Request for Information on Advancing Privacy-Enhancing Technologies

Issuing agencies

Abstract

The Office of Science and Technology Policy (OSTP)--on behalf of the Fast Track Action Committee on Advancing Privacy-Preserving Data Sharing and Analytics of the Subcommittee on Networking and Information Technology Research and Development (NITRD) of the National Science and Technology Council, the National Artificial Intelligence Initiative Office, and the NITRD National Coordination Office--requests public comments to help inform development of a national strategy on privacy- preserving data sharing and analytics, along with associated policy initiatives. The national strategy will put forth a vision for responsibly harnessing privacy-preserving data sharing and analytics to benefit individuals and society. It will also propose actions from research investments to training and education initiatives, to the development of standards, policy, and regulations needed to achieve that vision.

Full Text

<html>
<head>
<title>Federal Register, Volume 87 Issue 111 (Thursday, June 9, 2022)</title>
</head>
<body><pre>
[Federal Register Volume 87, Number 111 (Thursday, June 9, 2022)]
[Notices]
[Pages 35250-35252]
From the Federal Register Online via the Government Publishing Office [<a href="http://www.gpo.gov">www.gpo.gov</a>]
[FR Doc No: 2022-12432]


=======================================================================
-----------------------------------------------------------------------

OFFICE OF SCIENCE AND TECHNOLOGY POLICY


Request for Information on Advancing Privacy-Enhancing 
Technologies

AGENCY: Office of Science and Technology Policy (OSTP).

ACTION: Notice of request for information on Advancing Privacy-
Enhancing Technologies.

-----------------------------------------------------------------------

SUMMARY: The Office of Science and Technology Policy (OSTP)--on behalf 
of the Fast Track Action Committee on Advancing Privacy-Preserving Data 
Sharing and Analytics of the Subcommittee on Networking and Information 
Technology Research and Development (NITRD) of the National Science and 
Technology Council, the National Artificial Intelligence Initiative 
Office, and the NITRD National Coordination Office--requests public 
comments to help inform development of a national strategy on privacy-
preserving data sharing and analytics, along with associated policy 
initiatives. The national strategy will put forth a vision for 
responsibly harnessing privacy-preserving data sharing and analytics to 
benefit individuals and society. It will also propose actions from 
research investments to training and education initiatives, to the 
development of standards, policy, and regulations needed to achieve 
that vision.

DATES: Interested persons and organizations are invited to submit 
comments on or before 5:00 p.m. ET on Friday, July 8.

ADDRESSES: Interested individuals and organizations should submit 
comments electronically to <a href="/cdn-cgi/l/email-protection#6d3d28393e403f2b242d0304191f09430a021b"><span class="__cf_email__" data-cfemail="eabaafbeb9c7b8aca3aa84839e988ec48d859c">[email&#160;protected]</span></a> and include < RFI 
Response: Privacy-Enhancing Technologies > in the subject line of the 
email. Due to time constraints, mailed paper submissions will not be 
accepted, and electronic submissions received after the deadline cannot 
be ensured to be incorporated or taken into consideration.
    Instructions: Response to this RFI is voluntary. Each responding 
entity (individual or organization) is requested to submit only one 
response, in English.
    Responses may address one or as many topics as desired from the 
enumerated list provided in this RFI, noting the corresponding number 
of the topic(s) to which the response pertains. Submissions must not 
exceed 10 pages (exclusive of cover page) in 11-point or larger font, 
with a page number provided on each page. Responses should include the 
name of the person(s) or organization(s) filing the comment, as well as 
the respondent type (e.g., academic institution, advocacy group, 
professional society, community-based organization, industry, member of 
the public, government, other). Respondent's role in the organization 
may also be provided (e.g., researcher, administrator, student, program 
manager, journalist) on a voluntary basis. Comments containing 
references, studies, research, and other empirical data that are not 
widely published should include copies or electronic links of the 
referenced materials; these materials, as well as a list of references, 
do not count toward the 10-page limit. No business proprietary 
information, copyrighted information, or personally identifiable 
information (aside from that requested above) should be submitted in 
response to this RFI. Comments submitted in response to this RFI may be 
posted online or otherwise released publicly.

