Privacy in Electronic Society

1
Privacy in Electronic Society
Talk I General Topic Areas
Lingyu Wang
2
Privacy Concerns Press, Government,
Organizations and Academia
The Economist
3
Privacy Concerns Public

• Public opinion polls1
• 81 reported that the right to privacy was
  "essential."
• 86 want a web site to obtain opt-in consent
  before even collecting user info
• 81 were concerned that a company might violate
  their personal privacy in using the collected
  data
• 1. Public Opinion on Privacy, Electronic
  Privacy Information Center (EPIC)

4
Privacy Concern - Businesses

• Only public and government want privacy?
• No!
• Consumers routinely abandon shopping carts
  because of demands for too much personal
  information
• Analysts estimate that Internet retail sales lost
  due to privacy concerns may be as much as 18
  billion1
• 1. How The Lack of Privacy Costs Consumers and
  Why Business Studies of Privacy Costs are Biased
  and Incomplete by Robert Gellman

5
Two Aspects of Electronic Privacy

• Collecting users submit private information
  during electronic transaction
• For example, registering at an e-commerce site
  needs name, address, phone, DOB, mothers maiden
  name, etc.
• Disclosing collected information is shared with
  third party
• For example, sales data are provided to another
  company for data analysis and data mining purpose

6
Open Problem in Collecting Stage Flexible
Information Collecting

• Current policies of merchants are not flexible
• Either provide everything asked, or leave. No
  room for negotiation about providing personal
  info
• Many collected data are not essential for every
  transaction

7
Open Problem in Disclosing Stage Controlled
Disclosure of Data

• Currently data are shared with third parties with
  little protection
• Data sanitization is not enough (e.g., SSN and
  name are not the only identifier)
• Even summarized statistical data could be
  sensitive (Later well see an example)

8
Talk II Background Literature

• Automated Trust Negotiation
• Inference Control

9
1.Automated Trust Negotiation (ATN)

• Goal to gradually establish trust relationship
  between strangers using credentials
• Client side rules and server side rules
• One successful negotiation
• Client ? Server Mailing_Addr
• Server ? Client Verisign_Cert
• Client ? Server Credit_Card
• Server ? Client Order_Ok

10
1.ATN Related Work

• Works from BYU Internet Security Research Lab and
  UIUC Database Group
• T. Yu, M. Winslett, and K. E. Seamons.
  Interoperable Strategies in Automated Trust
  Negotiation. 8th ACM Conference on Computer and
  Communications Security, November 2001
• T.Yu, X. Ma, M. Winslett, PRUNES An Efficient
  and Complete Strategy for Automated Trust
  Negotiation over the Internet, 7th ACM conference
  on Computer and communications security, 2000
• T. Yu, M. Winslett, K. Seamons, Supporting
  Structured Credentials and Sensitive Policies
  through Interoperable Strategies for Automated
  Trust Negotiation, ACM Transactions on
  Information and System Security, volume 6, number
  1, February 2003
• a lot more

11
1.ATN Related Work (Contd)

• Pros
• Complete strategies negotiation will succeed
  whenever possible
• Efficient strategies bounded computation and
  communication complexity
• Interoperable strategies server/client using
  different strategies can negotiate with each
  other
• Privacy protecting - sensitive credentials are
  conditionally disclosed

12
1.ATN Related Work (Contd)

• Cons
• Based on propositional logic - not powerful
  enough, e.g. I wont give you any such kind of
  credential without your id.
• Negative constraints not supported e.g., I
  will never give both credit card and ATM card
• Only consider single sensitive credential
  combination of credentials also reveal identity,
  e.g. Name DOB vs. SSN

13
2.Inference Control

• Goal prevent users from learning sensitive
  information from statistics
• Suppose Malice knows the average GPAs, how would
  she learn Alices GPA for IT990?

14
2.Inference Control Related Work

• Abundant works in statistical databases earlier
  in 70s to 80s
• Recently revived in data warehouses/data mining
  area
• Two categories restriction-based and
  perturbation-based

15
2.Inference Control Related Work (Contd)

• Restriction-based inference control
• Chin, F. Y., AND Ozsoyoglu, G. Auditing and
  inference control in statistical databases. IEEE
  Trans. Softw. Eng. SE-8, 6 (Nov. 1982), 574-582.
• Answer a query if and only if its safe to do so
• Pros precise answers answers are precise if
  only they are given
• Cons high complexity O(m2n) for m queries on n
  values

16
2.Inference Control Related Work (Contd)

• Perturbation-based inference control
• R. Agrawal and R. Srikant, Privacy-preserving
  data mining, ACM International Conference on
  Management of Data, 2000
• Adding random noise to data such that sensitive
  info is destroyed but statistics are preserved
• Pros low complexity can be done offline
  before answering queries
• Cons precision of answers are not guaranteed
  may introduce bias and inconsistency