Inpher advocates for responsible innovation through privacy-enhancing technologies.

There is great interest and a demand for technologies that can streamline difficult human tasks, such as detecting financial fraud and monitoring for anomalies in big datasets. But harnessing the value of data should never come at the cost of privacy. Inpher’s advances in applied cryptographic techniques—fully homomorphic encryption (FHE) and secure multi-party computation (MPC)—strive towards accountable data governance through quantifiable, built-in privacy safeguards. We want regulators all around the world to understand and promote the advantages of privacy-enhancing technologies for consumer protection, financial services, and AI development. Our policy outreach spans U.S. federal agencies and international data protection authorities:

I. United States (Federal)

FinCEN Consultation on Anti-Money Laundering Program Effectiveness

“Banks need information-sharing programs to gain access to inter-bank and cross-industry data for a bird’s-eye view of transactional insights which cannot be extracted from a single source of data […] Privacy-enhancing technologies can unlock critical opportunities for private-public partnerships and AML ecosystems to expedite financial enforcement efforts.”

• Agency / Jurisdiction: Financial Crimes Enforcement Network (FinCEN), U.S. Department of the Treasury

• Type: Advance Notice of Proposed Rulemaking (ANPRM) Comment

• Submitted: November 16, 2020

• Notice: https://www.federalregister.gov/documents/2020/09/17/2020-20527/anti-money-laundering-program-effectiveness

• Inpher’s published comments: Inpher – FinCEN AML Comment

Using Privacy-Enhancing Technologies to ‘Enlist Big Data in the Fight Against Coronavirus’

“Accurate data-driven responses to COVID-19 require more data points. Equitable public health responses require more data sources to inform policymakers which vulnerable groups are left out of current efforts. Long-term privacy and security require the decentralization of data. Cryptographic privacy safeguards have the potential to address them all.”

• Agency / Jurisdiction: U.S. Senate Commerce Committee

• Type: Congressional hearing letter

• Submitted: April 8, 2020

• Notice: https://www.commerce.senate.gov/2020/4/enlisting-big-data-in-the-fight-against-coronavirus

• Inpher’s published comments: Inpher – Letter to the Senate Commerce Committee on COVID-19 Privacy Hearing

CFPB Request for Information Regarding Tech Sprints

“FinTech sandboxes can promote trust in privacy-enhancing technologies and introduce consistent processes to adopting cutting-edge products that demonstrate value for both consumers and regulators.”

• Agency / Jurisdiction: U.S. Bureau of Consumer Financial Protection (CFPB)

• Submitted: November 8, 2019

• Notice: https://www.federalregister.gov/documents/2019/09/18/2019-20201/request-for-information-regarding-tech-sprints

• Inpher’s published comments: https://inpher.io/wp-content/uploads/2019/08/Inpher-CFPB-Tech-Sprint-Comment.pdf

NIST Draft Privacy Framework 1.0 Consultation

“Cryptographic privacy safeguards eliminate the need to transfer data to third parties—against whom consumers have limited to no data subject rights.”

• Agency / Jurisdiction: U.S. Department of Commerce, NIST

• Submitted: October 24, 2019

• Notice: https://www.nist.gov/news-events/news/2019/09/nist-requests-comments-draft-privacy-framework

• Inpher’s published comments: https://www.nist.gov/system/files/documents/2019/10/28/s_kang_inpher_-_nist_privacy_framework_comment_508.pdf

AI and the Evolution of Cloud Computing: Evaluating How Financial Data is Stored, Protected, and Maintained by Cloud Providers

“Privacy-enhancing technologies (FHE and MPC) can securely compute data across a distributed, multi-cloud architecture. They could have prevented catastrophic financial data breaches by eliminating a single point of failure.”

