Multi-regulation computing: examining the legal and policy questions that arise from secure multiparty computation

Files
AM_mrc.pdf(182.07 KB)
Accepted manuscript
Date
2022-11-01
Authors
Walsh, Julissa
Varia, Mayank
Cohen, Aloni
Sellars, Andrew
Bestavros, Azer
Version
Accepted manuscript
OA Version
Citation
J. Walsh, M. Varia, A. Cohen, A. Sellars, A. Bestavros. 2022. "Multi-Regulation Computing: Examining the Legal and Policy Questions That Arise From Secure Multiparty Computation" ACM Symposium on Computer Science and Law.
Abstract
This work examines privacy laws and regulations that limit disclosure of personal data, and explores whether and how these restrictions apply when participants use cryptographically secure multi-party computation (MPC). By protecting data during use, MPC can help to foster the positive effects of data usage while mitigating potential negative impacts of data sharing in scenarios where participants want to analyze data that is subject to one or more privacy laws, especially when these laws are in apparent conflict so data cannot be shared in the clear. But paradoxically, most adoptions of MPC to date involve data that is not subject to any formal privacy regulation. We posit that a major impediment to the adoption of MPC is the difficulty of mapping this new technology onto the design principles of data privacy laws. To address this issue and with the goal of spurring adoption of MPC, this work introduces the first systematic framework to reason about the extent to which secure multiparty computation implicates data privacy laws. Our framework revolves around three questions: a definitional question on whether the encodings still constitute ‘personal data,’ a process question about whether the act of executing MPC constitutes a data disclosure event, and a liability question about what happens if something goes wrong. We conclude by providing advice to regulators and suggestions to early adoptors to spur uptake of MPC.
Description
License