Comment by Eisenstein
1 year ago
Do companies ignore regulations? Sure, some do. But saying 'they will just pay the fines' ignores the fact that we could make the fines existential, or punish board members by kicking them out of the industry. The answer to 'the regulation we haven't even tried won't work if we do it improperly' is 'let's do it, and do it properly'. I have no idea what homomorphic encryption is, but rarely do 'let's add more tech to magic bullet a human problem of incentives' solutions work.
Homomophic encryption simply means that the data is encrypted in a way that the person working with it cannot use it arbitrarily.
Here is an example, I would for instance use Google Maps for Navigation but Google or any other third party would have no idea where I am going.
I used it in the first company I worked for and it works beautifully.
A) and B) work but they are not as effective as homomophic encryption.
Barring regulation, why would car manufacturers currently profiting off the sale of this data spend extra money voluntarily implementing something that cuts off their revenue stream?
Or why would one car manufacturer cut off a revenue stream that their competition has.
The keyword here is "use".
Homomorphic Encryption reduces the breadth of computations that can be ran on the gathered data, by making it inaccessible outside of the specific homomorphic scheme that was chosen. So yes, in that sense it cannot be used arbitrarily.
However, the results, i.e. knowledge derived, from the chosen computations can still be shared arbitrarily, which IMO is a much greater issue, as the need of the result sharing will inform the computations that can be done within the scheme.
Who defines the computations? Surely not the users, and lacking regulations, also surely not regulatory bodies.
> use Google Maps for Navigation but Google or any other third party would have no idea where I am going
You don’t need homomorphic encryption for this, just local route processing. In the case of car data, the auto companies aren’t doing any useful processing of the data for the user. Homomorphic encryption is irrelevant.
I think a problem in this area is that if one avenue of data collection is denied, another one will be implemented and it becomes a game of whack-a-mole.
For example the USG is forbidden from collecting communications from US citizens, but that does not keep it from buying this information from private domestic sources or from other governments.
We did not freeze the ability to pass legislation or have courts decide on the constitutionality of governmental processes. Have you given up on democracy?
Why is everyone so quick to say 'well, they are getting away with it, might as well let them' instead of trying to use our processes for the purposes which they were designed?
Because they tend to build-in exceptions and only the likes of R Paul and 1990s Sanders would object. At the state level you saw Newsom and co. argue for increased minimum wage --except for restaurants serving bread -ala Panera. They are not, by and large, honest.
Strangely enough, I know the answer to that, if memory is serving.
Homomorphic encryption is where you can compute on the encrypted data without ever decrypting it.
Logically, it sounds like a pipe dream to me, but apparently it's a thing.
Why is it a pipe dream I know companies that use it. And it serves their purposes well.
I said it sounds like one, not that it is one. I don't know enough about the implementation of it to comment intelligently, but logically it seems to me that if you can compute on it, then it's likely to leak the data, or at least some metadata about the data.
The truth of the matter may be something other. Life is not always logical.
> know companies that use it
We can only do a limited set of operations homomorphically. Moreover, it’s more power intensive than conventional computation. In most cases, local computation is the more effective (and secure) solution.