Eric Horvitz Tadayoshi Kohno Frank McSherry Wendy Seltzer Daniel Weitzner

Right of Privacy, Brandeis and Warren, 1890 “Recent inventions and business methods call attention to the next step which must be taken for the protection of the person…”

Large amounts of behavioral data becoming available in stream with services Opportunity to learn from data to enhance services, create new services Core research on people and behavior

Example: Collaborative Filtering Pref 1 Pref nProducts, Content 1.. m

Example: Web search Query 1 Query n Content + Content - Ad + Ad -

Obs. 1 Obs. n ActionsServicesFeedback Beyond search… multiple services

T ΔtΔt Predestination Project start T ΔtΔt Traffic Advisor Airport 25-min. delay at I-405 & I-90. Suggest I-5 instead. Seattle Center Broad St. closed. Suggest Denny Way instead. On your way to the airport? Park here! $8/day. Directions  Specials

Protected sensing and personalization Learning privacy preferences and tradeoffs Selective revelation from population data Restricted usage policies Obscuration and anonymity

 Shroud of privacy Machine learning Predictive model  Actions  Content  Preferences  Contextual attributes  Sensor data

 Shroud of privacy Machine learning Predictive model 3rd party content  Context  Real-time sensor data sensor data  Predictions  Recommendations  Services Prebuilt model (From subjects of study)  Actions  Content  Preferences  Contextual attributes  Sensor data

  Documents  Web activity  Location... Personal content and activities store Personalized result ranker Personalized Results from web search engine

Common law: “Intrusion upon seclusion” …if the intrusion would be highly offensive to a reasonable person.” “Offensive” changes with time Rapid photography! 1800’s: “Rapid photography!” Ringing a phone! 1920’s: “Ringing a phone!” …intrudes into the private sanctity of the home.

Variances Differences Similarities

Clusters of kinds of information that are treated similarly

Learn from volunteers General application Sensitivity of private information Value of information Identifying a sweet spot? Maximize value at minimum sensitivity Getting the biggest “bang” for the personal data “buck” (with Andreas Krause)

Value of personal data in enhanced service: Demographic data Search history (same query, searches per day?) Topic interests (ever visited business, kids, etc., website) User behavior (location, ever changed zip)? Query: sports Pages Freq Entropy H = Freq Country USA H = 1.7 Entropy Reduction: 0.9

Query: “mp3” Prior entropy: 5.82 U(prev_arts) = 0.50 U(prev_reference) = 0.53; Query: “cars” Prior entropy: 4.55 U(prev_arts) = 0.40 U(prev_kids) = 0.41

- λ = Value: Diminishing returns (submodular) Cost: Accelerating (supermodular) Optimization Optimal tradeoff! More observations

Optimal tradeoff!

n=1437

Rise of preference and intention machines Managing privacy and confidentiality as critical Directions Protected sensing and personalization for services Learning and harnessing preferences about privacy and privacy tradeoffs

© 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Microsoft Research Faculty Summit 2007