tax data analysis with secure computing - maksu- ja …...confidential data … new knowledge quick...
TRANSCRIPT
Tax data analysis with secure computing
Dan Bogdanov, PhD
Head of the Department of Privacy Technologies
Analyze withoutever seeing the data
Privacycontrols for thirdparties
Confidential data
…
New knowledge
Quick intro: Sharemind secure computing system
Sharemind goes beyond data
protection requirements.
Data owners encrypt data on-site
and upload to Sharemind.
Data analysts build and run queries
without accessing the data.
Sharemind processes the queries
without removing the protection.
Authorized users receive query
results in an encrypted format.
Project completed in 2015 using Sharemind
Collaboration of Cybernetica, Estonian Centre for Applied Research,
Estonian Tax and Customs Board, Ministry of Education, Estonian
Information System Authority
Data Protection Authority statement suggested no personal data was
processed (as long as results do not identify an individual)
Case study published at the Privacy Enhancing Technology Symposium
Runner up for the 2017 Caspar Bowden award for Outstanding Research
in Privacy-Enhancing Technologies
Mentioned in the report “The Promise of Evidence-Based Policymaking”
from the United States Commission on Evidence-Based Policymaking
Matching business transactions to find undeclared ones
Confidentiality of honest
taxpayers is guaranteed from
both internal leaks and
external attacks.
There is no single party who
can decrypt data and, thus,
break privacy. Control is
distributed among parties.
10
Tax and
Customs
BoardCompanies
VAT declaration
(encrypted)
Risk analysis
queries
Risk
scores
Sharemind-based risk analysis system
matches encrypted declarations without decrypting them and finds companies witha risk of VAT fraud
Prototype completed in 2015 using Sharemind
Collaboration of Cybernetica, Estonian Tax and Customs Board,
European Commission Framework Programme 7 project PRACTICE
(Privacy-Preserving Computation in the Cloud, FP7-ICT-2013-10)
Cybernetica built the pilot in parallel with building the actual transaction
collection and aggregation system
Case study published at the Financial Cryptography and Data Security
conference
Sharemind was called “fairytale technology” by the Director General of
the Tax and Customs Board
This project had several interesting follow-ups, we’ll talk about one now
Pilot built in 2016 using Sharemind
Custom Sharemind application built for an undisclosed European
customer (project not concluded yet)
Raised several issues on privacy vs usability – analysts are used to
having total control over the data
References
Tax and education data linkage project
Overview with video: https://sharemind.cyber.ee/big-data-analytics-
protection/
Research paper: http://dx.doi.org/10.1515/popets-2016-0019
VAT fraud detection project
Overview: https://sharemind.cyber.ee/tax-vat-fraud/
Research paper: http://fc15.ifca.ai/preproceedings/paper_47.pdf
Cost analysis for a cloud deployment: https://cyber.ee/uploads/2013/05/T-4-
24-Privacy-preserving-tax-fraud-detection-in-the-cloud-with-realistic-data-
volumes-1.pdf
More information
Sharemind web page: https://sharemind.cyber.ee/
Follow us on Twitter: @sharemind
As of September 2017, Sharemind’s development is now supported by
the Horizon 2020 Small and Medium Enterprise Instrument
Stock photos in this presentation from Dreamstime under license
Figures from Dan Bogdanov, drawings by Alisa Pankova
This project has received funding from the European
Union’s Horizon 2020 research and innovation
programme under grant agreement No 778615