[[Page 35251]]

    In accordance with Federal Acquisitions Regulations Systems 
15.202(3), responses to this notice are not offers and cannot be 
accepted by the Federal Government to form a binding contract. 
Additionally, those submitting responses are solely responsible for all 
expenses associated with response preparation.

FOR FURTHER INFORMATION CONTACT: For additional information, please 
direct questions to Jeri Hessman at <a href="/cdn-cgi/l/email-protection#dd8d98898ef08f9b949db3b4a9afb9f3bab2ab"><span class="__cf_email__" data-cfemail="02524756512f50444b426c6b7670662c656d74">[email&#160;protected]</span></a> or 202-459-9683.

SUPPLEMENTARY INFORMATION: Privacy-Enhancing Technologies (PETs) 
present a key opportunity to harness the power of data and data 
analysis techniques in a secure, privacy-protecting manner.\1\ This can 
enable more collaboration across entities, sectors, and borders to help 
tackle shared challenges, such as health care, climate change, 
financial crime, human trafficking, and pandemic response. PETs can 
also help promote continued innovation in emerging technologies in a 
manner that supports human rights and shared values of democratic 
nations, as highlighted during the Summit for Democracy in December 
2021, which included an announcement that the United States and the 
United Kingdom are collaborating to develop bilateral innovation prize 
challenges focused on advancing PETs. However, to date, PETs have not 
achieved widespread adoption due to a variety of factors, among them, 
limited technical expertise, perceived risks, financial cost, and the 
need for more research and development.
---------------------------------------------------------------------------

    \1\ For the purposes of this RFI, privacy-enhancing, privacy-
preserving, and privacy-protecting are used as equivalent terms.
---------------------------------------------------------------------------

    The purpose of this Request for Information is to better understand 
how to accelerate the responsible development and adoption of PETs in a 
manner that maximizes the benefit to individuals and society, including 
increasing equity for underserved or marginalized groups and promoting 
trust in data processing and information technologies.
    Terminology: Privacy-enhancing technologies (PETs) refer to a broad 
set of technologies that protect privacy, which are within the scope 
for this RFI. We are particularly interested in privacy-preserving data 
sharing and analytics technologies, which describes the set of 
techniques and approaches that enable data sharing and analysis among 
participating parties while maintaining disassociability and 
confidentiality.\2\ Such technologies include, but are not limited to, 
secure multiparty computation, homomorphic encryption, zero-knowledge 
proofs, federated learning, secure enclaves, differential privacy, and 
synthetic data generation tools.
---------------------------------------------------------------------------

    \2\ Disassociability means enabling the processing of data or 
events without association to individuals or devices beyond the 
operational requirements of the system. NIST Privacy Framework: A 
Tool for Improving Privacy Through Enterprise Risk Management, v 
1.0, <a href="https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.01162020.pdf">https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.01162020.pdf</a>.
---------------------------------------------------------------------------

