DeCloak developed a chip to de-identify individuals’ private data. The technology lets data aggregation/analysis companies see the forest without seeing any trees.
How to win consumer trust when massive security breaches are announced by one consumer company or another seemingly every week? A startup in Taiwan has developed an IC that might restore that lost trust.
The consumer electronics industry loves talking about building trust and loyalty among consumers. The “consumer experience” is a veritable marketing mantra at every industry gathering.
Privacy and safety are two tenets vital to winning consumer trust, but they never (as usual) emerged as serious topics at CES 2020. Sure, CES offered privacy panels and roundtables during which privacy chiefs from Facebook, Apple and Procter & Gamble made appearances.
But given Boeing’s deadly 737 Max accidents and a growing backlash against big tech platform companies, was it too much to ask for at least one keynoter addressing the huge CES tech crowd with a “calls-to-arm” speech on privacy and safety?
Put this omission in the “missed opportunities” file.
Nonetheless, we came across at CES a little gem – a startup building a chip designed for “de-identifying” private data. DeCloak, founded by two PhD’s in Taiwan, is a spin-off of Etron Technology.
In the burgeoning confluence of surveillance and social media, the idea of “de-cloaking” might seem counter-intuitive to corporations in the big business of collecting data. But as adoption of the EU’s General Data Protection Regulation (GDPR) spreads, the first order of business for global service companies engaged in aggregation and data analysis is to be mindful of possible GDPR violations.
The GDPR demands that stored data on people in the EU undergo either an anonymization or a pseudonymization process. More specifically, GDPR demands a “process in which personal data is irreversibly altered in such a way that a data subject can no longer be identified directly or indirectly.”
Justin Chueh, co-founder and CTO of DeCloak, told EE Times, “We understand the industry wants to maintain the big data trend. Our technology is about letting them see the forest without seeing trees.”
The company has designed a privacy processing unit (PPU) in the form of a 1x1mm chip. The PPU, integrated with a true random number generator, is hardware, not software, stressed Yao-Tung Tsou, co-founder and CTO of DeCloak.
Installed in a dongle connected to a smartphone, for example, the PPU would block an individual’s private data that would otherwise migrate automatically to the cloud. The PPU is designed to fit into smartphones and other smart appliances, including smart meters.
Chueh said that China, for example, has the largest penetration of smart meters in the world, because the country is plagued by energy theft. However, making the meter “smarter” also has a downside. Outsiders could pry open private information when the residents are away, or uncover how much energy a household is wasting.
DeCloak believes that de-identification is especially important for medical data. Data collectors often say they are anonymizing data. But how much are they doing?
By definition, “anonymized data” means the patient can’t be identified by the recipient of the information. Data can’t include name, address, and full post code, or any other information which, in conjunction with other data held by or disclosed to the recipient, could identify the patient.
By using the PPU, a patient can de-identify comfortably participating in the sort of medical research that depends on big data, explained Chueh.
Because of the company’s roots in Etron, the DeCloak co-founders said, “We know how to design chips.” Etron is a chip company run by Nicky Lu, a researcher, architect and entrepreneur, who is known for his co-invention and pioneering work on a 3D-DRAM technology.
Chueh mentioned that DeCloak has stirred interests in its technology at CES from Defense Advanced Research Projects Agency sources.
DeCloak is eager to participate in the Mobile World Congress next month – to be held in Spain, an EU country – “to make some noise” about what its PPU technology can do to help companies comply with the GDPR, Chueh said.