ChatGPT - Solving AI’s Privacy Issue

Uploaded on 2023-12-11 in TECHNOLOGY-Key Areas-Artificial Intelligence, FREE TO VIEW

There is no doubt that AI, and in particular Large Language Models (LLMs) such as ChatGPT will have a tremendous impact on society, perhaps even more than the Internet did before. From education to healthcare, movies to music, art to finance, not a single industry isn’t being disrupted by AI.

While foundational models that are trained on generic, publicly accessible data are powerful, they really become useful when contextualised for a given task or user, either through fine-tuning on private data, or pre-prompting with contextual information before sending in a query.

In both cases however there is a major privacy issue: all this private data goes to the company operating the service!

This is why several countries and companies, such as Italy and Samsung, are now limiting the use of ChatGPT and alike. Without strong privacy guarantees, the risk of data breach and manipulation is simply too high. 
Can cryptography solve the privacy problem?

Fortunately, there is a way to both use AI and keep our data private: Fully Homomorphic Encryption (FHE) is a new encryption technique that enables computing on encrypted data, without actually decrypting it. And it may be a way to bridge the gap between the effective use of AI and keeping our data private.

When applied to AI, it works in the following way:

  1.  The user encrypts their data and query using a secret key that they only know
  2.  The encrypted data is then sent to the server running the AI model, which then processes it encrypted, producing a result which itself is encrypted. At no point does the server see the data, everything is done blindly!
  3.  The user then decrypts the response from the AI, revealing its content. 

What this means is that for users, nothing changes: they send queries and get an answer, but since the data is encrypted both in transit and during processing, nobody can see it: neither the company offering the service, nor governments or hackers. It’s end-to-end encryption for AI!

Of course, privacy is just a drop in a broader ocean of LLM-associated challenges that also involve discussions around copyright and unconscious bias, and FHE will therefore not offer a silver bullet to all the practical issues currently being discussed. However, it has the potential to evolve into a key piece of the current puzzle.

Why Aren’t We Using This Already?

The reason why FHE isn’t being used in widespread applications today, is because up until recently, it was too slow, too complicated and too limited to be useful. It took a PhD in cryptography to do a simple encrypted multiplication, and that would take minutes to complete. But thanks to recent development breakthroughs from a number of  companies and academic institutions, as well as hardware acceleration efforts from companies such as Intel and Cornami, homomorphic encryption is quickly becoming a reality. 

On the usability side, developers no longer need to know cryptography to use FHE. They can simply use homomorphic compilers to write Python code and have it automatically converted to an encrypted equivalent. On the feature side, we are also no longer limited to a handful of encrypted additions and multiplications. Anything is now doable in FHE, from deep neural networks to blockchain smart contracts to genomics. The only thing missing is performance.

Using traditional CPUs and GPUs to run ChatGPT encrypted end-to-end would cost tens of thousands of dollars per query, vs a few cents if the data isn’t encrypted. This means we need at least 100,000x better performance if we want FHE to be cost effective enough that it becomes the norm.

Thankfully, we have a solution: hardware acceleration. By creating dedicated chips for homomorphic encryption, we can make it anywhere from 1,000x to 10,000x faster, while simultaneously being 5-10x cheaper than conventional chips. Together, this means the 100,000x cost improvement we are looking for is within reach, and likely to happen in the next 5 years as these accelerators become available commercially.

While privacy isn’t the only issue with AI, it is a major hurdle for global adoption. Without it, we would need to trust a handful of companies with our most private information, or not use AI at all.

This is why homomorphic encryption is such a big deal: it solves the AI privacy dilemma, by allowing us to both use AI and keep our data private! Because in the end, if AIs don’t know anything about us, perhaps they won’t be able to harm us as much.

Dr Rand Hindi is CEO of  Zama

Image: Shubham Dhage

You Might Also Read:

Guidelines For AI Systems Development:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Too Many Corporate Employees Ignore Cyber Security
OxCyber - Not for Profit Cyber Security Community »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

QNAP Systems

QNAP Systems

QNAP Systems, Inc. delivers world class network attached storage (NAS) and network video recorder (NVR) solutions.

CSIRT Panama

CSIRT Panama

CSIRT Panama is the national Computer Incident Response Team for Panama.

Security Brokers

Security Brokers

Security Brokers focus services and solutions with a focus on strategic ICT Security and Cyber Defense issues.

Cyber Security & Information Systems Information Analysis Center (CSIAC)

Cyber Security & Information Systems Information Analysis Center (CSIAC)

CSIAC is chartered to leverage best practices and expertise from government, industry, and academia on cyber security and information technology.

ProtonMail

ProtonMail

ProtonMail is an easy to use secure email service with built-in end-to-end encryption and state of the art security features.

Calian Group

Calian Group

Calian is a diverse Canadian company offering professional services in areas including IT Consulting, Cyber Security and IT Products.

Jeffer Mangels Butler & Mitchell LLP (JMBM)

Jeffer Mangels Butler & Mitchell LLP (JMBM)

JMBM is a full service law firm providing counseling and litigation services in a wide range of areas including cyber security.

Office of the Government Chief Information Officer (OGCIO) - Hong Kong

Office of the Government Chief Information Officer (OGCIO) - Hong Kong

OGCIO supports the development of community-wide information technology infrastructure and setting of technical and professional standards to strengthen Hong Kong’s position as a world digital city.

Monegasque Digital Security Agency (AMSN)

Monegasque Digital Security Agency (AMSN)

AMSN is the national authority in charge of the security of information systems in Monaco.

In-Sec-M

In-Sec-M

In-Sec-M is a non-profit organization that brings together companies, learning and research institutions, and government actors to increase competitiveness of the Canadian cybersecurity industry.

Axxum Technologies

Axxum Technologies

Axxum Technologies is a premier provider of Network Communications and Information Technology Security Solutions.

NetWitness

NetWitness

NetWitness empowers security teams to rapidly detect today’s targeted and sophisticated attacks with unparalleled visibility.

Commonwealth Scientific & Industrial Research Organisation (CSIRO)

Commonwealth Scientific & Industrial Research Organisation (CSIRO)

CSIRO is Australia's national science agency. We solve the greatest challenges through innovative science and technology.

National Cybersecurity Alliance

National Cybersecurity Alliance

The National Cybersecurity Alliance is a non-profit organization on a mission to create a more secure, interconnected world.

XpertDPO

XpertDPO

XpertDPO provides data security, governance, risk and compliance, GDPR and ISO consultancy to public and private sector organisations.

Systal Technology Solutions

Systal Technology Solutions

Systal is a global managed network and security service and transformation specialist. We help enterprise-level businesses maximise the security and business value of their complex IT infrastructure.