Why privacy tech is actually collaborative tech in disguise (2021)

This post is the exec summary from our latest research piece at Lunar Ventures. Download the full paper from Docsend [[here]].

If you like your content in video, i’m not your man. But if you like your content in 3 sentences, you’re in luck:

  1. The thrust of the collaborative computing thesis is that privacy-enhancing technologies (PETs) are misunderstood by the market. They are actually collaboration tools wrapped up in a privacy positioning. So most people aren’t see the disruptive (BUZZWORD ALERT) potential.
  2. PETs are tools to address data pooling and data acquisition challenges because they solve the confidentiality problem. The tools basically make it easier to share data and benefit from data economies of scale in data analysis.
  3. As they are adopted during the 2020s, we will see both the cloud and machine learning markets impacted. But the big story is the creation of an entirely new and massive collaborative computing market. We will start by replacing some bi-lateral data sharing agreements and legal contracts. Then some intra-organisation data sharing projects. Then BOOM people are sending data anywhere and everywhere for processing and analysis without a compliance care in the world. Cryptography continues it’s slow and steady dominances over the digital realm…

For those of you not brought up on social media, here’s the 1000 word story…

Privacy-enhancing technologies (PETs) are coming of age. The tools are maturing, but mostly, it’s because Gartner says so. Well no, actually it’s because the market is beginning to understand what they can be used for and how that helps their business. First it’s for compliance but more importantly and less well-understood it’s for collaboration. Kicked off by GDPR and the wider public conversation around privacy, organisations have been forced to prioritise how they manage personal data. PETs are tools that can bring privacy features to a whole host of applications including important areas like encrypted databases and anonymous communication networks which are not covered in this paper. We explore the role PETs play in computing: specifically how they address data liability, outsourcing risk, and processing personal information, as well as opening up new opportunities for collective processing and data acquisition. We see differential privacy, synthetic data, trusted execution environments (TEEs), verifiable computation, zero-knowledge protocols, federated learning, secure multi-party computation (MPC), and homomorphic encryption as solutions to reduce risks. But some of them, especially MPC, federated learning and homomorphic encryption, open up never before possible opportunities around data collaboration. This is not the story of compliance (that would be a boring story). It is the story of how sharing beats hoarding and digital ecosystems beat monopolies. It’s a good versus evil story.

PET adoption is being driven by five surprisingly non-tech trends. First, compliance legislation essentially created a market for privacy tech in the enterprise, raising the issue higher on the CTOs to-do list. Second, migration to the cloud has now reached business critical software and sensitive workloads, and with it comes risks that need more than just expensive and ineffective SLAs. Third, digital ecosystems, too, are increasing the need for multi-party coordination. Few organisations have all the necessary skills, data, and capacity to generate cutting-edge insights alone. The FAANG companies have to spend millions to do the sort of cutting-edge machine learning to drive their products. One way to solve this problem is to collectively work with partners and customers on inputs and share the outputs securely. Fourth is the fact talented people continue to develop PETs as a form of civic engagement rather than primarily for the money. For many people, especially technologists, protecting privacy is a political goal and human right. This means we see far more development than what might be expected from the size of the market. Finally, and related to civic technology, is the cryptocurrency market. This largely unregulated and dynamic market provides an experimental breeding ground with users who are both philosophically and commercially aligned to protecting privacy. The hardest thing for a start-up is to find customers with a strong enough pain point to buy a totally new and half-finished product from a company likely to be out of business in 12 months. The crypto market despite its flaws, has plenty of these customers, perfect for a fledgling privacy start-up.

That’s where the good news ends. There are lots of market restraints that we expect to slow the adoption of PETs. First, the common lack of market education and lack of talent which stalks the PET market. But that is normally the case for all new technologies and is generally overcome eventually. Second, PETs are expensive. at least compared to the alternative of processing data ‘in-the-clear’ without encryption. That said, PETs, at least not yet, are not competing to be cheaper or faster. The tools are superior in one dimension: hiding the inputs, operation and/or outputs of computation. Some customers consider this a huge pain point and are willing to solve it today.

