Digital Trust Talks #1
Interview with Jean-Pierre Hubaux
Professor Jean-Pierre Hubaux is the academic director of the Center for Digital Trust at EPFL (C4DT). He is one of the most cited researchers in privacy and information security and is co-founder of Tune Insight SA.
TV: You seem to be quite active: both academic director of the EPFL Center for Digital Trust (C4DT) and entrepreneur. How do you explain these different roles and where does your interest in data protection, privacy and confidentiality come from?
JPH: There is one constant in technical progress: the development of technology is inevitably accompanied by negative side effects. In the case of information technology, the most important side effects are the threat to privacy and the erosion of trust. I am passionate about these issues, hence my commitment.
TV: What are privacy-enhanced technologies or PETs and why are they needed today?
JPH: PETs are techniques that allow operations on personal data while protecting the private sphere. For example, it is possible to perform operations on data through the cloud without the cloud knowing the value of the data (neither the operands nor the result). This technique, known as homomorphic encryption, was defined in principle more than forty years ago, but it is only now that it has reached a level of performance sufficient for real applications. Another example: an individual whose data is included in a database may worry about the consequence of this inclusion on his privacy. Differential privacy is a PET that allows to impose a quantitative limit on the level of privacy loss induced.
TV: What is the role of C4DT in the development of PETs and more broadly in the field of digital trust?
JPH: The founding fathers of the Internet hoped that their invention would contribute to the spread of knowledge, increase opportunities for everyone, and contribute to global prosperity. This dream has been partially realized and the digitization of society has proceeded at a remarkable speed. But alas, human darkness has tarnished this success, with the emergence of the problems we know: cyber-attacks, cyber-harassment, cyber-warfare, mass surveillance, fake news,…. The problem of the erosion of digital trust is the result of industrialization and is global. It is therefore on the same level as global warming, the scarcity of raw materials and the collapse of biodiversity. The C4DT, which we inaugurated in 2018. is one of EPFL’s responses to this challenge, with the aim of serving as a platform and fostering exchanges between the academic, industrial and political worlds. PETs are obviously an important topic of study at EPFL, and thus in the activities of C4DT.
TV: How does C4DT interact with other ecosystems in the field and how do you see the importance of such collaborations?
JPH: From the very first discussion on this topic with President Martin Vetterli, we decided that C4DT would be done in close partnership with players outside EPFL. We started in 2018 with 12 partners, including flagship companies in the region such as ELCA, Kudelski and SICPA, but also global players such as Microsoft and Roche. In addition to the companies, the ICRC, armasuisse as well as the CHUV are among the partners. Recently, the Federal Office of IT (FOITT) also joined us. The partners make a substantial financial contribution and participate in our various activities. We have also launched a program for start-ups and 7 are already on board.
Interactions include bilateral projects between partners and labs, thematic workshops, events and continuing education courses. We frequently collaborate with Trust Valley on some of these topics.
TV: Regarding your entrepreneurial background, you are the founder of the company Tune Insight, an alumni of the Tech4Trust accelerator program. Can you tell us a few words about the genesis of this company?
JPH: Tune Insight is a team achievement and we are 4 co-founders, with Juan Troncoso-Pastoriza, Frédéric Pont and Romain Bouyé. The company proposes a “privacy-preserving federated analytics and machine learning” software. Here is what it is about. It is quite common that organizations want to collaborate on data but do not want to – or are not allowed to – transfer their data to others; this is called data silos. This is the case, for example, in medicine, where patient data is located in different hospitals and must remain there.
In our research in the lab, we have developed a combination of PETs (including the homomorphic encryption mentioned above) that allows, among other things, distributed computation to be performed and a machine learning model to be trained on siloed data. One of the technical challenges is to be able to do this on large databases, with billions of data, without losing accuracy. We solved this problem.
It quickly became apparent that this breakthrough was of interest in multiple domains, including the aforementioned healthcare, but also cybersecurity, finance (to combat money laundering and fraud in particular) and insurance. As a result, we launched a commercial structure to ensure the industrialization of the software and customer support. This is how Tune Insight SA was born, which currently has a dozen employees.
TV: What is a spin-off? And how do you think this type of company differs from other companies?
JPH: A spin-off is a company that has grown out of another entity, typically a research laboratory. It differs from other companies by a solution that is more technologically advanced. The main difficulty is obviously the adequacy with the needs of the market, or the “market fit”.
TV: Tune Insight was recently mentioned in the Guardian and has started a collaboration with armasuisse. How do you explain the success of this company?
JPH: As mentioned above, the need for collaboration without data transfer is numerous and significant. As a result, there is real traction from the market, despite (or perhaps because of!) the relative sophistication of the proposed solution.
TV: This company’s journey is actually quite atypical. Start-ups in this field often focus on the financial sector first. Tune Insight turned to the medical sector from the beginning. Why did you choose this strategy?
JPH: It’s often a good thing to do things differently than others! But joking aside, the reason is historical: In 2017, the federal government launched the ambitious Swiss Personalized Health Network project to encourage hospitals to collaborate on patient data. As part of this, we defined and obtained funding for the project in charge of protecting this data (DPPH.ch). This transdisciplinary project, which involved several laboratories at EPFL and ETH, was conducted in close consultation with the university hospitals. This allowed us to adapt our technical solutions to the real world. This then served as a springboard to other application verticals, notably in cybersecurity, finance and insurance.
TV: To conclude, what are your perspectives for the future of C4DT, PETs and more broadly innovation in the field of digital trust?
JPH: The C4DT will continue to develop to meet the needs of society by helping to federate the ecosystem. It will continue to be a vector of innovation around EPFL’s achievements. It has taken thousands of years for humans to develop techniques to increase trust through language, legislation, diplomacy, etc. These tools are of little use to us. These tools are of little use in the digital world. To build digital trust, we don’t have millennia to spare, we only have a few years. We need to do it fast and well! We also launched a start-up program and 7 are already on board. Several of them are alumni of Tech4Trust, the Trust Valley’s startup accelerator program.
As for PETs, from being an academic curiosity, they are at the heart of this approach and will be deployed more and more frequently; they will thus contribute to our protection in our digital life.
In conclusion, we have the means to ensure that digital is used wisely and for the benefit of everyone. But to get there, there is much, much work to do!
* * *
Digital Trust Talks is a series of interviews with experts, entrepreneurs and personalities who comment on topics related to innovation, cybersecurity and digital trust.