Current practice dictates that sensitive personal data should not be shared, or that attributes like credit card information should be removed before sharing. Current practice also dictates that only aggregate results may be released when computing with sensitive information, as is done by the US Census. Unfortunately, not sharing data prohibits useful applications, and both removing attributes and releasing aggregate results have repeatedly been demonstrated as insufficient to fully protect data.

Recent advances in homomorphic encryption, secure multiparty computation, secure hardware enclaves, and differential privacy offer solutions. These approaches allow data to be shared and used in general-purpose computation, and results of those computations to be released, all while fully protecting the input data. However, each approach comes with severe costs in some combination of runtime performance, accuracy of computed results, and evidence of privacy protection that can be effectively audited. In order to use these techniques in practice we must first address these costs.

Ongoing research is advancing each solution in isolation; however, a focus on the compute paradigm common to all of these has the potential to accelerate the entire solution space. The common paradigm is data oblivious computation, which disallows data-dependent control flow and data-dependent RAM access.

Innovations in compiler techniques for data-oblivious programs can help reduce performance costs. New static and dynamic analyses for data-oblivious computations can predict and optimize parameter choices that affect performance and accuracy. Finally, verified compilers and proof-carrying code frameworks can build confidence that privacy techniques are properly applied to sensitive data.