Meta says its Anonymous Credentials (ACS) service will help reduce data collection activities

We’re excited to bring back Transform 2022 in person on July 19 and virtually from July 20 through August 3. Join leaders in AI and data for in-depth discussions and exciting networking opportunities. Learn more about Transformer 2022

Today Meta engineers gave a talk at the [email protected] virtual event detailing the organization’s approach to data minimization and discussing an in-house solution it developed called Anonymous Credentials Service (ACS).

Meta’s ACS is designed to allow it to authenticate users in an “anonymized manner”, allowing access to services without collecting any data that could be used to identify the subject’s identity.

Under ACS, a client contacts the server through an authentication channel and sends a token, which the server signs and sends back.

Then the client uses an anonymous channel to submit data to the server and authenticates it using a modified form of the token rather than the user’s ID. This allows servers to authenticate clients without knowing which client a token belongs to.

The organization’s approach highlights a potential alternative for companies and technical decision makers looking for techniques to minimize the amount of data they collect.

The need to anonymize data

Meta’s ACS comes as data privacy regulations pile up across the globe and the organization comes under fire under GDPR for transatlantic data sharing, with the company recently announcing it would withdraw Europe’s Facebook and Instagram if the GDPR prevented the sharing of user data. from the United States to the EU.

“We have absolutely no desire or plan to withdraw from Europe, but the simple reality is that Meta, and many other businesses, organizations and services, depend on data transfers between the EU and the US. in order to operate global services,” a Meta spokesperson said.

For all organizations doing business, it is necessary to collect the minimum amount of data to prevent personally identifiable information from falling into the wrong hands.

Meta’s development of ACS provides a new technique that the organization can use to authenticate users and ensure the security of key services while dissociating their identity from personally identifiable information.

“Collecting the minimum data necessary to support our services is one of our core principles at Meta as we continue to develop new privacy enhancing technologies (PET). We are constantly looking for ways to improve the privacy and protect user data on our family of products,” said Meta Software engineers Shiv Kushwah and Haozhi Xiong in the official blog.

ACS provides a way to keep protected information private while ensuring that the organization has enough data to perform its critical tasks.

“So we leveraged the ‘anonymous credentials’ that were developed in collaboration over the years between industry and academia, to create a core service called Anonymous Credentials Service (ACS). ACS is a highly available multi-tenant service that allows customers to authenticate anonymously,” Kushwah and Xiong said.

It improves privacy and security while being computationally conscious. ACS is one of the newest additions to our PETS portfolio and is currently used in several high-volume use cases at Meta,”

The trials and tribulations of data protection

Meta’s engineering talk comes as the data protection market is growing, with the market expected to grow from $61 million in 2020 to $11 million by 2027, as the volume of data increases alongside government regulations implementing new data protection standards.

Among social media companies, there is certainly a need for innovation in data protection, with Twitter recently faced a fine of €450,000 (US$502,440.75) from the Irish Data Protection Commission, following GDPR breaches following a data breach in 2019.

Similarly, TikTok made costly data management mistakes, when in July last year the Dutch Data Protection Authority (DPA) imposed a fine of €750,000 (837,198.75 USD) for violation of the children’s privacy for not offering the privacy statement in Dutch. .

Currently, Meta aims to differentiate itself from other social media providers by developing a new data sharing solution that will ensure that data can be mined without exposing any personal information to regulatory liabilities and threat actors.

VentureBeat’s mission is to be a digital public square for technical decision makers to learn about transformative enterprise technology and conduct transactions. Learn more about membership.

Comments are closed.