Sharemind is a technology platform that solves a problem where there is a need to turn confidential data into valuable information, under the control of concerned parties, revealing only data that is allowed by concerned parties. Do you have this problem? Not sure? Let's dig deeper. As emphasised inside the problem statement we can extract three basic domains that must be present in order for it to be a problem that can be solved by Sharemind:
- Confidential data
- Valuable information
- Concerned parties
Sharemind enables to learn from secrets without actually knowing what the secret is. So, to get benefits from the technology there must be a secret – there must be some sort of confidential data present that the stakeholders would like to access. It seems rather easy to detect it, right? Well it is, but in many cases to understand exactly what is this data and who considers it to be confidential and why, is not that straight forward. Ask the following questions and see if you are able to answer them:
- What data is it? - explain the nature and the origin of the data.
- Why is the data confidential? - explain what makes the data confidential to whom.
- Who has the data? - explain who is the data owner and why they own this data.
- Where is this data stored? - explain the method and place the data is stored currently (e.g. Oracle database on premises of data owner, in the amazon cloud, in a mobile phone).
- When is this data needed? - explain, in the light of your project, how often this confidential data is required to be updated/uploaded (e.g. constantly up to date, daily, weekly, ..., once).
By answering the questions you will have much clearer understanding of who you are dealing with when it comes to accessing confidential data. You are much better prepared to face the challenges of accessing that data.
Given that there is confidential data, the question now is what value or benefits does it give if the data would be available for the stakeholders? Knowing someone’s secret might be emotionally appealing, but in our case, we have to understand that we do not know the secret itself, but we can get the same benefits as if we would know the secret. Overwhelming, isn’t it? Well that is the main benefit of Sharemind platforms, it allows you to rummage inside confidential data without worries of anybody seeing the confidential data. Still, to justify the rummage lets find out why we would like to do it and lets figure out what is the valuable information that can be extracted from the confidential data. Use the following questions:
- What is this information? - explain how the data informs, to what questions it gives answers.
- Why this information is needed? - explain the value the informed stakeholder gets from the information.
- Who needs this information? - explain who are the stakeholders that directly benefit from the information.
- When this information is needed? - explain how often the stakeholders normally consume the information (e.g. on demand, once, once a year).
- Where this information is presented? - explain what channels you use to deliver the information to stakeholders and in what form it is (e.g. text or graphical report, web page, CSV file sent over e-mail).
By answering the questions you will have much clearer understanding of why you need the confidential data and how the stakeholders benefit from such project. You are much better prepared to justify the need for such analysis.
Sharemind trust model is based on the assumption that there are stakeholders who are highly motivated to make sure that the secrets used in the analysis are not revealed. They act like guards of confidential data and make sure that the valuable information that is extracted does not contain any secrets. In many cases to identify guards that are skilled and motivated enough to make sure that the analysis is conducted in a manner that protects the confidentiality is rather challenging. They must be juridical or physical person who will take the responsibility, makes sure that data is protected and suffers consequences in case of leakage. Preferably there should be more than one concerned party (in case of Sharemind MPC at least three). Use the following questions to learn if you have motivated concerned parties:
- Who is the concerned party? - explain who is worried and suffers consequences if confidential data used in the project will leak to unwanted parties.
- What are the consequences for the party if data leaks? - explain the damages to the stakeholders if data leakage realizes.
- Why are they motivated to participate? - explain why even though they might suffer, they still want to be in this project.
If you are able to identify motivated stakeholders who are willing to participate in the project and protect the data your chances of solving the problem you have with Sharemind rise significantly.
The guidelines obviously do not give any guarantees that this is a feasible Sharemind case, but if you were able to clearly identify the three domains it gives much more confidence that the problem might be solvable with Sharemind technology. In case a domain is unclear it indicates to a need for further discussions and explanations of the technologies' capabilities and principals before we move any further. If any of the domains remain unclear it reduces the chances to conduct such analysis. For example:
- Confidential data unclear - you do not need calculations on encrypted data at all if no data is confidential? It is possible to do it with traditional methods.
- Valuable information unclear - it is not possible to create universal and secure system at the same time (at least today, but we are working on it ;)). The valuable information must be defined to evaluate whether it leaks and what it is used for.
- Concerned parties - if we cannot identify anyone who is willing to take responsibility and make sure nothing leaks there is no way we can do the project.
It is not a Sharemind problem if it does not include Confidential Data for input Valuable Information for output and Concerned Parties to host the system.