Author // Beatriz Valero de Urquia
CRACKING ENCRYPTION'S HOLY GRAIL
Homomorphic encryption has long been considered the ‘holy grail’ of data encryption. Digital Bulletin speaks to Dr. Ellison Anne Williams, former NSA researcher and founder and CEO of Enveil, about how the technology is enabling secure data monetisation and meeting the challenges of anti-money laundering and financial crime
The United Nations recently estimated the amount of money laundered globally at $2 trillion, 5% of the global GDP. As a result, one of the predictions of the 2020 PEI CFO & COO Forum held this past January was an increase in anti-money laundering and Know your Customer regulations, as well as the enabling of increased data sharing and collaboration to fight financial crime. Homomorphic encryption (HE) is one of the technologies that is making data sharing a reality, and many have called it the ‘holy grail’ of data encryption, as they believe that it will be able to meet the challenges of AML, as well as many others, such as cloud services and data monetisation. “We have never seen the global demand for privacy the same way that we have today,” says Dr. Ellison Anne Williams, former National Security Agency (NSA) senior researcher, and CEO of Enveil, a data security company specialising in homomorphic encryption protecting data in use. Although the push for privacy-enhancing technologies that facilitates secure data monetisation has been present for years, COVID-19 has made this need an urgent one. The International Monetary Fund has projected global growth in 2020 will fall 6.3 percentage points from January 2020. Therefore, as companies look for new sources of revenue, many will and seek to leverage the value of their data assets.
Enveil, the company founded by Williams four years ago, uses homomorphic encryption to allow companies to do this while respecting privacy regulations. It has raised $15 million in funding and is currently collaborating with strategic backers such as Thomson Reuters, Refinitiv, Bloomberg andIn-Q-Tel. Moreover, they have been recently named a World Economic Forum Technology Pioneer. “We were the only company chosen working around privacy-enhancing technology. That’s a huge honor,” says Williams, speaking exclusively to Digital Bulletin. HE, the solution that Enveil presents, is not a new one. It has been around for 30 years, and has been deemed as the ‘holy grail’ of data encryption. However, despite its “paradigm-changing” potential, HE was, for decades, too computationally-intensive to be useful. It was only after the NSA made significant breakthroughs that the use of HE could become a reality. Williams, who was involved in these discoveries, recalls:“We were faced with very specific mission-problems, centred around how we could work in trusted compute and data environments and locations that we don’t own, control or trust at all, but we’re given lawful access to. “As an example, we looked at how we could run a search for ‘firstname.lastname@example.org’ and go and run it out in these data environments that we don’t trust, in such a way that nobody knows that we’re looking for ‘email@example.com’ or any kind of results associated with that. That is a perfect use case for homomorphic encryption, but it’s not practical.
Dr. Ellison Anne Williams
“I turned it upside down and took a hard look at how we could advance the science and the leveraging of this powerful capability of homomorphic encryption to allow it to be practical. We looked at how to encrypt that search, send it outside of our walls, have it processed in an encrypted state, and produce those encrypted results that we could decrypt without exposing what we were doing. “So we had those breakthroughs and realised it could change the paradigm of how and where organisations can securely and privately leverage data assets.” Thus, Williams created Enveil to leverage and develop the technology. Enveil’s technology, she says, has “progressed light-years” in the last four years. “You have to keep in mind, homomorphic encryption only gets you two things: the ability to add or multiply two encrypted values. We take the basic powerful primitives of homomorphic encryption and build them into what you and I would call ‘an encrypted search’ to solve a business problem.” Enveil’s technology has been tested and recognised in prestigious forums, and was the youngest company ever to be in the RSA Innovations Sandbox in 2017. Williams recalls how the technology was perceived as something of a concept by some industry peers at the time, so used the event to state her case that it could be leveraged in the here and now. “I stood up on that stage and said ‘No. It’s here and it’s now. We have breakthroughs, and it’s going to change everything. And, in particular, it’s going to change cloud.’ We ended up being one of the winners, and you can track our progress from there.”.” One of the greatest challenges of creating a product is also creating the commercial space for it, although Dr Williams says she also saw the chance to create a new market as a “great privilege” In this journey, she stresses two main use cases of HE that businesses gravitate towards: secure data monetisation and AML. On the one hand, “using homomorphic encryption, organisations can monetise data assets such that the privacy of the underlying data itself and the users of the platform are maintained at all points. That’s huge,” Dr. William remarks. On the other hand, HE has been showing huge success in AML. “It’s a problem that sits at the nexus of the commercial enterprise with the banks and with the regulators. But, given our background, we’re uniquely qualified to position in that space.”
