IEEE Digital Privacy Podcast Series: Episode 9
A Conversation with Jaideep Vaidya
Director of the Rutgers Institute for Data Science, Learning, and Applications
Listen to Episode 9 (MP3, 27 MB)
Part of the IEEE Digital Privacy Podcast Series
Brian Walker: Welcome to the IEEE Digital Privacy Podcast Series, an IEEE Digital Studio Production. This podcast series features conversations with industry and academic leaders as well as key stakeholders of digital privacy, in order to help advance solutions that support the privacy needs of individuals. In this episode we speak with Jaideep Vaidya, a distinguished professor in the Management Sciences and Information Systems Department at Rutgers University. Jaideep discusses the realities facing the digital privacy space and how emerging technologies are impacting individuals and enterprises concerned with both privacy and security issues. Jaideep, thank you so much for taking time to speak with us today. To get started, can you share a little bit of information on yourself and your background?
Jaideep Vaidya: Oh, sure. So, hi, everyone, I'm Jaideep Vaidya. I'm a distinguished professor of Computer Information Systems at Rutgers University. I'm also the Director of the Rutgers Institute for Data Science Learning and Applications. I have been broadly interested in data privacy. And my research is actually on privacy and security as well as data analytics and data management for the past, I would say close to 24 years now.
Brian Walker: So, how did you first become involved with digital privacy?
Jaideep Vaidya: So, this is an interesting story. You know, when I actually started my PhD, initially before even starting to look at things, I thought I was really, really interested in sort of networking. And then as I went through my graduate studies, I realized that my true passion was elsewhere in some sense. And at the time it was really interesting because I started taking courses in cryptography and security and then I also took a bunch of courses in data analytics. And one of the interesting things that came up-- this was a very nascent field back then-- was this question of, "Can we extract value from data while sort of making sure that we preserve the privacy of it?" And these questions actually came up honestly because once 9/11 occurred, which was actually, you know, I came here in 1999, and in 2001 after 9/11, after that terrible incident, essentially, we had to ramp up a lot of things in terms of ensuring security in terms of surveillance, in terms of analyzing data as well. But suddenly there was this question, "Oh, is it that we will lose our individual ability in terms of privacy in order to do this?" And actually, we realized that "No, this is not necessarily the case. You can use techniques, in fact, from cryptography to sort of help with that." And that's, in fact, when my interest started, and my initial paper started from 2002 onwards looking at how to ensure privacy while still enabling us to get-- ensure security.
Brian Walker: So, Jaideep, where do you see some of the key challenges facing digital privacy and in particular in what application areas?
Jaideep Vaidya: So, great question. Essentially privacy, you know, affects us all in many different ways as the world has changed. You know, there's been digitization of pretty much everything all around us no matter what kind of information is being collected. So, there's huge amounts of data collection happening, big data storage happening as well and things in the background. This has created a bigger threat, if you will, to privacy as well. So, new technologies like A.I. actually exacerbate this to a large extent as well because they're able to look at the surrounding small bits of data about. You put it together to sort of infer a lot of things about you. So, in that sense as the years have gone by, even though we have now technology that can help us address privacy concerns as well, the threats to privacy have increased. And now you have these questions about, "Oh, how do we evaluate privacy? How can we measure what kind of privacy do we have? And then how do you communicate this to people? How do you make sure people make the right choices and understand the consequences of their actions? And if there are these technologies for privacy enhancing technologies, or privacy enabling technologies if you will, how do we ensure adoption of these things in real life?" So, there are lots of questions from this perspective. But yeah, the key concern is simply that we have much broader threats to privacy as a whole, and we need to be aware of this as we operate in real life.
Brian Walker: So, you've touched upon some of the current challenges related to digital privacy, but what about the future? Where do you see emerging challenges and how are those going to be addressed do you think?
Jaideep Vaidya: Yeah, so again, you know, one of the interesting points is the fact that technology keeps accelerating, right? And new threats come out, if you will, things that you've not thought of before. So, just to take one example, with generative A.I. now even having sort of very few samples, you know, I have free samples of your voice. Somebody could be hearing this podcast, take your voice or my voice from here, and could be generated essentially a perfect replica, if you will. And all of us have seen sort of the memes or ads they put up now given the elections that will soon come about where you've seen these A.I. voices for, say, President Biden and so on. So, generative A.I. has been a huge game changer in this respect. And what happens due to that is that again these simple things that we are used to doing that we don't assume are going to be a threat to privacy can suddenly turn into a huge threat for privacy. Because if people can impersonate you, if people can use that to spoof who you are, you know, essentially take over your digital identity, they can then learn a lot more about you and create all sorts of harms. It doesn't just have to be digital harm; it can even be the potential for physical harm and other things of that sort. So, I would say going forward we really need to be aware of the repercussions of all forms of technology and look at it from the holistic perspective. Take privacy into account and have things just as we say designed for security, we need to design for privacy as well.
