December 20, 2022

Wyden, Portman Urge National Science Foundation to Secure Americans’ Data with Encryption Technology

Washington, D.C.To ensure government agencies can use data for research while protecting Americans’ privacy and security, U.S. Senators Ron Wyden, D-Ore., and Rob Portman, R-Ohio, today urged the National Science Foundation (NSF) to secure Americans’ information within the National Secure Data Service (NSDS) platform using advanced encryption technology. 

“The NSDS platform will enable government agencies to collaborate by using data for research projects. This research will help policy makers to improve government programs, and will shed light on the effectiveness of federal policies. However, the NSDS program will only live up to its promise if it facilitates research while protecting Americans’ data from hackers, foreign spies and misuse by government agencies,” Wyden and Portman wrote in a letter to Sethuraman Panchanathan, Director of National Science Foundation.

“To ensure identifiable data within the platform is inaccessible to any agency other than the one who originally provided it — including NSF itself —  NSF should require agencies to encrypt the information using an encryption key only they control,” the senators continued.

If sensitive data is encrypted, individuals who appear in that data will be protected in the event of a hack or breach of the NSDS system. The 2014 data breach at the Office of Personnel Management demonstrated that government databases are a target for hacking by cyber adversaries. Wyden and Portman urged NSF to avoid holding a “master key” that can access all data in the NSDS system, to avoid creating a massive cyber-target for hackers.

The letter urged NSF to use privacy-enhancing technologies like multi-party computation that make it possible for organizations to collaborate on research without sharing unencrypted data. Multi-party computation was developed with government funding, and is already in use in the commercial sector. With these technologies, the NSDS program will be able to support important research that relies on sensitive data, such as studying programs to better serve our nation’s veterans, without requiring agencies to share individuals’ sensitive data and potentially compromise their privacy.

The letter concluded by requesting NSF provide answers to the following questions by January 31, 2023: 

1. Will NSF commit to using multi-party computation, or another privacy-enhancing technology that prevents unencrypted data from being available within the NSDS system, for all data pertaining to individual Americans?

2. Will NSF commit to having agencies encrypt their own data within the NSDS platform, preventing NSF from holding a “master key” that would be a target for hacking and theft?

And requesting that it provide ongoing updates on:

3. The guidance or processes NSF will use to determine whether data used by an NSDS project is in an “identifiable form” or is otherwise sensitive, and thus must be encrypted or otherwise inaccessible to other parties in the NSDS system.

4. How NSF plans to implement the NSDS platform to enforce the requirement that it allow only authorized analysts to run approved queries.

The text of the full letter is here.

###

Press Contact

Keith Chu