FHE can revolutionize online voting systems by ensuring that votes are encrypted, and the tally is computed without ever decrypting individual votes. This maintains voter privacy and election integrity. Such a system would be resistant to tampering and could provide verifiable proof that the vote count is accurate and untampered, thereby boosting public trust in the electoral process. This technology could be a game-changer in enabling secure, large-scale online voting for national elections, referendums, or corporate governance.

• Cross border data sharing: In today's globalized world, cross-border data sharing is essential as it can be applied to different areas -- including the public and civil space, criminal matters or business -- but it often conflicts with varying privacy laws like the GDPR. FHE enables secure international data sharing by ensuring data remains encrypted during transfer and processing. This facilitates multinational collaborations and compliance with international data protection regulations, making it easier for companies to operate across borders while maintaining data sovereignty and privacy.

The future of privacy

The level of digitalization in everyday life might appear somewhat dystopian at times, but as long as there will be people championing and defending the value of privacy, integrating encryption techniques with modern technologies, the balance in the privacy/services exchange can be secured. One of the keys to facilitating this development is to make techniques like FHE easily accessible to developers, who can then use them in a variety of applications, with the ultimate goal to create new protocols to make the entire internet encrypted end-to-end.

Dr Pascal Paillier is CTO at Zama and a researcher and entrepreneur in cryptography. He has spent the past 25 years inventing new cryptographic techniques for critical industries. From embedded security to whitebox crypto to homomorphic encryption, he has contributed to groundbreaking research in corporate environments.