    Background: Data are vital resources for solving society's biggest 
problems. Clinicians are using data to identify the best treatments for 
their patients, farmers are using data to predict and improve farm 
yields, and public servants are using data to create evidence-based 
policies. Artificial intelligence (AI) and other emerging analytics 
techniques are amplifying the power of data, making it easier to 
discover new patterns and insights, ranging from better models to 
predict the impacts of climate change to new methods for detecting 
financial crimes.
    While data are enabling innovation and insights across sectors, it 
can still be challenging to harness the full potential of data due to 
the overarching imperative for adequate privacy and security 
protections. For instance, when trying to explore developing new 
treatment options, some medical researchers may experience challenges 
when trying to gain access to medical records because those records 
reveal health information that may identify the individual patients, 
implicating the privacy and safety of those patients as well as medical 
privacy law. In other situations, confidentiality concerns around 
intellectual property limit research collaborations that could improve 
data model training and speed advances within those sectors.
    Certain types of PETs provide ways to share data or provide access 
to data to drive innovation while also protecting privacy. For example, 
PETs could allow for the analysis of medical images across hospitals 
and international borders without transferring that data or even 
without using or disclosing the images to researchers. PETs could 
enable access to more comprehensive and diverse datasets, which in turn 
could enable the development of AI systems that can produce better 
treatments for patients from all demographic backgrounds.
    Acknowledging this potential, the Federal Government seeks to 
develop a national strategy for advancing and adopting privacy-
preserving data sharing and analysis. In the public sector, PETs can 
facilitate more integrated public services by enabling data analysis 
across agencies, advancing the Federal Data Strategy's mission ``to 
fully leverage the value of federal data for mission, service, and the 
public good.'' \3\ In the private sector, PETs can spur innovation and 
efficiencies by making it feasible for companies to enable more data 
access for researchers and nonprofits, or even for each other, without 
disclosing sensitive information.
---------------------------------------------------------------------------

    \3\ <a href="https://strategy.data.gov/overview/">https://strategy.data.gov/overview/</a>.
---------------------------------------------------------------------------

    Data processing by the Federal Government and in the private sector 
is currently governed by a number of laws, regulations, and policies. 
Many of these policies are in place to protect the information privacy 
of individuals and businesses, often by sector (e.g., healthcare, 
education), by entity (e.g., interagency data sharing, open data), or 
by jurisdiction (e.g. the California Consumer Protection Act). However, 
as PETs continue to mature and mitigate the risks to information 
privacy when used to enable data sharing and analysis, it is possible 
that some existing policies will need modification. Such modifications 
could make it easier to harness the potential of PETs, while ensuring 
that the Federal Government and other entities continue to manage data 
in a responsible and privacy-protecting manner.
    Through this RFI, we seek public input to identify potential 
actions or recommendations that could be put forth as part of a 
national strategy on privacy-preserving data sharing and analysis. We 
are especially interested in comments on Federal laws, regulations, 
authorities, research priorities, and other mechanisms across the 
Federal Government that could be used, modified, or introduced to 
accelerate the development and adoption of PETs.
    Scope: OSTP invites input from any interested stakeholders. In 
particular, OSTP is interested in input from parties researching, 
developing, acquiring, using, or governing privacy-enhancing 
technologies; parties with expertise on the exchange of data with or 
within the Federal Government; and parties with experience using PETs 
to ensure effective delivery of Federal services and increase equitable 
outcomes.
    Information Requested: Respondents may provide information for one 
or as many topics below as they choose. Through this RFI, OSTP seeks 
information on potential specific actions that would advance the 
adoption of PETs in a responsible manner, including on the following 
topics:
    1. Specific research opportunities to advance PETs: Information 
about Federal research opportunities that could be introduced or 
modified to accelerate the development or adoption

[[Page 35252]]

