What is end-to-end encryption?
Before we get into end-to-end encryption use in AI development, let’s revisit the basics. Firstly, encryption involves making data secure to prevent information from being stolen. Encryption technology uses algorithms to make data unreadable. That way, any non-authorised users can’t read or see that information. Then, a password (known as a ‘key’) will decrypt the data for authorised users. With end-to-end encryption, data (an email or image file, for example) remains fully encrypted at all times when being transported or stored on the internet – only a user with the correct key can ever decrypt it.
In contrast, with encryption-in-transit data is only encrypted whilst being transferred from one point to another but may be in an unencrypted form at either end of that transfer. Or with encryption-at-rest data is only encrypted when it is being stored somewhere. Critically, when data is encrypted on a third-party server, the company operating that server holds the encryption keys. Therefore, without end-to-end encryption data can still be at risk of being accessed or stolen when it is either transmitted or stored on a third party server.
With end-to-end encrypted cloud-based software, such as gliff.ai, data is encrypted on a user’s computer. It remains encrypted when stored in the cloud, and is still encrypted when sent back to an authorised user’s computer. This means that no one else can access the data – not even the software provider.
Do you need end-to-end encryption in AI development?
If you’re developing an AI application, then you will need a lot of data to develop your model. In medical AI development, that data may contain personally identifiable patient information or patients’ medical images like OCT, MRI and CT scans. Therefore, this data will be highly sensitive – and commercially valuable.
In today’s world, privacy and security are paramount. So you need to comply with data protection laws like GDPR and HIPAA. It’s also probable that a data owner (e.g. a healthcare institution like the NHS) will require certain security standards to be met that cover the methods by which your data is stored, transmitted and shared.
Using end-to-end encryption within AI development will undoubtedly help you towards meeting standards for privacy and security. And not just that. Using end-to-end encryption to protect your data will bring you more peace of mind. Plus, end-to-end encryption will help provide the level of assurance that your AI team and project sponsors might expect. It’s also a great measure to help reduce some of the risk encountered by your project.
gliff.ai is an end-to-end encrypted software platform for developing imaging datasets. If you’re interested in understanding more about our decision to adopt end-to-end encryption, read our CTO’s article here.