1. A Policy Based Infrastructure for Social Data Access with Privacy Guarantees Tim Finin (UMBC) for: Palanivel Kodeswaran (UMBC) Evelyne Viegas (Microsoft Research) POLICY 2010, Fairfax VA 21 July 2010 http://ebiquity.umbc.edu/paper/html/id/493/

2. Connected Data We “leave” our digital footprints online in discussion forums, social networks, web searches Copying and sharing Data is easy Users have no control over how their data is used and inferences that can be made based on their data

3. Personalization Garden Veggie with minimal cheese

4. Personalization? That’s not enough running!! Sub: Insurance Renewal Dear John, In reviewing your record, we have decided to increase your premium to better serve your needs and that of your family.

5. User Control over Private Data There is a need for a framework in which users can specify their privacy preferences in terms of who can access their data and how it can be used Sticky Policy Phone Number Phone number can be used for emergency contact Phone number can’t be used for marketing

6. Data Sharing for Scientific Research Large amounts of Data behind closed walls – Medical data, search data, finance data Trend continues with user generated data as well – Facebook, Health Vault Researchers can benefit from access to this data – User trends, epidemiology models, search ranking – Most research can be performed with aggregate data But remember the AOL fiasco

7. Policy Based Infrastructure We’ve describe a policy-based infrastructure that – Allows users to specify who can access what and why – Adds additional access modes for releasing data at different granularities – Extends the traditional binary semantics of access control viz. allow/deny with emerging privacy preserving analysis techniques

8. Complete Access Facebook FriendsHealth Vault Custodian & Invitee Picture from [ars] Access to the complete and detailed data

9. Abstract Access Financial Websites like Covester allow sharing abstract portfolio information Google Latitude for location information Picture from [gpsobsessed] Access to data encoded using more general, abstract concepts, e.g., in Baltimore as opposed to at given lat-lon coordinates

10. Statistical Access User trends in search data using differential privacy The number of distinct users searching over the duration of a day at different epsilon levels C. Dwork, Differential privacy, Int. Col. Automata, languages and programming, pp. 1-12, Springer, 2006.

11. Example Policies Alice says ?Bob can read CompleteAccess /MyHealth if ?Bob is PrimaryPhysician Alice says ?Bob can read AbstractAccess /MyFinance if ?Bob is InvestorFriend MS says ?Bob can read StatisticalAccess /SearchData if ?Bob is Researcher

12. System Architecture Policy Infrastructure User Request Statistical Access Abstract Access Target Data Application Policy Enforcement Point Complete Access PEPPEP

13. Evaluation and Conclusion See poster for prototype and evaluation details Developed a policy based infrastructure for data sharing to enable scientific research without threatening individual privacy Created additional access modes to control the granularity of information that is released Implemented a prototype using SecPAL and verified it on a synthetic dataset M. Becker et al., SecPAL: Design and semantics of a decentralized authorization language, Journal of Computer Security, v18n4, pp. 597--643, 2010, IOS Press.