NTT Tackles Data Privacy Issues With New Cryptography Technology

As devices continue to become more connected across the globe, heralding new heights for the Internet of Things, data volumes are also rising astronomically.

More than ever in the world’s digital history, enterprises swim in large rivers of data. For context, Statista put the volume of data created worldwide at 79 zettabytes in 2021 but expects that number to more than double by 2025, reaching a whopping 180 zettabytes. If you didn’t know, one zettabyte is approximately equal to a trillion gigabytes. That’s an astounding amount of data!

Related: The Case for a Strong Data Governance Program in 2023

But surprisingly, despite such vast volumes of data, businesses often don’t get to contextualize much of it, facing challenges around data lakes, data silos, and data privacy. It’s a double-edged situation in the enterprise ecosystem: Data is abundant, yet difficult to use — especially because of mounting data privacy concerns. 

The bulk of today’s data comes from consumer use of devices and gadgets. What does that have to do with anything? Well, everything. Consumer-generated data can help organizations build customer-centric products and services. The main hurdle to doing this, however, is the evolution of consumer data privacy.

Consumers increasingly don’t want to be tracked by companies. The other bottleneck, perhaps even bigger, is that some data cannot be collected due to privacy laws. Some types of data are even too sensitive to ask for. The result? Limited data, biased data, or no data at all.

This begs the question: How can companies — especially data-heavy businesses — leverage aggregated user statistics without exposure to the risks associated with consumer data?

NTT Research, a part of NTT Group, tried to answer that question at its recent 2023 Upgrade Reality Summit. At the event, NTT Research unveiled and demonstrated a new product called the “private telemetry system,” a cryptographic technology for privately using aggregate data. The technology is the foundation on which NTT’s new data-privacy-as-a-service approach is built, “providing a protocol for hiding values while enabling companies to securely access previously unattainable data.”

The Big Problem With Data Privacy Today

According to Andy Thurai, vice president and principal analyst at Constellation Research, achieving proper data privacy standards is going to be a herculean task going forward, especially “given the nature of connected systems, and cloud-native applications being away from walled gardens.”

Many enterprises still lack even the basic security to properly protect sensitive data, as major data breaches have shown, Thurai said. “While data privacy laws like the General Data Protection Regulation and others try to put some governance to these issues, the skillset shortage, knowledge gap, mix of archaic and newer systems, and the need to create massive data lakes to train massive AI models, are all going to make data privacy much more difficult moving forward,” he added.

Funso Richard, the information security officer at Ensemble Health Partners, echoed Thurai’s concerns. Richard noted that while digital transformation is accelerating operational efficiency at breakneck speed, it has led to several challenges — including the large amount of data getting collected, stored, protected, used, and managed. He listed other challenges, as well: a lack of data visibility, a bad data culture, increasing maintenance costs, and compliance with a long list of competing regulatory requirements.

Balancing Data Needs and Privacy Rights

NTT’s private telemetry system aims to kill two birds with one stone: Help companies safely access, contextualize, and use the data they need to build customer-centric products and services while assuring individual consumers that these companies are never exposed to their personal data.

Elette Boyle, a senior scientist at NTT Research’s Cryptography and Information Security (CIS) Lab, stressed that companies want and need data to develop offerings. For example, companies need to know which features are used more commonly and which are used less commonly. “This information is crucial and very important as they help to guide future processes,” she said. While it’s true that the information already exists on the devices that consumers use every day — which companies can collect and transmit back to manufacturers — Boyle admitted that privacy rights have always stood in the way.  

To navigate today’s multifaceted privacy landmines, several companies have turned to strategies like the “opt-in approach,” which allows customers to decide if they want their data to be tracked, and the “pay-to-get approach,” in which companies pay customers for access to their data.

The middle ground between those two approaches is where NTT’s private telemetry system has pitched its tent. Boyle claimed that the private telemetry system enables companies to use aggregate data without veering into personal data that is specific to the user, ensuring data is collected in compliance with privacy laws. Essentially, this new technology “allows you to see one and unsee the other,” she explained.

Richard believes NTT’s offering will be a game changer. “A private telemetry system provides valuable insights on how consumers use products and what manufacturers can do to enhance their offerings,” he said. He noted that the benefits include providing real-time data on product performance, detecting operational inefficiency, improving efficiency and effectiveness, and making timely and informed operational decisions.

Explaining how the technology works, Boyle said it “splits the data and hides the value but still allows for aggregation.” The private data is encrypted, while the aggregated data is visible and transferred back to the company.

Speaking further on the potential of the technology, Richard added that “when set up correctly, organizations can reduce the impact of privacy concerns and still provide optimal product delivery to consumers without violating compliance regulations.”

What’s Ahead for NTT’s Private Telemetry System

While Thurai hailed the launch of the new technology, he maintained that it will not be without some challenges, especially in terms of cost and security. Regardless of the NTT’s launch of the private telemetry system, Thurai believes that much still depends on proper security hygiene.

Richard agreed, noting that organizations must consider what types of data they pull from sensors and signals, as well as how that data will be used, stored, and processed. “They should collect the minimum data necessary and provide transparency about the data collection and use,” he said. “Appropriate data protection measures such as encryption, access control, tokenization, and de-identification should be in place to prevent unauthorized data access and modification.”

However, NTT’s CIS Lab claims the private telemetry system “explores attribute-based encryption, homomorphic encryption, and functional encryption regarding security and privacy.” While Boyle admitted that NTT has yet to explore the full range of applications for this technology, she noted that it could potentially cut across several settings, including mobile phone companies, networking companies, software vendors, car manufacturers, and more.

“What’s next for the potential application settings of this technology will be seen in the feedback and conversations that we have with people going on from here,” Boyle said.