Thomas Attema (TNO en CWI) will present a lecture on privacy friendly and data-driven HIV treatments during the dcypher Symposium 2019. His lecture is part of the Secure Multi-Party Computation and Data Sharing session.
Attema says: “The extreme variability in viral genotypes of HIV and the large number of antiretroviral drugs make the prescription of optimal treatments a complex task. To aid physicians in this task clinical decision support systems (CDSS) are used. However, mainly due to privacy and confidentiality constraints, the amount of data available to these systems is limited. Based on Secure Multi-Party Computation (MPC) TNO, CWI and UvA have developed a solution for CDSS that utilizes patient’s health records while preserving the privacy of these patients”.
Identifying the best HIV treatments with MPC
18 December 2018
Learning from the successes and failures of doctors and pharmaceutical companies is a good way to improve the individual treatment of HIV patients, but privacy considerations mean that individual patient data cannot simply be shared. But it looks like TNO, working with research groups at the University of Amsterdam (UvA) and the national research institute for mathematics and computer science, Centrum Wiskunde & Informatica (CWI), may have solved the problem: Secure Multi-Party Computation (MPC) guarantees privacy.
Two years ago, chatting around the coffee machine at Nanyang Technical University in Singapore, two Dutch professors started working up an idea. “Ronald Cramer (CWI and Leiden University) told me there about his cryptological research into Secure Multi-Party Computation, and its possible practical applications,” explains Peter Sloot, Professor of Complex Adaptive Systems at UvA. “I saw its usefulness right away. I’ve been doing HIV research for fifteen years, and I’m increasingly coming up against problems involving the use of privacy-sensitive patient data. MPC technology could be a solution.”
Sloot researches complex systems such as illnesses, and the use of computer simulations to make these systems more understandable. “MPC lets you determine the ideal treatment for an individual HIV patient,” Sloot adds. “That means fewer side effects and a better quality of life. And in the future it might also mean cheaper medicines.” Sloot believes that MPC could also be used to decide the best treatment for type-2 diabetes patients.
“Secure Multi-Party Computation is a kind of ‘trusted party’ for other parties, that takes the form of an algorithm,” explains mathematician Ronald Cramer. He is head of the Cryptology Group at CWI in Amsterdam and Professor of Cryptology at the Mathematics Institute of the University of Leiden. “In a conflict of interest, or where there is mutual mistrust, or when privacy considerations or legislation plays a role, parties can ‘employ’ MPC to jointly compute a function on the participating parties’ data files while keeping the data files private.”
Confidentiality is key: inputs are transformed into one large encrypted database on which calculations can be performed in order to reveal the required information. The resulting conclusions can be valuable to all participating parties. In MPC there is no sharing or exchange of the underlying data: only the results of the desired computations are exchanged, and nothing else.
TNO was a logical partner in the HIV/MPC project because of its knowledge of MPC application areas. The mathematician Thomas Attema is involved in the project through TNO’s Cyber Security and Robustness department, and he plans to complete a PhD on this subject. “Using a database of 20,000 HIV patients we succeeded in calculating the effectiveness of a hundred different treatments for a specific patient, within 24 minutes. And we’ve since brought that computing time down even further.” There are, in fact, about 20,000 registered HIV patients in the Netherlands.
Besides the HIV/MPC project, TNO is working with a number of banks to research fraud detection. Attema: “To do so, we need to look at the transaction details of all the banks. Individual banks, after all, see only their own transactions, and not the overall picture. Criminals, however, use different accounts at different banks, shifting money from one to another. We succeeded in securely linking bank networks and running fraud detection algorithms on the data.”
In Cramer’s opinion, MPC could also play an important role in benchmarking competitors in a given commercial field. “Finding out how well your company is doing compared to others, without sharing commercially sensitive information.”
GDPR: European privacy law
On 25 May 2018 a European privacy law came into force: the European General Data Protection Regulation (GDPR). Cramer sees this law as a huge opportunity and a stimulus for cryptographic techniques like MPC. Attema agrees, but adds “I don’t know whether MPC technology itself meets the legal requirements of European privacy law in full. That’s a good bone for TNO’s legal people to chew on.”
Could MPC bridge, or even close the gap between privacy on the one hand, and data science on the other? Attema: “It can certainly make that gap a lot smaller!” Cramer adds: “Yes, because MPC is a whole spectrum of methods and techniques, each with its own pros and cons.” Sloot: “I certainly believe that this HIV/MPC research is a game changer, one that lets us show everybody what the possibilities are.” Attema grins: “And the same applies to the bank fraud detection project, of course!”
Source: news item on the TNO website