• Agency / Jurisdiction: U.S. House Financial Services Committee, AI Taskforce

• Type: Congressional expert testimony

• Date Presented: October 18, 2019

• Notice: https://financialservices.house.gov/calendar/eventsingle.aspx?EventID=404484

• Video of Dr. Brandt’s Testimony: https://youtu.be/DyIJsMQEg9E?t=1813

• Published Testimony: https://financialservices.house.gov/uploadedfiles/hhrg-116-ba00-wstate-brandtj-20191018.pdf

Identifying Priority Access or Quality Improvements for Federal Data and Models for Artificial Intelligence Research and Development, and Testing

“Encryption-in-use methods can protect federal data in AI research and development.”

• Agency / Jurisdiction: U.S. Office of Management and Budget (OMB)

• Type: Request for information

• Submitted: August 22, 2019

• Notice: https://www.regulations.gov/document?D=OMB-2019-0003-0001

• Inpher’s published comments: https://inpher.io/wp-content/uploads/2019/08/Inpher-OMB-Federal-Data-for-AI-Research-and-Development.pdf

Standards for Safeguarding Customer Information in the Gramm–Leach–Bliley Act (GLBA)

“Privacy-preserving techniques can safeguard customer data held by financial institutions.”

• Agency / Jurisdiction: U.S. Federal Trade Commission (FTC)

• Type: Notice of proposed rulemaking; request for public comment

• Submitted: August 2, 2019

• Notice: https://www.federalregister.gov/documents/2019/04/04/2019-04981/standards-for-safeguarding-customer-information

• Inpher’s Published Comments: https://inpher.io/wp-content/uploads/2019/08/Inpher-FTC-Safeguards-Rule-NPRM-Comment.pdf

II. International

Recommendations 01/2020 on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data

“We applaud the EDPB for recommending and illustrating the use of Secure Multi-Party Computation as a supplementary measure to the General Data Protection Regulation’s (GDPR) Article 46 transfer tools, in light of the additional guarantees for the protection of personal data necessitated by the Schrems II (C-311/18) decision.”

• Agency / Jurisdiction: European Data Protection Board (EDPB)

• Type: EU Public Consultation on Draft Guidance

• Submitted: December 21, 2020

• Notice: https://edpb.europa.eu/our-work-tools/public-consultations-art-704/2020/recommendations-012020-measures-supplement-transfer_en

• Inpher’s published comments: Inpher- EDPB Supplementary Measures Comment

Parliament of Australia Select Committee on Financial Technology and Regulatory Technology

“Privacy-enhancing cryptography not only unlocks commercial value; these techniques herald immeasurable public benefits by protecting the collective interest of privacy while facilitating valuable data-driven insights.”

• Agency / Jurisdiction: Australian Senate

• Type: Joint brief submitted with Vanteum and Galois

• Submitted: December 31, 2019

• Notice: https://www.aph.gov.au/Parliamentary_Business/Committees/Senate/Financial_Technology_and_Regulatory_Technology

• Submission was covered by the Australian Financial Review: “[…] Inpher also pointed to emerging “privacy-preserving protocols”, saying they were being studied by the United Nations, World Economic Forum and European Union as a way to reduce the “threat surface” that came from sharing raw data.”

UK ICO Consultation on the Draft Data Sharing Code of Practice

“The UK Data Sharing Code of Practice should address applications of MPC in cross-border data transfers and standardize privacy engineering requirements.”

• Agency / Jurisdiction: UK Information Commissioner’s Office (ICO)

• Type: Public consultation on ICO’s updated code of practice

• Submitted: September 9, 2019

• Notice: https://ico.org.uk/about-the-ico/ico-and-stakeholder-consultations/ico-consultation-on-the-draft-data-sharing-code-of-practice/

Canadian Privacy Commissioner: Consultation on Cross-Border Data Transfers

“The Canadian federal privacy law should be modernized to embrace privacy-enhancing technologies that can protect individual rights against preventable breaches and misuses of commercial data.”

• Agency / Jurisdiction: Office of the Privacy Commissioner of Canada (OPC)

• Type: Stakeholder consultation

• Submitted: August 6, 2019

• Notice: https://www.priv.gc.ca/en/about-the-opc/what-we-do/consultations/consultation-on-transfers-for-processing/