Brian Walker: So, we covered a lot here, but so Jaideep, in your opinion, what's the upside in these scenarios?
Jaideep Vaidya: I would add one thing to that, though, I mean, the future is not completely gloomy. We do have active research going on, for example, looking at how we can watermark these things or how we can determine whether something is necessarily coming from A.I. or not. And secondly, you know, we don't have to sort of fight this battle by ourselves. Meaning, yes, we are going to come up with new technologies to protect and defend as well, but also having a holistic solution where you take into account, say, legal recourses and so on. I think together as a whole this may help to protect us comprehensively. So, let's say you have policies in place, now you have technical safeguards in place, you have legal resources that are available to you as well. All of these together, I think, will help to protect us as a whole. And no one thing can do it individually, but together I think there is absolutely a hope.
Brian Walker: We hear a lot about privacy versus security. Can you speak to the intersection of these two things as it relates to enterprises versus the individual?
Jaideep Vaidya: Normally, you know, to some extent things have changed now, but in many cases, especially in sort of bad regimes, let me put it this way, you will always see this dichotomy or this trade-off between privacy and security. And you'll always have-- be made to feel that you have to choose one or the other. This is completely untrue. You know, it's not that you can only have privacy at the expense of security, or vice versa. Really, the huge advances that have been made technologically in privacy enhancing technologies and privacy enabling technologies like fully homomorphic encryption, like secure enclaves, and a bunch of others that I can talk about, goes to show you that you can actually ensure security as well ensure privacy at the same time. So, it's not a zero-sum game. It's not that you'll be trading one off versus the other. The other interesting point is from the perspective of the individual versus the enterprise or versus the organization. Interestingly enough, privacy and security are actually two sides of the same coin to some extent. They are not subsets of each other, nor do they sort of-- they're not mutually exclusive either. They are complimentary to each other so to speak. And you can think of individual privacy where you may care about your personal record, you may care about information that pertains just to you versus looking at information pertaining to all records, so you can think of it from organizational security perspective where now they may be worried about protecting their trade secrets and things of that nature. And the technologies that will be used for both will actually be very similar or in some cases be exactly the same as well. So, what I'm really saying is that when you look at individual privacy versus organizational security, they're kind of like two sides of the same coin, and we can use a lot of the same techniques or overlapping techniques to sort of protect both.
Brian Walker: So, Jaideep, you recently won a government-sponsored privacy enhancing technology competition. Can you tell our listeners about that and the goals and benefits of that competition?
Jaideep Vaidya: Sure, I would be happy to. So, actually back in 2021, President Biden at the Summit for Democracy, at the Inaugural Summit for Democracy, he announced that there would be a series of-- actually a competition-- a transatlantic competition held between the U.S. and U.K., which would be focusing on privacy, as privacy is one of the key democratic values that we care about. And the idea here was that these competitions would sort of put together use cases where you could showcase the-- you will see the need for privacy enhancing tools and it would showcase the use of these technologies to help you in effect. In late 2022, several government agencies on both sides of the pond, including OSTP, the Office of Science and Technology Policy in the U.S., NIST and the National Science Foundation in the U.S. and several others in the U.K. got together to create this privacy enhancing technologies prize challenges, if you will, or PETs challenges as you may have heard of it. And there were basically two tracks to this. One track was focused on financial crime, while the second was focused on pandemic forecasting. And in both cases, the key challenge was that the data that would be used to carry out the task in question-- so in the financial crime case it was to detect financial fraud, it would be split between multiple parties. So, for example, in the financial crime case, you'll have information presented to banks, and had the payment network systems such as SWIFT, as well, and this information would have to be kept private or protected in some manner while still allowing development of a useful model that will be able to predict if whether fraudulent activity was happening. In the pandemic forecasting case, again a very similar setup. Data would be split across different organizations, and the goal would be then to keep it private while predicting if there was a issue in terms of spread of the disease as well. So, we actually received the first prize in the U.S. for the financial crime track. The big thing about this competition was that it really helped to establish the value of privacy enhancing technologies. So, it went to show that we could use these technologies for real problems and actually achieve very good utility as well. So, something that would give you meaningful results while providing a strong guarantee of privacy. So, it was very nice because it basically brought a lot of attention, if you will, to this and went on to show the feasibility of such solutions as well as showcasing what more would be needed. So, we recently had a demonstration day of this in London, as a matter of fact. And again, there were a lot of folks including folks from academia, from the government agencies, from regulators, from industry, to try and figure out what would be the next step forward and how do we actually move this to adoption so that we can protect privacy but still have good societal outcomes.
