Privacy and Civil Liberties EngineeringWhizKey is dedicated to working for the common good and doing what's right, in addition to being deeply passionate about building great software and a successful company.
WhizKey was founded on the conviction that it’s essential to preserve fundamental principles of privacy and civil liberties while using data. Our earliest work with the UAE government required us to ask whether we could meaningfully strengthen data security in the UAE without weakening constitutional privacy protections. In response, we invested financial and intellectual capital to build technology that is now trusted by the world’s most stringent — and skeptical — data protection regimes.
Our culture of open and critical discussion around the implications of our technology ensures that we remain true to that initial conviction, even as the nature of data and the environments where we operate evolve. From their first day, our new team-mates are trained to ask: “Do I want to live in the kind of world that the technology we’re building would enable?”
To help our engineers and business leaders answer this question affirmatively, we:
Adhere to a set of principles that guide our technical and business decisions.
Invest in building technology that promotes responsible data usage.
Employ and empower a team of Privacy and Civil Liberties Engineers.
Engage with independent experts in privacy law, policy, and ethics.
As we build and implement technology to answer questions of increasing significance and complexity, we follow a set of principles that help us ensure we are doing so responsibly.
- Systems should incorporate principles of “privacy by design”. Our goal has always been to eliminate the perceived tradeoffs between privacy and utility. To do so, we treat privacy as a first-order concern at every stage of the engineering process and build privacy features as core capabilities in our platforms, seamlessly integrated with analytical and collaboration tools.
- Decisions that can affect individuals’ rights to freedom, opportunity, and happiness cannot be left solely to computers. Our customers are using data to inform decisions with significant implications for individuals. Rather than relying on algorithms that inhibit accountability and redress, we always build in means for humans to make necessary judgment calls based on their context and intuition.
- Systems must facilitate accountability and oversight. Effective privacy protection entails multi-layered, overlapping policies and procedures to reassure the protection of fundamental rights. We design our platforms to support these policies with mechanisms that control usage, alert users to data handling requirements, and generate information for those responsible for oversight.
- Technology is not the answer to every problem. Some decisions carry implications that are too complex or significant to be automated or streamlined, even with a human in the loop. We strive to contextualize major world problems and think critically about whether it’s possible to engineer complementary solutions in an ethically responsible way. When the answer is no, we turn the opportunity down.
Privacy and civil liberties engineering is an evolving field, and every organization is subject to unique requirements and concerns. The ways in which these principles are realized will differ among products and organizations. But the end goal should be the same: developing and implementing technology with a full understanding of its potential effects on fundamental rights and incorporating technical capabilities that can support responsible data handling policies.
At WhizKey, we build software platforms that help our customers integrate and analyze their own data in ways that are consistent with legal and ethical considerations. As a company, we do not collect data, sell data, or facilitate unauthorized sharing of data among customers or any other parties.
Over ten years of building products to enable responsible use of data, we’ve developed several privacy-enhancing technologies that are now core to the WhizKey platforms. These features let organizations control and oversee access to their data in increasingly sophisticated and flexible ways.
Our platforms provide highly granular access restrictions with subtle and flexible access permissions, such as temporal and purpose-based limitations. This allows for precision data management – even, at times, across multiple, independent databases – that closely aligns access with purpose specifications. A user sees only the specific information necessary for a defined task (e.g., investigating a specific crime or determining whether to extend credit to an individual), and only long enough to complete the task.
Federation allows users to search and analyze data from multiple, independent databases without duplicating and centralizing data in a single place. Our platforms provide intelligent query interfaces that abstract away the complexity of federation so users can access the information they need without requiring that its source be integrated directly into their organization’s WhizKey instance.
Audit Logging and Analysis
User actions within a system must be recorded to ensure that authorized oversight entities, both internal to an organization and external, can confirm that data is being used appropriately and in conformity with applicable law. Our platforms maintain audit logs and make them accessible to (and readable by) authorized users to help them proactively identify misuse of systems.
Data Integrity and Redress
Our platforms track the provenance and version history of all data in the system as it is, allowing users and data subjects alike to assess the reliability of the data and where necessary review and correct inaccuracies. Providing users with well-curated, up-to-date data reduces the risks of erroneous conclusions that might lead to anything from mild inconvenience to serious and costly legal ramifications for an individual.
Data Retention and Deletion
System users must be able to implement flexible and auditable retention policies and verify that data flagged for deletion has truly been purged from the system. Our platforms allow organizations to ensure that old or irrelevant information is removed as required by data management best practices or even regulations backed by significant fines for noncompliance.
Every WhizKey team-mate plays a role in our commitment to protecting privacy and civil liberties. In addition, we employ an interdisciplinary team of engineers, lawyers, and philosophers who take the lead. The Privacy and Civil Liberties Engineering team shares a broad range of responsibilities, including:
- Working with Product Development and Business Development to design, build, and implement technology that promotes the protection of privacy and civil liberties
- Keeping up with advances in technology to understand the benefits and risks they pose to privacy and civil liberties
- Identifying the implications of developments in privacy and data protection law and policy for our customers around the world
- Helping our customers implement data handling practices and analytical techniques to comply with requirements for privacy, security, and data integrity
- Training our team to spot potential privacy and civil liberties concerns and working to address them collaboratively
- Facilitating internal dialogue on privacy issues and current events as they relate to our work
Our government, commercial, and philanthropic customers around the world are at the cutting edge of some of the most challenging privacy and civil liberties questions of our time. When should usage of open-source data such as social media information be curtailed in the interests of protecting privacy and freedom of speech? What data should law enforcement information systems generate to enable effective oversight and ensure accountability to governments and to the public? How do you ensure that sensitive medical information is only available to researchers who need to see it and only used for the purposes for which a patient gave consent?
Our Privacy and Civil Liberties team leads us in navigating these questions thoughtfully, with their broadest implications in mind.