Moreover, AML can also have a significant social impact: “If you say: ‘who is laundering money?’, then you get to things like human trafficking, the drug trade and terrorism.” HE’s success in this area is attested by Enveil’s first prize award at the FCA’s Privacy Enhancing Technology TechSprint last summer, where it where it led a team with EY, Refinitiv and BAE, while also working alongside financial heavy-hitters such asHSBC, Barclays and ING. “We solutioned for a KYC/CDD (Know Your Customer/Customer Due Diligence) use case, and were able to demonstrate that we are very uniquely positioned for that with our capabilities, and we won. That was enormous. It really gives the blessing of, not only the banks, but the regulators,” Williams says. Enveil has also partnered with different financial organisations for AML use cases, recently working with the Future of Financial Information Sharing (FFIS) on a project focused on an specific EU-headquartered bank. “We were looking at customer-profile matching across jurisdictions. Because, even in the same bank, different jurisdictions are storing their data very differently, and so, you can’t just, in an automated way, reach across and say ‘Hey Turkey, Christina just walked up to me in the UK. Do you know anything about her?’. And, even if you could, the data is so dirty and non-standardised that it’s ineffective,” Williams comments. “We have the capabilities to encrypt that enquiry about Christina and, because our software is deployed in Turkey, that search is never decrypted. That’s important because we’re respecting both countries’ access control provisions. The encrypted result is sent back to the UK, and they can decrypt it and say: ‘Oh, yes.Turkey exited Christina as a customer’, and perhaps make a very different determination in an onboarding process." Moreover, Enveil’s software can also make “fuzzy searches”, which take into account the possible name variants while still getting meaningful results. These abilities were tested in the partnership with FFIS and the bank, with customer-profile matching and hundreds of millions of “fuzzy searches” successfully completed in a matter of seconds. In addition, HE’s can also support the use of private cloud. “There’s situations where you have the same organisation that’s moving to the cloud, but they have to do so respecting localisation requirements” says Williams. “So, they’re deploying our software in different cloud-based jurisdictions around the world to share and collaborate with each other.” A proof of the success of homomorphic encryption is Enveil’s rapid growth, having recently set up a UK subsidiary and secured significant investment. “We looked at where we wanted to invest as a company, and that UK/EU market was a big one for us, so we got connected with C5. We were actually the first series A investment they’ve ever done.”
"We looked at where we wanted to invest as a company, and that UK/EU market was a big one for us"
Along with C5, Enveil also obtained funding from Capital One and Mastercard, raising $10 million in series A investment. Enveil has followed this injection of capital with a new product line, ZeroReveal, which allows companies to securely and privately query or analyse data across organisational boundaries, privacy jurisdictions, and third parties; and which has already led to 13 patent applications. “Everything we’re doing with our ZeroReveal product line is pushing the boundaries of science in terms of what is possible with secure and private advance decisioning via machine learning. Williams’ vision is to “enable banks to perform encrypted typology runs and checks via encrypting these machine learning models that are representing the typologies and having them across jurisdictions”. There are also ambitions to expand not only across geographical boundaries but also across sectors. The next sector that she believes could greatly benefit from this new technology is healthcare. “I think the same thing that we’re seeing with secure data-monetisation is true of healthcare now. The need for a global health picture has never been more acute than it is today. Offering the ability to look across global health jurisdictions and gain a better idea of what’s happening from a diagnosis perspective, from a vaccine-development perspective. I think it has a ton of potential,” she explains, and mentions that Enveil has begun “meaningful conversations” with healthcare providers. Homomorphic encryption perhaps does have the potential to “change everything” by allowing business, from financial institutions to healthcare and many more, to bridge the gap between data privacy regulations and data monetisation, as well as meeting the challenges of AML, financial crime and globalisation. Williams certainly believes so.