Cryptographic Enforcement of End-to-End Data Privacy
Abstract:
As increasingly more sensitive data is being collected to gain valuable insights, the need to natively integrate privacy controls in data frameworks is growing in importance. Today, existing data protection systems are focused around ensuring that access to data is limited to authorized services, using security controls such as access control and encryption. However, in this model, once a service is authorized to access the data, they get an unrestricted view of the data, which accounts for much of the data misuse today. We ultimately need to ensure that users’ privacy preferences are respected even by authorized services. In this talk, I’ll start by motivating end-to-end privacy and why we need system designs that simultaneously ensure the confidentiality of data from unauthorized parties and provide strong privacy guarantees for data accessed by authorized parties. I’ll then discuss how we realized this new paradigm of end-to-end privacy in Zeph, a system that targets data streaming platforms. Zeph provides the means to extract value from encrypted streaming data safely while ensuring data confidentiality and privacy by serving only privacy-compliant views of the data.
Biography:
Anwar Hithnawi is an Ambizione research fellow at ETH Zurich where she leads the Privacy-Preserving Systems Lab (pps-lab.com). She works at the intersection of systems, privacy, and applied cryptography. Anwar received her doctoral degree in computer science from ETH Zurich in 2017. Prior to joining ETH Zurich as a research fellow in 2020, she was a postdoctoral researcher at UC Berkeley. She is the recipient of an SNSF Ambizione grant, the Facebook Research Award, an SNSF Postdoctoral Fellowship, and the Google Anita Borg Memorial Scholarship.