We aim to work with industry to develop privacy-preserving tools and research at MIT that will help shape the future of data governance.
The confluence of powerful data analytics, artificial intelligence, and global information platforms together with changing social attitudes about personal data are transforming both the policy and technology landscape. To address these global privacy challenges, the MIT Internet Policy Research Initiative (IPRI) and the Computer Science and Artificial Intelligence Laboratory (CSAIL) are launching the MIT Future of Data - a lab initiative with the goal of bringing state-of-the-art MIT computer science research together with world-leading public policy expertise and engagement. The initiative is an opportunity for industry partners to work with MIT researchers on new policy-informed, technical approaches to today’s privacy challenges; to understand the implications of new laws such as the GDPR; and to lead a global dialogue with policymakers, civil society, and industry leaders as we shape the future of privacy and data governance. We are inviting a small group of organizations to help us build this research initiative.
The MIT Future of Data initiative will lead technical research on privacy-enhancing data systems and analytic techniques, create a policy dialogue with extensive public engagement, and develop new educational opportunities related to data governance technology and public policy.
For more information, visit: https://futureofdata.mit.edu/
- Database Systems: Develop new data management architectures to provide enterprises with purpose management, provable delete and automated audit accountability tools for managing personal data according to legal rules and institutional commitments: GDPR, along with other current and proposed privacy laws, pose data governance challenges that cannot be met with existing database architectures. By combining the best database systems expertise with policy awareness, we will develop models for new systems that can help govern data at scale and enable engagement with policymakers about the most effective approaches.
- Applied Cryptography: Deepen the application of privacy-preserving cryptographic techniques to real-world policy challenges associated with handling personal data: By combining scientific insights into cryptography, we can build usable systems and associated policy frameworks for working with de-identified data. The world’s leading privacy laws look to private computation and other cryptographically-powered data handling techniques to enable uses of personal data while limiting privacy risk. We will bring together the cryptographers and public policy experts to expand the technical options available and contribute to the public policy dialogue on this question.
- AI and Machine Learning: Develop privacy preserving, trustworthy machine learning (ML)systems meeting global legal requirements and providing explanation and bias assessment: The sustainable and trustworthy growth of ML systems depends on both technical advances in how personal data is obtained and handled in the ML pipeline, as well as public policy dialogue to agree on norms that meet society’s expectations for both privacy and advancing human knowledge.
- Data Portability and New Information Architectures: Design new protocols for managing personal data flow across APIs to enable support for data portability requirements while maintaining usage limits and accountability: Data portability has clear benefits for competition and significant impact on privacy, perhaps positive. We will explore new technical approaches to greater individual control over data with an eye to the underlying privacy risks and benefits.
- Human-Computer Interaction: Apply rigorous HCI research methodologies to understand the impact of various privacy policy environments on user behavior and learn when the user experience is producing chilling effects. This research will inform both services design and policymaking.
The MIT Future of Data Initiative is leading a multi-disciplinary research agenda to design and stimulate the deployment of accountable systems to provide trusted, traceable uses of personal data on an ecosystem-wide scale. Some of the research areas we are exploring in 2023 include:
- Database architectures for accountability, traceability, and personal data governance: With the growing market need for privacy-preserving tools, businesses will require frameworks to implement accountability, traceability, and ways to empower users to take control of their own data. Some proposed ideas for these architectures include privacy-preserving search engines and adapting legacy systems to incorporate new privacy-preservation demands.
- Multi-enterprise audit and traceability protocols: It is not enough for one company to implement such architectures; we must also consider how such tools can be scaled to track data in an ecosystem of privacy-preserving businesses. This could mean creating standardized consent management, public ledger techniques, privacy validating technology, and audit protocols.
- Privacy-preserving data analytics: Methods such as federated learning and homomorphic encryption already exist to preserve data privacy while training models. However, there remain challenges implementing those solutions at scale, along with considerations such as re-identification risks and efficiency. Some proposed analytics solutions include using synthetic data, differential privacy, or tensor operations.
- Accountability & Data Traceability Designs: To create trustworthy systems going forward, businesses will need to implement accountable systems with data traceability and protocols for data governance. Therefore, it’s important to both create such frameworks and investigate their real-world feasibility, using surveys and user information to see what solutions are viable. Some ideas on this topic include standardized consent and reporting protocols, open data access systems where no data ever leaves the local server, systems for tracking personally identifiable information, automatic data privacy preservation, and more.
Policymakers from around the world seek out MIT expertise on issues such as encryption, privacy, and AI Policy and are an important source of inspiration for researchers. The initiative will provide a strategically managed forum for dialogue amongst MIT researchers, policymakers, industry consortium members, and civil society partners.
For example, MIT’s 2019 AI Policy Congress, a large-scale, international conference that brought together distinguished faculty, leading members of industry, and a high-level expert group of international AI policy experts from the OECD’s 36 member countries. The conference included a workshop designed to demystify machine learning and sparked a discussion on the challenges to developing effective public policy in the area. This conference and IPRI’s engagement with the OECD was a key factor in the eventual shape of OECD’s Recommendation AI Policy Principles.
The initiative will contribute to expanding knowledge on privacy topics, and will create workshops and seminars that delivered online and in-person that are designed for privacy professionals in industry, civil society, and government. At MIT, we are assembling a group of leading privacy, data, and AI researchers to work on these challenging issues using a cross disciplinary approach.