Today, data privacy has become a primary focus for enterprises, institutions, and individuals.
Without proper protection and security, data and information collected by organizations may turn into liabilities instead of sources of value. Due to unfortunate high-profile data breaches and whistleblower revelations, users are more aware of the threats to their privacy and security, and they are demanding protection.
Enigma was founded at MIT in 2015 with a clear mission—to allow data to be used, shared, and computed securely. Leveraging IBM Cloud, we are building the Enigma Confidential Computing Platform (ECCP) to allow responsible data sharing while preserving data privacy. This means one can analyze data and drive insights without revealing any sensitive information about the data itself. Confidential computing is critical to maximizing the potential value of siloed data while reducing threats to users and enterprises.
In a complex and rapidly changing world, it is almost impossible to anticipate every potential threat in advance. The most pressing example today is the COVID-19 pandemic, which has forced governments and companies around the world to respond rapidly and work on developing new solutions for tracking the spread of the virus. This idea of contact tracing is where threats to public health and privacy concerns now collide—and where Enigma can help.
SafeTrace: Privacy-preserving contact tracing
Contact tracing is the use of information about where an individual has been and who they may have encountered as a way to track and manage the spread of viruses. Smartphone data provides a ready source of highly detailed information that can be used to automate contact tracing. In the rush to address COVID-19, many attempts have been made to effectively digitize traditional contract tracing efforts. However, many of these approaches are automated and centralized, highly invasive, and unconcerned with data privacy. This threat to personal data may compound risks beyond the impact of the virus itself.
Addressing this tradeoff is not straightforward. As one possible compromise, people have been building privacy-first contract tracing implementations that utilize Bluetooth. This can offer strong privacy guarantees, but it only provides value to individuals and not to healthcare officials seeking to identify hot spots and coordinate effective responses.
At Enigma, we believe that privacy does not have to come at the cost of utility where people have to choose between protecting their health and protecting their right to privacy. That’s why we’re building SafeTrace. SafeTrace is an implementation of the Enigma Confidential Computing Platform (ECCP) for privacy-preserving contact tracing. ECCP leverages Intel’s Software Guard Extensions (SGX), an implementation of Trusted Execution Environments (TEEs), which are capable of running applications that are completely isolated from the host machine. As a result, one can guarantee privacy and accuracy of computations.
SafeTrace allows users and data providers to share location history and diagnosis results in a privacy preserving manner in order to do the following:
- Inform individuals of high-risk interactions and create individual awareness.
- Provide healthcare authorities insight into location-based pandemic progression.
- Contribute data to epidemiology research.
The SafeTrace Application Programming Interface (API) allows users to encrypt data at their own device. The encrypted inputs are sent into SafeTrace using API endpoints. Inputs are decrypted and used inside the Trusted Execution Environment, which cannot be accessed by anyone, including the system operator. The results are then shared with users or authorized parties.
Having built an API for privacy-preserving contract tracing, we are seeking implementation partners for SafeTrace. SafeTrace is currently being integrated by Covi-ID, a contact tracing and health credentials project in South Africa that is building an inclusive privacy preserving data layer for digital identity. Covi-ID is built for emerging markets where smartphone adoption is low, making many existing solutions for contact tracing inefficient. By using Enigma's SafeTrace, Covi-ID can provide the same efficiency for contact tracing that automatic exposure notification systems provide, even for users who do not have smartphones.
The security of this platform is supported by the IBM Cloud infrastructure that offers access to bare metal servers with Intel SGX, available at data centers across the globe. IBM was one of the first cloud providers to offer SGX-capable bare metal servers, which Enigma used from day one for its internal software development efforts. Thus, it was a natural step for Enigma to host SafeTrace on SGX-enabled IBM Cloud, having experienced firsthand IBM’s high quality of service and reliability over the past few years.
No matter the threat or opportunity, protecting privacy is essential. Enigma is excited to have begun the process of listing in the IBM Cloud Catalog in order to offer IBM Cloud clients the Enigma Confidential Computing Platform for their own use-cases. Enigma will continue to develop use-case focused products like SafeTrace using ECCP. Privacy-preserving contact tracing is just one of many potential applications for the Enigma Confidential Computing Platform. Other use cases include fraud detection in online marketplaces and shared economies, or data consolidation and machine learning use-cases involving telcos and financial institutions.
In addition to working on ECCP and SafeTrace, Enigma is also helping build a blockchain-based, permission-less confidential computing network called the Secret Network for decentralized applications of confidential computing. The validators (equivalent to miners for the Bitcoin network) who secure the Secret Network will need to run their own SGX instances. As a result, we foresee IBM Cloud playing an important role for the Secret Network and ECCP. Furthermore, as the Secret Network matures, applications built with ECCP can be deployed on the Secret Network to leverage the blockchain ecosystem.
If you share our passion for privacy, we’d love to help you build alongside us. To learn more about ECCP and SafeTrace, please visit our GitHub repository.