CS573 Data Privacy and Security Introduction Li Xiong Department of Mathematics and Computer Science Emory University

Introduction on Privacy Definitions and aspects of privacy Models of privacy protection Current lack of privacy protection and privacy breach incidents What we can do Data protection techniques Relevant security concepts/topics

Definitions of Privacy Right to be left alone (1890s, Brandeis, future US Supreme Court Justice) a: The quality or state of being apart from company or observation; b: freedom from unauthorized intrusion (Merrian-Webster) The right of individual to be protected against intrusion into his personal life or affairs, or those of his family, by direct physical or by publication of information (Calcutt committee, UK)

Aspects of Privacy Information privacy Bodily privacy Privacy of communications Territorial privacy

Privacy of the Person Also referred to as 'bodily privacy', is concerned with the integrity of the individual's body Examples: imposed treatments such as lobotomy and sterilization, blood transfusion without consent, requirements for submission to biometric measurement.

Privacy of Personal Behavior sometimes referred to as 'media privacy' sensitive matters, such as sexual preferences and habits, political activities religious practices

Privacy of Personal Communications Individuals desire the freedom to communicate among themselves Issues include use of directional microphones and 'bugs' with or without recording apparatus, telephonic interception and recording, and third-party access to -messages.

Privacy of Personal Data Referred to as 'data privacy' and 'information privacy‘. Establishment of rules governing the collection and handling of personal data Data about individuals should not be automatically available to other individuals and organizations The individual must be able to exercise a substantial degree of control over that data and its use.

Models of privacy protection Comprehensive laws Adopted by European Union, Canada, Australia Sectoral laws Adopted by US Financial privacy, protected health information Lack of legal protections for individual’s privacy on the Internet Self-regulation Companies and industry bodies establish codes of practice Privacy enhancing technologies

State of data privacy The last five decades have seen the application of information technologies to a vast array of abuses of data privacy

A race to the bottom: privacy ranking of Internet service companies A study done by Privacy International into the privacy practices of key Internet based companies Amazon, AOL, Apple, BBC, eBay, Facebook, Friendster, Google, LinkedIn, LiveJournal, Microsoft, MySpace, Skype, Wikipedia, LiveSpace, Yahoo!, YouTube

A Race to the Bottom: Methodologies Corporate administrative details Data collection and processing Data retention Openness and transparency Customer and user control Privacy enhancing innovations and privacy invasive innovations

A race to the bottom: interim results revealed

Why Google Retains a large quantity of information about users, often for an unstated or indefinite length of time, without clear limitation on subsequent use or disclosure Maintains records of all search strings with associated IP and time stamps for at least months Additional personal information from user profiles in Orkut Use advanced profiling system for ads

Remember, they are always watching … what can we do? Who cares? I have nothing to hide.

If you do care … Use cash when you can. Do not give your phone number, social-security number or address, unless you absolutely have to. Do not fill in questionnaires or respond to telemarketers. Demand that credit and data-marketing firms produce all information they have on you, correct errors and remove you from marketing lists. Check your medical records often. Block caller ID on your phone, and keep your number unlisted. Never leave your mobile phone on, your movements can be traced. Do not user store credit or discount cards If you must use the Internet, encrypt your , reject all “cookies” and never give your real name when registering at websites Better still, use somebody else’s computer

Information need vs. privacy The volume of data recorded about people will continue to expand Medical records, finance records, … Corporate surveillance of customers The data are of great value for both the individuals and our society. However, they also pose a significant threat to individuals’ privacy.

Privacy Protection A process of finding appropriate balances between privacy and multiple competing interests: the privacy interests of one person may conflict with some other interest of their own (e.g. privacy against access to credit, or quality of health care); the privacy interest of one person may conflict with the privacy interests of another person (e.g. health care information that is relevant to multiple members of a family); the privacy interest of one person or category of people may conflict with other interests of another person, category of people, organization, or society as a whole (e.g. creditors, an insurer, and protection of the public against serious diseases).

Data privacy - main topics Models and algorithms for privacy protection while allowing society to collect and share person-specific data for worthy purposes. Topics Anonymization techniques for privacy preserving data publishing Data perturbation techniques for privacy preserving data mining Statistical databases Cryptographic techniques for multi-party computation Privacy issues in different domains: healthcare, social networks …

Privacy preserving data publishing Also referred to as data anonymization, data de-identification Involves methods for de-identifying data such that the results can be shared with assurances of anonymity while the data remain practically useful for worthy purposes. Data anonymity is a compromise position.

A Face is exposed for AOL searcher No Naïve anonymization may not be sufficient 20 million Web search queries by AOL User “numb fingers”, “60 single men” “dog that urinates on everything” “landscapers in Lilburn, Ga” Several people names with last name Arnold “homes sold in shadow lake subdivision gwinnett county georgia” Thelma Arnold, a 62-year-old widow who lives in Lilburn, Ga., frequently researches her friends’ medical ailments and loves her dogs

22 Privacy-preserving data mining Data Perturbation – random noise, geometric rotation Models/patterns of data not affected Data Perturbation Private Data Perturbed Data Data Mining Data Perturbation Private Data Data Perturbation Private Data

23 Cryptographic techniques for distributed data sharing Multi-party secure computation Cryptographic protocols Absolute security/privacy vs. approximation xn x1 x3 x2 f(x1,x2,…, xn)

Access control Multi-level secure databases Hippocratic databases Statistical databases Policies Data Access Private Data Private Data Private Data Private Data Private Data Statistical Queries

Broader topics of information security Information security - protecting information and information systems from unauthorized access and use. Core principles (CIA triad) Confidentiality – preventing disclosure of information to unauthorized individuals or systems Integrity Availability Mechanisms Access control Cryptography

Other computer security topics Network security. Firewalls, intrusion detection systems (IDS), DoS attacks and defense … OS (Unix/Windows) security. Access control, administration … Software security. Memory management, buffer overruns, race conditions, analysis of code for security errors, safe languages, and sandboxing techniques … Malware analysis and defense. Worms, spyware …

References Privacy International – overview of privacy Privacy International - A Race to the Bottom: Privacy Ranking of Internet Service Companies Economist – the end of privacy Computer Security, 2 nd edition, Deiter Gollman

Further Readings - Privacy Protection Laws A good international survey: USA status: Children's Online Privacy Protection Act: Health Insurance Portability and Accountability Act: Gramm-Leach-Bliley Act: