So, what exactly is “NoPeek” Privacy?

   

The information revolution we are living in today has been accelerated significantly by the ability to share data between parties instantaneously. This has created enormous benefits for society in the forms of faster communication, easier information sharing, greater convenience, and a social connectedness to the global community that otherwise would not have been possible. However, no matter the benefits it has brought, users should always have the ability to enforce how and why their data is used. 

These days, headlines such as, “Data breach at Equifax,” and “Marriott Hotels hacked exposing 500 million guests,” are all too common. It is understandable that these experiences have made consumers wary of privacy claims and unsure when it comes to using certain applications to navigate their health. The way that data is handled and stored today is a broken experience for the consumer and it needs to change, period. Through research and a mechanism we call “NoPeek” Privacy, the PathCheck Foundation is working to ensure that data-sharing power lies with the consumer, not digital companies. 

"NoPeek" Privacy is a set of open source algorithms that go by many other names, including split learning, homomorphic encryption, selective disclosure of verifiable credentials, and more. These all enable privacy for the entire life cycle of data. From the point of aggregating and building a new algorithm, to preprocessing, to utilizing data within the model, to then encrypting and licensing the model, the PathCheck Foundation, in partnership with MIT, has created a mechanism that keeps data private. This is possible through the usage of state-of-the-art privacy technologies in a way that does not allow a third party, whether malicious or genuine, to be able to abuse the data even if they wanted to.

The PathCheck Foundation worked with many states and territories throughout the pandemic to support contact tracing without sharing personal information. Instead of consumers sending information to a “trusted party,” the goal was to give individuals the power to keep their private information with them while sharing information that would inform and protect others. 

For example, let’s say you were diagnosed with COVID-19 and wanted to share with your community the locations you visited over the past several days in order to prevent others from visiting those same places. You could use a PathCheck app (Such as Aloha Safe) to distribute a version of that information that has been tweaked to hide precise absolute positions in a way that receivers can identify locations of concern without exposing the exact places you visited. However, the important piece to this is that your locations are the only pieces of information that are shared. The app does not expose personal information other than the fact that someone with COVID-19 visited the library and the shopping mall. It does not share that you, the individual, were at those locations. It only shares that a person who was later diagnosed with COVID-19 was at those locations. Then that information is published to the public record so that your community’s cell phones (those who use the app) can reach out and pull that information down to make a comparison for themselves to see if they have a reason to be concerned. 

This is a contrast to other applications on the market that are generating more of what is referred to as a “surveillance state.” In these cases, apps may pull everyone’s information and store it in a centralized location to make the comparison and comparison calculation. Which can lead down a slippery slope of “Well, since we have all that information in one spot, what else can we possibly do with it?” NoPeek Privacy eliminates the ability for consumer data to be stored in one spot (because the personal data actually lives on an individual’s cell phone) as well as the temptation to use or sell data for other purposes. 

The PathCheck Foundation wants to show the world that we can share data in a secure, reliable, and ethical way. NoPeek is the way to do that.