ITU researcher granted to investigate how to verify that our private data really is private
When our data are successfully kept private, it becomes a challenge to investigate data misuse. Independent Research Fund Denmark has awarded Associate Professor at the IT University of Copenhagen, Bernardo David, a Sapere Aude grant to find out how to verify that our sensitive data is not misused while keeping them private.
Bernardo Machado DavidComputer Science DepartmentResearchBlockchaingrantsIT security
Written 5 February, 2021 13:15
Protection of our data privacy contains a paradoxical challenge: On the one hand, we want to keep our data private. On the other hand, we want evidence that our privacy really has been protected, which requires someone or a system to verify it for us. For instance, we must, in order to comply with legal requirements, be able to detect malfeasance on systems dealing with private data. Consequently, we risk that the verification of our privacy or auditing to detect illegal activities become privacy breaches.
Privacy and/or accountability
Associate Professor at the IT University of Copenhagen, Bernardo David, is investigating the mathematical foundations needed to design and analyse systems that process encrypted data in a private manner but still allow for identifying misuse. In late 2020, he was awarded the Independent Research Fund Denmark's Sapere Aude grant for his project Foundations of Privacy Preserving and Accountable Decentralized Protocols in which he addresses the issue of processing sensitive data while keeping them private.
In particular, the project will investigate how to add privacy to blockchains and smart contract systems while preserving accountability (i.e. allowing for lawful investigation of illegal activities). Adding these guarantees to such systems is particularly important in the effort to make them regulatory compliant. Currently, these systems either provide privacy or accountability, making it an important challenge to reconcile both guarantees as mandated by law (e.g. GDPR requires privacy while financial regulations require accountability).
- In our increasingly data based society, we need to protect sensitive information, which has now been written into privacy regulations such as the GDPR. However, our current techniques for protecting privacy usually make it impossible to achieve accountability, which is also required by law for a number of systems (e.g. in health and finance applications). Obtaining both properties will allow decentralized systems (e.g. based on blockchains) to achieve their full potential while respecting laws and regulations, Bernardo David says.
Leading research group
The Sapere Aude programme aims to provide excellent younger researchers the opportunity to develop and strengthen their research ideas as well as promoting the mobility internationally and nationally among research environments, and thereby to strengthen networks and careers. Bernardo David, who is originally from Brazil, explains that the grant will allow him to hire PhD students and Postdoc researchers who will help him do the research needed to achieve his goals and help him explore new ideas:
- In the long run, I expect that executing this project will allow me to establish a leading research group both on a national and international level. Moreover, I believe that receiving such a prestigious grant as the Sapere Aude will strengthen my curriculum and better prepare me for future research grant applications in an international level, he says.
Learn more about the Bernardo David's Sapere Aude grant
Jari Kickbusch, phone 7218 5304, email jark@itu.dk