What Big Tech’s Patents Tell Us About The Future Of Data Security

Facebook, Amazon, Microsoft, Google, and Apple (FAMGA) are doubling down on data security.

These companies track our behavior, store our financial information, know where we work and live, what we buy, and more. Owning this data puts FAMGA on the front lines in the fight against the theft and exploitation of our personally identifiable information (PII).

For example, Facebook recently disclosed that an unprecedented data breach, discovered on September 25, exposed the social media accounts of up to 90 million users — including login credentials — effectively compromising access to any site that lets users log in with their Facebook account.

Similarly, Amazon Web Services (AWS) has a contract with the US government called Secret Region to serve workloads across the full range of government data classifications, including Top Secret documents. Effective data security features are critical to securing this information.

However, Facebook and Amazon are not the only Big Tech companies with a need to innovate in data security. In fact, all of FAMGA are patenting data security inventions and are hiring to boost their privacy and security functions.

Using CB Insights’ patent analytics, we mined FAMGA’s patent application activity for data security innovations.

Clients with expert intelligence access can take a look at our series on the future of data security. We take a look at leading data security startups and the emerging technologies that are giving data security systems a much needed upgrade.

FAMGA are patenting the future of data security

Trends like data anonymization and homomorphic encryption are still in their infancy and have the potential transform our lives. But how deeply is each FAMGA company involved in pushing the boundaries in these areas?

Patents are a meaningful leading indicator of where company R&D and innovation efforts are headed. An individual patent might only be a sketch of a potential product, but taken together, patent activity can reveal strategic direction and priorities.

Forward-looking data security trends

Facebook, Apple, and Google are prioritizing security to share data with advertisers

Facebook and Google track users online and sell that data to advertisers. In turn, these companies are trying to find new ways to target users (and increase their bottom line) while also protecting users’ privacy. Similarly, Apple is making a foray into advertising with an eye on maintaining its reputation as a privacy leader.

Facebook

Facebook applied for the patent, “Anonymizing User Identifiable Information,” in Jan’18.

The social media giant wants to be able to scramble PII in raw datasets, mirroring the original data but shielding users from identification by third parties.

Users’ PII hosted on Facebook’s servers would no longer be tied directly to a real identity. The goal is to build a PII anonymization system such that eventually all raw identity data can be deleted.

Facebook would be able to share users’ PII data with its sprawling ecosystem of advertisers while remaining compliant with new regulations such as GDPR, which strictly govern the dissemination of PII to third parties. Facebook users’ PII would also be protected in the event of a data breach.

Apple

Apple filed a patent to “repackage media content data with anonymous identifiers” in Dec’17.

The invention lets Apple serve users with personalized content on their devices without exposing identities to third parties, especially to advertisers looking to measure the effectiveness of ad campaigns.

Apple has hinted at growing its contextual advertising business. Contextual advertising means that Apple’s ad tech would rely on less invasive targeting methods than Facebook and Google.

Notably, at its Worldwide Developer Conference in June, Apple announced it would start blocking third-party cookies and digital fingerprinting in Safari — a big move for internet privacy, and a not-so-subtle jab at Facebook’s internet-wide tracking and user-targeting.

Google

In May’18, Google published a patent to “access control for user related data.”

The design secures users’ data on exchanges for coordinating online targeted advertising.

It would enable Google to set up a secure and encrypted data exchange between data providers and advertisers. The exchange can track the flow of user data and monitor entities that access or alter the data.

More specifically, Google is designing novel approaches to track the provenance of user data to prove its integrity, encrypt data in an exchange, and restrict who can access, share, and operate on sensitive user data in an advertising environment.

Microsoft is an early leader in securing data in use 

In short, homomorphic encryption allows for performing operations on encrypted data, where previous data analysis required the decryption of data, increasing risks of data breaches. The ability to operate on encrypted data is considered by experts to be data security’s holy grail.

The enterprise data life cycle consists of three elements: data at rest, data in transit, and data in use. Historically, absent a practical homomorphic encryption scheme, enterprises have only been able to fully secure data at rest and data in transit.

Microsoft’s lead on this technology is in part evidenced by the fact that the company filed a patent application as early as 2013 (granted in 2016) for “encrypting genomic data for storage and genomic computations.” 

The patent allows operation on encrypted genomic information using what the patent describes as a “homomorphic polynomial encryption scheme.” The ability to operate on encrypted genomic data means that partner ecosystems can share sensitive data sets and findings while also preserving privacy and adhering to healthcare industry data compliance standards.

Similarly, Microsoft also filed for a patent in 2014 (granted in 2018), called “neural networks for encrypted data.” Neural networks generally refer to computation models with the capacity for machine learning and pattern recognition. In this case, Microsoft wants to be able to perform tasks such as speech recognition, handwriting recognition, computer vision, and natural language processing on sensitive data sets without compromising security.

Note that Google is also a leader in homomorphic encryption with at least two patent applications filed on the subject since 2013, and that an IBM researcher is credited with the first fully homomorphic encryption system in 2009.

Google and Amazon are prioritizing data security in the cloud

Recent high-profile data exposures — including at Accenture, WWE, and Booz Allen — stem from misconfigurations in Amazon Web Services’ Simple Storage Service (S3) buckets. Google’s cloud customers have also suffered data leaks as well due to holes in cloud infrastructure security.

Google

Google applied to patent a system for detecting large-scale data leakage in the cloud in March 2018.

Google can scan an enterprise’s data hosted on the Google Cloud for signs of a breach while also leveraging encryption technologies to maintain the confidentiality of customers’ sensitive data.

Basically, the patent prevents inadvertent data exposure by Google during a sensitive data breach detection process.

Google recently unveiled its beta version of a next generation cloud security platform called the Cloud Security Command Center. The center offers vulnerability scanning, automated scans for sensitive data, and breach notification.

Amazon

Amazon applied for a patent in January 2018 for the “management of encrypted data storage.”

Basically, Amazon can offer encryption (and decryption) as a service to its AWS customers.

Encryption — the most common way to protect data — is a hard infrastructure to manage. Businesses need to identify their most valuable data, encrypt it, and protect access to decryption keys, while still using and operating on that data.

The application describes the ability to specify security protocols, such as encryption, for data maintained by a remote network computing provider on behalf of the user.