Tax data analysis with secure computing

Dan Bogdanov, PhD

Head of the Department of Privacy Technologies

Tax

revenue

Tax records for

people and

companies

Re-using tax records for data-driven policymaking

4

Analyze withoutever seeing the data

Privacycontrols for thirdparties

Confidential data

…

New knowledge

Quick intro: Sharemind secure computing system

Sharemind goes beyond data

protection requirements.

Data owners encrypt data on-site

and upload to Sharemind.

Data analysts build and run queries

without accessing the data.

Sharemind processes the queries

without removing the protection.

Authorized users receive query

results in an encrypted format.

Project completed in 2015 using Sharemind

Collaboration of Cybernetica, Estonian Centre for Applied Research,

Estonian Tax and Customs Board, Ministry of Education, Estonian

Information System Authority

Data Protection Authority statement suggested no personal data was

processed (as long as results do not identify an individual)

Case study published at the Privacy Enhancing Technology Symposium

Runner up for the 2017 Caspar Bowden award for Outstanding Research

in Privacy-Enhancing Technologies

Mentioned in the report “The Promise of Evidence-Based Policymaking”

from the United States Commission on Evidence-Based Policymaking

Data about

taxes paid

Data about

taxes paid

Missing data

on taxes

not paid

Matching business transactions to find undeclared ones

Confidentiality of honest

taxpayers is guaranteed from

both internal leaks and

external attacks.

There is no single party who

can decrypt data and, thus,

break privacy. Control is

distributed among parties.

10

Tax and

Customs

BoardCompanies

VAT declaration

(encrypted)

Risk analysis

queries

Risk

scores

Sharemind-based risk analysis system

matches encrypted declarations without decrypting them and finds companies witha risk of VAT fraud

Prototype completed in 2015 using Sharemind

Collaboration of Cybernetica, Estonian Tax and Customs Board,

European Commission Framework Programme 7 project PRACTICE

(Privacy-Preserving Computation in the Cloud, FP7-ICT-2013-10)

Cybernetica built the pilot in parallel with building the actual transaction

collection and aggregation system

Case study published at the Financial Cryptography and Data Security

conference

Sharemind was called “fairytale technology” by the Director General of

the Tax and Customs Board

This project had several interesting follow-ups, we’ll talk about one now

TaxesEducation

Local

governments

Private sector

companies

Welfare

28.05.201614

28.05.201615

28.05.201616

28.05.201617

28.05.201618

28.05.201619

Pilot built in 2016 using Sharemind

Custom Sharemind application built for an undisclosed European

customer (project not concluded yet)

Raised several issues on privacy vs usability – analysts are used to

having total control over the data

References

Tax and education data linkage project

Overview with video: https://sharemind.cyber.ee/big-data-analytics-

protection/

Research paper: http://dx.doi.org/10.1515/popets-2016-0019

VAT fraud detection project

Overview: https://sharemind.cyber.ee/tax-vat-fraud/

Research paper: http://fc15.ifca.ai/preproceedings/paper_47.pdf

Cost analysis for a cloud deployment: https://cyber.ee/uploads/2013/05/T-4-

24-Privacy-preserving-tax-fraud-detection-in-the-cloud-with-realistic-data-

volumes-1.pdf

More information

Sharemind web page: https://sharemind.cyber.ee/

Follow us on Twitter: @sharemind

As of September 2017, Sharemind’s development is now supported by

the Horizon 2020 Small and Medium Enterprise Instrument

Stock photos in this presentation from Dreamstime under license

Figures from Dan Bogdanov, drawings by Alisa Pankova

This project has received funding from the European

Union’s Horizon 2020 research and innovation

programme under grant agreement No 778615