April 21, 2020
Technology revolutions create dilemmas -- good things mixed with bad things. In the 21st century, the explosion of data and computing power makes it possible to do good, worthy things that, only a few years ago, were unimaginable. On the other hand, the explosion of data and computing power opens the door to problems and dangers that, only a few years ago, were also unimaginable. These include the danger of almost entirely losing our privacy, of having our personal lives exposed to commercial interests, to governmental powers, and to criminals.
We know there is no easy solution to this. However, one of my guiding principles when looking at big, hard problems is always to ask if there could be technology remedies for them, before I assume that we need laws and regulations to tackle them -- partly since I know that regulatory strategies are never fully effective.
Regulators throughout the world are looking at homomorphic encryption as one of several new kinds of technology that might enable much more widespread, but safe, sharing of information. The exciting potential is that data can be shared in encrypted form and then actually worked on, still in that form, without the need to decrypt at all. This means that if someone hacks into it, all they get is unusable, garbage information. They don’t get the information that needs to be kept secure.
This capability can offer a breakthrough for many regulatory challenges, but the need is especially acute in anti-money laundering. I met Ellison Anne because Enveil has been involved in the tech sprints run by the UK Financial Conduct Authority to look for better AML technology. Last summer, Enveil participated in the big tech sprint that the FCA held in London, and the company also sent people to join in the Washington satellite sprint that my nonprofit, AIR, held in collaboration with the British regulators. And it was on the winning teams at both.
As we have said many times on Barefoot Innovation, the current AML system is failing spectacularly. The UN estimates that we have worse than a 99% failure rate in detecting global financial crime, despite massive spending on the effort. One main reason for this is that the criminals and terrorists easily share information, while banks and law enforcement are severely limited in doing so. The reason for that, in turn, is that the non-criminals have to follow strict rules for protecting people’s privacy, which means that information about individuals’ financial lives cannot be widely circulated among financial companies, government agencies, or countries, without following cumbersome procedures to assure due process. This means that criminals can build sophisticated global networks that hide their movement of money, with very little risk that banks and law enforcement will be able to catch it because each sees only a small sliver of the picture.
But here’s the new tech breakthrough: what if, in the early stage of searching for financial crime, we don’t need to share information about people with their identities attached? What if we only need to share information about patterns of anonymous transactions? Using machine learning, these patterns can be readily detected over huge volumes of pooled data. Many of them have clear characteristic typologies that indicate that illicit money is likely being hidden. Often, these patterns can even show what kind of crime may be underway, because human trafficking money flows look different from those for weapons or drugs or selling endangered wildlife.
The FCA invented a slogan for the two tech sprints it has held on financial crime. The watchword was: “It takes a network to defeat a network.” Anyone who works closely with financial crime knows that the criminals will continue to win, until the forces of good can search holistically for these big global patterns of high-tech crime. Hence the emergence of a generation of “privacy-enhancing technologies,” or PET’s. These include zero-knowledge proof, differential privacy, and homomorphic encryption.
Ellison Anne and I sat down for this conversation during the Singapore Fintech Festival late last year, in the bustling speakers lounge, which means there is some background noise. Still, I know you’ll enjoy hearing from her as she explains that homomorphic encryption is 30 year old technology that has suddenly become practical because it requires intensive computing power, and that power is now becoming cheap and abundant. The speed of this shift is, inevitably, causing regulatory policy to lag somewhat behind. Now is the time for policymakers who care about financial crime, and who care about data security and privacy, to take a close look at these new tools.
Are privacy-enhancing technologies a panacea? No. There are no panaceas. Could they massively improve our ability to work safely with data? They have that potential.
More on Ellison Anne
Dr. Ellison Anne Williams is the Founder and CEO of Enveil, the pioneering data security company protecting Data in Use. Building on more than a decade of experience leading avant-garde efforts in the areas of large-scale analytics, information security, computer network exploitation, and network modeling, Ellison Anne founded the startup in 2016 to protect sensitive data while it’s being used or processed – the ‘holy grail’ of data encryption. Powered by homomorphic encryption, Enveil’s award-winning ZeroReveal® solutions provide Trusted Compute in Untrusted Locations™, enabling previously impossible business functionalities for intelligence-led decision making.
Leveraging her deep technical background and a passion for evangelizing the impact of disruptive technologies, Ellison Anne has helped define and advance the Data in Use security space and cultivated Enveil’s capabilities into category-defining solutions that enable secure search, analytics, sharing, and collaboration. In addition to her ongoing contributions as a cybersecurity mentor, speaker, and thought leader, Ellison Anne has been recognized as an SC Media Reboot Leadership Innovator Award winner, a Woman to Watch in Security, and a Cyberscoop Leet List Honoree,
Under Ellison Anne’s leadership, Enveil has been recognized with a number of awards including: SC Award Winner “Best Cloud Computing Security Solution”, SINET 16 Innovator, Cybersecurity Breakthrough Awards “Overall Encryption Solution of the Year”, Maryland Cybersecurity Awards “Cybersecurity Innovator of the Year”, Cybersecurity Impact Award Winner, FCA TechSprint Winner, and RegTech 100. Just four months after founding the company, Ellison Anne presented the company’s groundbreaking technology at the 2017 RSAC Innovation Sandbox, becoming the youngest company ever selected to participate in the esteemed competition, and was ultimately recognized as one of the winners.
Ellison Anne started her career at the U.S. National Security Agency and the Johns Hopkins University Applied Physics Laboratory and is accomplished in the fields of distributed computing and algorithms, cryptographic applications, graph theory, combinatorics, machine learning, and data mining. Ellison Anne holds a Ph.D. in Mathematics (Algebraic Combinatorics), a M.S. in Mathematics (Set Theoretic Topology), and a M.S. in Computer Science (Machine Learning).
More for our Listeners
We have terrific shows coming up. Next up is Colin Walsh, CEO of Varo, on transforming from a fintech to a national bank. We’ll also talk with Albert Forkner, State Banking Commissioner of Wyoming and with Sarah Willis of the Metlife Foundation and Allie Burns, CEO of the nonprofit Village Capital. And we’ll have a conversation with Shamir Karkal and Angela Wilson of Sila.
We are also launching a special series of shows that will explore how the pandemic may impact the Future of Financial Regulation. We’ll be speaking with some of the most thoughtful people anywhere, starting with former Comptroller of the Currency Thomas Curry.
Most conferences are of course postponed, but I’ll look forward to speaking with many of you virtually at the upcoming Third Party Risk conference of the Santa Fe Group — https://sharedassessments.org/summit/.
Meanwhile, I hope everyone is safe and healthy. Let’s all keep innovating together
Stay informed by joining our mailing list