It’s Time to Open Up he Clean Room

When it comes to your customers' most sensitive data, you want to keep that information as close to the vest as you can. That’s why you guard your data with the strongest firewalls possible – and keep it stored behind them unless absolutely necessary.

Of course, activating data often requires sharing information. Whether you’re passing targeting IDs along to a DSP or consented opt-in information to a publisher to compare audiences, at some stage the data you’ve protected will need to leave the roost. To minimize the exposure of that information, marketers, publishers, and others have turned to clean rooms as a neutral third party to allow them to convey information while still maintaining control of the data.

But traditional clean rooms are never fully risk-free. Even with the enhanced security offered by clean rooms, , there are inherent exposure risks to taking data out of environments that infosec teams spend months to years to build, for the express purpose of letting other companies know what kinds of information that data may hold. 

To minimize that risk, data clean rooms provide in-platform data obfuscation—often in the form of basic privacy enhancing techniques (PETs) often coupled with salting and hashing the data. But these measures may still leave sensitive data unprotected. For the collaboration to work, much information still needs to be passed between the parties through the centralized clean room platform – shielded further by processes that are opaque by design. And while opacity makes sense when it comes to clean rooms – to protect both the data itself and the platform provider’s IP – it also creates huge hurdles for infosec teams to review. At best, the result is weeks’ to months’ delay in getting up and running. At worst, full data confidentiality cannot be guaranteed. 

So where we’ve been in the world of data clean rooms is a closed system that requires heavy emphasis on  trust and carries unwanted risk. Ideally we’d want to transform that closed system to an open one. An open system would include two elements. First, the encryption coding itself would be open-source and fully inspectable by any infosec team looking to work with it – taking the trust element out of the picture. 

Second, there wouldn’t be a platform at all in between the collaborating parties. Instead, each party looking to exchange data would use a private instance of the software allowing them to encrypt on-premise and run the open-source encryption on their own. This eliminates the risks involved of transferring data in any form to a platform. Instead of requiring customers to use a centralized clean room platform, you give them open and decentralized data collaboration software. 

There’s a good reason data collaboration software has not existed historically. A truly secure data collaboration software needs to leverage secure computation. However, secure computation is incredibly complex, and implementing a use case correctly has been next to impossible without a team of PhD data scientists and cryptographers. It’s also been slow and very expensive to run computations on always encrypted data. But with the recent advances in cryptography and data science – most notably in the realm of secure multi-party computation (SMPC) – an open and commercially viable model is now fully achievable. 

We know that the data collaboration software model is feasible because we’ve built it: the Pyte data collaboration software is based on and advances the SMPC principles I’ve outlined above. Importantly, it’s earned the trust of our clients using it currently in many of the most sensitive fields and use cases within and beyond the marketing ecosystem. 

For us and the clients we work with, data collaboration software is a thrilling development that means greater transparency and the elimination of critical potential points of security failure. And we invite the  data clean room companies to join the open and decentralized movement. If you’re a clean room provider looking for a place to start, you can view our own code – which we’ve made open-source – at https://github.com/ciphermodelabs/ciphercore.