To compute directly on encrypted data and keep the cryptographic key distributed – an easy, efficient and elegant solution
To safeguard private data in the cloud and within collaborative solutions. In many situations businesses (or individuals) are generally reluctant to reveal private information. Usually with good reason: such information can be exploited by others in the market, but can also be misused in unforeseen ways in the future. While collecting sensitive data across competing companies or/and end users are instrumental for creating value, there is always a potential danger that private information may leak and be aggregated across time.
An auction is all about coordinating confidential information across competing companies and individuals in order to set prices and match buyers and sellers
Confidential statistics is all about coordinating confidential information across competing companies and individuals to compute statistics that leads to better decisions.
Modern market solutions and data driven decision systems rely on more and more confidential data to facilitate better decision making. Typically, the most confidential data are the best data. Confidential and trustworthy use of such data leads to better services.
How Partisia enhances privacy by fundamentally parting with the idea that one needs to trust in individuals or organizations to coordinate or compute on private information. The confidential information will be encrypted and remain encrypted forever! The required coordination will be performed directly on the encrypted information by a network of servers located at different organizations, where no single server knows the decryption key.
Partisia software solutions prevent some type of collusion and limit others
Colusion in auctions can be divided into two types:
The risk of Type 2 collusion is most imminent in open auctions. When the bidding is organized as an open process, it is easier to sustain a cartel or to signal market partition during the bidding. In the auctioning of the 3G licenses in Germany, for example, two of the main competitors Mannesman and T-mobil managed to signal a market partition during the auction to avoid competing. Although, the open price formation is useful to facilitate price discovery, concerns about collusion and the protection of the participants’ private information are sufficiently important in many cases to oblige the use of partly or entirely sealed bids instead. In fact, OECD recommends sealed bids to prevent collusion in public procurement.
With partly or entirely sealed bids, a trusted third party is necessary. This creates a risk of Type 1 collusion. To illustrate with two cases, Siemens AG gained by getting confidential information about competitors’ bids in a public procurement in Singapore and Hochtief placed an optimal winning bid for the construction of a new airport in Berlin based on confidential information. Although collusion may be hard to prove in court, there are many cases and an attempt to estimate the costs has been done by the World Bank. In 2000 the estimated cost of bribing in procurement auctions was 12 % of the turnover and in 2004 the cost of corruption in public procurement alone was estimated at $200 billion. Also, the widely used proxy-bidding is a source of Type 1 collusion. In proxy bidding, a bidder places a maximal price and allows the “computer” to automatically overbid others until the maximal bid is reached. Knowing such a maximal bid can be valuable to the seller and others that gain from a high sales price.
With Partisia software solutions, the sealed bids are not available to any individuals or institutions. Therefore, this information cannot be misused to manipulate the price. The sealed bids can only be opened if one manages to collude with multiple persons key custodians across selected institutions. The number of key custodians required to unseal the bids can be customized. Hereby, collusion of Type 1 can effectively be avoided.
It is harder to avoiding collusion of Type 2. While sealed bidding makes it difficult, Partisia software solution limits collusion of Type 2 even further. With encrypted bids no one can tell an empty bid from a carefully placed bid. Hereby, the software solution allows “pseudo participation” which makes it possible to hide a low real participation. E.g. in a procurement situation where a buyer faces the same class of sellers in successive auctions, pseudo participation may easily be implemented by a rule of compulsory participation among the class of sellers in order to qualify for future auctions. The higher participation significantly hamper collusion of Type 2.
Why deep confidentiality is important in Market Design
While a central coordinated auction or exchange is of great value, the potential leakages of private information may be costly. The traditional approach is to appoint well-reputed and trusted institutions or individuals to safeguard the private information. Still, individuals are granted full access to the information, an approach that is not only prone for human mistake but also provides a focal point for collusive behavior. With Partisia software no such focal point exists and the private bids are kept encrypted forever – this is what we call deep confidentiality.
On this page we discuss some reasons for having deep confidentiality:
The private bids in an auction or exchange may contain information that can be used by opponents in related negotiations or by authorities in a regulatory setting.An example is provided in the Danish Sugar industry, which uses Partisia Contract Exchange to reallocate production contracts among sugar beet growers. The contracts are regularly renegotiated among multiple types of growers and the sugar-processing company Danisco. Since the bids and asks on the exchange provide valuable information about the growers’ willingness to pay or accept, insufficient confidentiality may weaken the growers’ positions in these negotiations.
Another example could be procurement auctions. Sellers often have multiple contracts with the buyer, say a municipality, and the terms of these contracts are gradually adjusted. To impact this ongoing adjustment, a seller may therefore manipulate his bids on new contracts.
With deep confidentiality the participant does not weaken his or her position in related situations, no matter how the future is going to turn out.
Aggregation of private bids across time and auctions can generate valuable information about the participants’ preferences. Such information may for example be used to exercise more price discrimination at the cost of the participants.Computerized trading agents have been used for decades not least in the financial sector. Today, many Internet auctions, such as E-bay, provide so-called proxy bidding, where e.g. a buyer provides a price ceiling and allows a computer to overbid others within that ceiling.
It is extremely important to safeguard the private information feed to such trading agents. This was early acknowledged by Professor Hal Varian:
“Hence privacy appears to be a critical problem for ‘computerized purchasing agents’. This consideration usually does not arise with purely human participants, since it is generally thought that they can keep their private values secret. Even if current information can be safeguarded, records of past behavior can be extremely valuable, since historical data can be used to estimate willingness to pay. What should be the technological and social safeguards to deal with this problem?”
Since the date of this quote (1995), the concern has only increased. The use of auctions in general as well as more advanced auctions has increased. Advanced auctions may include multiple commodities or multiple attributes and extract more information from the participants.
Deep confidentiality effectively eliminates these problems since non-winning bids remain secret forever.
Apart from explicit, rational arguments, there might be a general reluctance to share private information.Private information revelation is a point of no return and it may be hard to foresee future use/misuse of the revealed information. This provides an implicit rationale for the basic reluctance. There may also be more subtle psychological reasons behind a basic reluctance.
With deep confidentiality any reluctance to participate with the required private information is removed and better results are promoted.