of PETs. This includes topics for research, hardware and software 
development, and educational and training programs. This also includes 
information about specific techniques and approaches that could be 
among the most promising technologies in this space.
    2. Specific technical aspects or limitations of PETs: Information 
about technical specifics of PETs that have implications for their 
development or adoption. This includes information about specific PET 
techniques that are promising, recent or anticipated advances in the 
theory and practice of PETs, constraints posed by limited data and 
computational resources, limitations posed by current approaches to de-
identification and deanonymization techniques, limitations or tradeoffs 
posed when considering PETs as well as technical approaches to equity 
considerations such as fairness-aware machine learning, security 
considerations based on relevant advances in cryptography or computing 
architecture, and new or emerging privacy-enhancing techniques. This 
also includes technical specifications that could improve the benefits 
or privacy protections, or reduce the risks or costs of adopting PETs.
    3. Specific sectors, applications, or types of analysis that would 
particularly benefit from the adoption of PETs: Information about 
sectors, applications, or types of analysis that have high potential 
for the adoption of PETs. This includes sectors and applications where 
data are exceptionally decentralized or sensitive, where PETs could 
unlock insights or services of significant value to the public, where 
PETs can reduce the risk of unintentional disclosures, where PETs might 
assist in data portability and interoperability, and sectors and 
applications where the adoption of PETs might exacerbate risks, 
including in the areas of privacy, cybersecurity, accuracy of data 
analysis, equity for underserved communities, and economic competition. 
This topic covers opportunities to improve the effectiveness of data 
sharing among specific Federal agencies and between specific Federal 
agencies and entities outside the Federal Government, including the 
goals outlined in Section 5 of Executive Order 14058: Transforming 
Federal Customer Experience and Service Delivery To Rebuild Trust in 
Government.
    4. Specific regulations or authorities that could be used, 
modified, or introduced to advance PETs: Information about Federal 
regulations or authorities that could be used, modified, or introduced 
to accelerate the development or adoption of PETs. This includes 
privacy-related rulemaking authorities under the Office of Management 
and Budget, the Federal Trade Commission, and financial regulatory 
bodies, as well as acquisition regulations under the Federal 
Acquisition Regulations. This also includes the Federal authority to 
set procedures for agencies to ensure the responsible sharing of data. 
This also covers hiring authorities to recruit Federal employees with 
expertise to advance PETs, as well as acquisition authorities (e.g., 
Other Transaction Authority) to procure PETs for development.
    5. Specific laws that could be used, modified, or introduced to 
advance PETs: Information about provisions in U.S. Federal law, 
including implementing regulations, that could be used, modified, or 
introduced to accelerate the development or adoption of PETs. This 
includes provisions, safe harbors, and definitions of use, disclosure, 
safeguards, and breaches. Information may also include comments on how 
to advance PETs as part of new or proposed legislation, such as that 
which would create a National Secure Data Service. Information may also 
include comments on State law or on international law as it applies to 
data sharing among international entities.
    6. Specific mechanisms, not covered above, that could be used, 
modified, or introduced to advance PETs: This includes the development 
of open-source protocols and technical guidance, the use of public-
private partnerships, prize challenges, grants, testbeds, standards, 
collaborations with foreign countries and nongovernmental entities, the 
Federal Data Strategy, and data sharing procedures with State, local, 
tribal, and territorial governments. This also includes interpretations 
and modifications of standard non-disclosure agreements, 
confidentiality clauses, data use or sharing agreements, etc.
    7. Risks related to PETs adoption: Identification of risks or 
negative consequences resulting from PETs adoption as well as policy, 
governance, and technical measures that could mitigate those risks. 
This includes risks related to equity for underserved or marginalized 
groups, the complexity of implementation and resources required for 
adoption, as well as from conceptual misunderstandings of the technical 
guarantees provided by PETs. This also includes recommendations on how 
to measure risk of PETs adoption and conduct risk-benefit analyses of 
use.
    8. Existing best practices that are helpful for PETs adoption: 
Information about U.S. policies that are currently helping facilitate 
adoption as well as best practices that facilitate responsible 
adoption. This includes existing policies that support adoption, 
including in the areas of privacy, cybersecurity, accuracy of data 
analysis, equity for underserved communities, and economic competition. 
This also includes information about where and when PETs can be 
situated within tiered access frameworks for accessing restricted data, 
ranging from publicly accessible to fully restricted data.
    9. Existing barriers, not covered above, to PETs adoption: 
Information about technical, sociotechnical, usability, and 
socioeconomic barriers that have inhibited wider adoption of PETs, such 
as a lack of public trust. This includes recommendations on how such 
barriers could be overcome. Responses that focus on increasing equity 
for underserved or marginalized groups are especially welcome.
    10. Other information that is relevant to the adoption of PETs: 
Information that is relevant to the adoption of PETs that does not fit 
into any of the topics enumerated above.

    Dated: June 6, 2022.
Stacy Murphy,
Operations Manager.
[FR Doc. 2022-12432 Filed 6-8-22; 8:45 am]
BILLING CODE 3270-F2-P


</pre><script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script></body>
</html>