Brian Walker: I understand there's a new IEEE publication coming out entitled "Transactions on Privacy." And I think you were involved in that effort. Can you explain?
Jaideep Vaidya: Sure, I'd be happy to do that. So, again, IEEE has a new periodical coming out which is titled "The Transactions on Privacy," this IEEE Computer Society Journal, if you will. And it will be a fully open gold access, open access, gold open access journal. And it will be launched from January of 2024. I was indeed the proposer for this journal, the call for the Inaugural Editors in Chief, or Editor in Chief of the journal is currently out. But the main goal of this was to create a focused venue for work on privacy. So, what we've seen actually, what I was aware of was that there's a lot of fragmentation regarding the research on privacy. So, research on privacy can end up in periodicals like the transactions on dependable and secure computing, the transactions on knowledge discovery, knowledge and data engineering, a bunch of others. Since privacy affects a whole very broad set of areas, it is almost as though the work for that would be fragmented and it will go to a lot of different journals. Worse was the fact that there were no specific journals that would look at privacy from a very holistic perspective where you're looking at design, you're looking at specification, where you're looking at deployment considerations and adoption considerations as well. Standards and things of that nature. So, the idea was that by launching the "Transactions on Privacy" we would have one place where the best research on privacy could actually be published. And this would then let people follow that one venue, one top-tier venue to know what are the latest research advances, and then similarly contribute and grow the field as a whole. So, that was the whole idea behind this.
Brian Walker: As a senior member of IEEE, I know you're familiar with the IEEE Digital Privacy Initiative. Can you give us your thoughts on how you see that initiative playing a role in advancing the technology space?
Jaideep Vaidya: So, I think this is really a fantastic effort. We definitely need more efforts like this, because essentially what the initiative has done is something very similar, where it is focusing attention on digital privacy across all of the different IEEE societies and the broader community at large, right? So, the thing is that privacy, again, and I have repeated this several times, but privacy is a very broad area, if you will. There are physical aspects to privacy, there are digital aspects of privacy, there are aspects coming from new technologies and emerging technologies as well. So, essentially privacy is a very broad field. And there are privacy considerations in all sorts of different things. With additional privacy initiative did was to advance the conversation saying, "Hey, you know what? This is important. This needs to be looked at, and we need to get the entire community together to look at this." So, I think it has been fantastic in sort of bringing a community together of people who are interested in privacy and moving the conversation forward. And similar to the "Transactions on Privacy" which will have a complimentary goal of sort of recording or publishing all of the research work on privacy, this helps to sort of move the conversation ahead.
Brian Walker: Jaideep, thank you again for taking time to speak with us today and contribute to the IEEE Digital Privacy Podcast Series. In closing, do you have any final thoughts you'd like to share with our listeners?
Jaideep Vaidya: The one main thought that I have is that we all need to be aware of what is happening with our data. And in some sense, IEEE is a global body which is great, but what you see is that on the national front there are clear differences in terms of some countries which have recognized how important privacy is. Others which are still lagging behind. And yet others, you know, let's take the U.S. as an example, we very much realize the importance of privacy, but we have a very diverse set of laws, for example, to cover this. We don't have a comprehensive sort of national regulation that is taking us ahead. So, I would say, you know, there's a lot of personal responsibility over here as well. We can't just live as we were living in the past. We need to be aware of the threats to privacy and but, you know, I always like to sort of end on an optimistic note as well. New technologies are coming. There is hope out there. It's not as though we just need to say, "Oh, privacy is lost, get over it." Indeed, technology can come to the rescue as well. And all of these privacy-enhancing technologies out there will definitely come to maturity. And I hope to see them being brought into adoption very soon now.
Brian Walker: Thank you for listening to our interview with Jaideep Vaidya. To learn more about the IEEE Digital Privacy Initiative, please visit our web portal at digitalprivacy.ieee.org.