Over time and with investment, performance will improve so that it is no longer materially different than non-PET tools. At least for products that are closer to the application-specific end of the spectrum rather than general-purpose. Another issue, and one that is unlikely to go away with more resources and money; integration is particularly difficult because the entire development environment is different. Any integration with other software opens up a new and ongoing privacy risk which in turn makes development and maintenance expensive. This isn’t the case with TEEs and synthetic data however, so we can expect these tools to find a market faster. The final problem is a lack of buyer sophistication, this is the risk that buyers don’t value security highly enough to buy ‘good’ PETs versus software that just claims to protect privacy or be secure. The positioning of PETs as partnership tools as proposed in this paper, does make this less of a restraint by changing the buyer and the value proposition.

Looking at the drivers and restraints, we predict PETs will have a major impact on the cloud and machine learning markets. We expect TEEs to become widespread in cloud environments, but software-based cryptographic PETs will have less of a market meaning the value-chain is unlikely to change. The same is true of machine learning. The move to partnership-enhanced machine learning, enabled by the widespread use of federated learning for greater access to data, will grow the market but not upend the market. Vendors will placate the public and rile up privacy campaigners with “data doesn’t leave your phone” slogans. PETs in the context of the Cloud and machine learning essentially grow the market and entrench current incumbents. Once PETs become a part of the corporate software stack, the real value can be unlocked: collaborative computing.

Expect the emergence of a larger, (maybe not global as the Splinternet becomes ever more entrenched), liquid computing and data market. We will move from cumbersome bi-lateral and multilateral data owner-data processor relationships to a more dynamic, algorithmically driven data processing and analytics market. Basically programmatic advertising exchanges but for all computing tasks. The reason not to collaborate is the fear of exposing data or confidential information. If that can be mitigated, collaboration will thrive. Owners and processors, buyers and sellers can operate in a zero-trust environment making collaboration cheaper, faster, and easier.

We predict collaborative computing to be the largest new technology market to develop in the 2020s. By 2030, data marketplaces enabled by PETs, in which individuals, corporates, machines and Government’s trade data securely, will be the second largest ICT market after the Cloud.

“PETs are partnership technologies first, privacy technologies second. Let’s call them partnership-enhancing technologies. Once the value proposition becomes obvious to the market, we predict that by 2030 a collaborative computing market will be one of the largest markets in the technology industry.”

We recommend founders, investors and policymakers prepare:

Founders: You’re not selling privacy

  1. Few people care about privacy in the enterprise. Internalise that. Build a business, not a public good.
  2. Don’t sell technology, sell solutions. Be clear which problems are getting solved: data liability; using personal data; outsourcing risk; collective processing; or data acquisition. And be sure to answer why this is the right balance of security, cost and performance to solve the problem.
  3. Focus on the pain today. Grow from there. This is generally obvious in start-up-land, but oftentimes start-ups in this field try to solve a problem that doesn’t exist yet. Founders need to reduce risk for their customers first; then solve issues of collective processing and data acquisition. As you expand your footprint in your customers’ organisation, target the growing collaborative computing opportunity.

Investors: PETs are creating borderless computing infrastructure

  1. PETs are a data management tool first, and a privacy tool second. Dismissing PETs because privacy isn't a large enough consumer market or GDPR compliance isn't investable is missing the opportunity.
  2. The terms privacy-enhancing technology is misleading. Partnership-enhancing technologies and collaborative computing are better frames for investors, and should be attractive to any investor covering Cloud, b2b SaaS, enterprise, big data, or AI.
  3. PETs are enabling data markets. A good way of viewing PETs is as a data market driver and for investors with investments in enterprise software, a portfolio value multiplier. Enabling businesses to generate value from internal data will unlock big revenue opportunities. But enabling businesses and markets to collaborate and compute on shared data is the next era in the data economy.

Policymakers: PETs support digital free trade

  1. Policymakers must untangle different market failures. Problems of monopoly power require different solutions than issues resulting from individual reasoning failures from trading privacy for information goods. Natural monopolies and reasoning failures will have different policy instruments.
  2. Be aware PETs offer a viable market solution to the privacy problem. Before using regulatory tools, supporting the development and commercialisation of PETs can have powerful positive externalities and drive innovation.
  3. Consider PETs in the broader context of data policy and digital markets. PETs support markets and economic growth, while privacy regulation (and legal ruling like Schrems II) protects individual rights at the cost of growth. Individual rights and economic growth do not need to be at odds. PETs can square the circle: protecting individual rights while supporting trade and growth. If Government’s want to support free trade, then PET-enabled digital free trade is a crucial policy area to support.