Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lecture 27: Privacy CS 5430 5/7/2018.

Published byOphelia Little Modified over 5 years ago

Similar presentations

Presentation on theme: "Lecture 27: Privacy CS 5430 5/7/2018."— Presentation transcript:

1 Lecture 27: Privacy CS /7/2018

2 C I A Confidentiality Integrity Availability

3 Privacy Privacy concerns information about individuals (people, organizations, etc.) Often construed as legal right Privacy is not a synonym for confidentiality or for secrecy

4 What is Privacy? discuss Privacy as confidentiality
Nissenbaum (contextual integrity)

5 What is a privacy violation?
Police read papers stored in your home Police read papers you threw in the trash Police read your medical records Your parents read your medical records Gannett uses your medical records in a research study Police read your texts/Facebook messages Police read your s Google employee reads your s Google uses your s to target personalized ads Someone tracks your location for months (using phone) Assume all actions occur without your consent and without a warrant

6 Privacy in American Law
Louis Brandeis was an American lawyer and Supreme Court justice, also a leader of the progressive party With his law partner Samual Warren, influential early writer on privacy law, including "The Right to Privacy" [Harvard Law Review, 1890], which developed the idea of a right to be left alone, and a right to control private data. John Harlan (supreme court justice) outlined a two-prong test for a "reasonable expectation of privacy" in his concurrence to Katz v. United States (1967) to identify when laws or behaviors violated fourth amendment protections. Current cases to watch: Carpenter v. United States

7 Contextual Integrity defines privacy relative to appropriate context
considers information type, time, location, purpose, principals involved (subject, sender, receiver) dependent on social norms norms can change over time

8 General Guidelines The FTC's Fair Information Practice Principals (FIPPs) are the most broadly recognized guidelines for handling private data in information systems Seek consent Minimize data use Limit storage Avoid linking

9 Deanonymization Zip Code Gender Date of Birth You
Sweeney 97: identified Massachusetts governor from anonymized insurance dataset using voter records Massachusettes Group Insurance Commission “anonymized” health records for state employees + voter rolls. Sweeney 02: 87% of Americans uniquely identified by Zip Code, Gender, DOB

10 Deanonymization In 2006, AOL released 20 million "anonymized" search results from 650,000 users for research purposes.

11 Deanonymization In 2006, Netflix released a challenge. They released a data set of 100 million ratings by 480,000 anonymized users. The first group to best Netflix's in-house recommendation system by 10% would receive a reward of $1 million. Awarded to a group from AT&T labs in 2009.

12 k-Anonymity Name Gender Year Grade Alice F 2018 95 Bob M 80 Charlie
David 60 Edward 2019 Flora 99 Georgia quasi-identifiers: (sets of) attributes that can be exploited for linking k-anonymity: each quasi-identifier must be ambiguously mapped to at least k different individuals Techniques: suppression and generalization Problems: identifying QIs, homogenity attack, background knowledge attack Refinement: \ell-diversity additionally requires \ell "well represented" values for each QI

13 Database Privacy Offline Privacy Online Privacy DB DB “Private” data

14 Data Perturbation -online or offline -problem: utility
-problem: noise cancels out

15 Differential Privacy absolute privacy is impossible
goal should be to limit how much information can be learned A query 𝑄 is 𝜖-differentially private if ∀𝐷,𝑟∈𝐷, Pr 𝑄 𝐷 =𝑥 ≤ 𝑒 𝜖 ⋅Pr⁡[𝑄 𝐷−𝑟 =𝑥]

16 Differential Privacy Key Idea: Changing a single user’s record does not significantly affect the result of any analysis or query

17 DP in action…

18 Internet Privacy

19 Internet Privacy

20 Notice & Consent

21 Browser Tracking

22 Browser Tracking -standard cookies, third party cookies

23 Browser Tracking

24 Beyond Cookies Zombie Cookies Browser Fingerprinting
Zombie cookie mechanisms: browser history, encode as RGB values in cached image, local storage (e.g., flash cookie), HTML session/local storage (evercookie: javascript API that stores zombie cookie copies in all available forms) browser fingerprinting (canvas = GPU + driver +etc, clock skew, fonts, history, etc)

25 Fingerprinting Works Operating System Browser Settings Time Zone
Language Canvas

26 The result…

27 Personalized Content

28 Targeted Advertising

29 Data Collection is Here to Stay…

Download ppt "Lecture 27: Privacy CS 5430 5/7/2018."

Similar presentations

Protection of privacy for all Students!

Protection of privacy for all Students!
21-1 Last time Database Security  Data Inference  Statistical Inference  Controls against Inference Multilevel Security Databases  Separation  Integrity.

21-1 Last time Database Security  Data Inference  Statistical Inference  Controls against Inference Multilevel Security Databases  Separation  Integrity.
Ragib Hasan Johns Hopkins University en.600.412 Spring 2011 Lecture 8 04/04/2011 Security and Privacy in Cloud Computing.

Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 8 04/04/2011 Security and Privacy in Cloud Computing.
Criteria For Approval 45 CFR 46.111 25 CFR 56.111 Minimized risks Reasonable risk/benefit ratio Equitable subject selection Informed consent process Informed.

Criteria For Approval 45 CFR CFR Minimized risks Reasonable risk/benefit ratio Equitable subject selection Informed consent process Informed.
Online Privacy and Codes of Conduct Peter Fleischer Global Privacy Counsel my personal blog:

Online Privacy and Codes of Conduct Peter Fleischer Global Privacy Counsel my personal blog:
Chapter 11 Privacy Policies and Behavioral Marketing.

Chapter 11 Privacy Policies and Behavioral Marketing.
MINNESOTA GOVERNMENT DATA PRACTICES ACT How the law affects University employees and recordkeeping Susan McKinney Records & Information Management.

MINNESOTA GOVERNMENT DATA PRACTICES ACT How the law affects University employees and recordkeeping Susan McKinney Records & Information Management.
DNA Databases Ethical Issues and Legal Implications.

DNA Databases Ethical Issues and Legal Implications.
Ji Yeon Chu, Lindsey Fong, Jonathan Bender, Yi Low, and Umang Patel.

Ji Yeon Chu, Lindsey Fong, Jonathan Bender, Yi Low, and Umang Patel.
April 13, 2010 Towards Publishing Recommendation Data With Predictive Anonymization Chih-Cheng Chang †, Brian Thompson †, Hui Wang ‡, Danfeng Yao † †‡

April 13, 2010 Towards Publishing Recommendation Data With Predictive Anonymization Chih-Cheng Chang †, Brian Thompson †, Hui Wang ‡, Danfeng Yao † †‡
9 99 CHAPTER Privacy and Security. 9 © The McGraw-Hill Companies, Inc. 2002 Objectives 1.Privacy 2.Security 3.Ergonomics 4.Environment.

9 99 CHAPTER Privacy and Security. 9 © The McGraw-Hill Companies, Inc Objectives 1.Privacy 2.Security 3.Ergonomics 4.Environment.
Privacy and Networks CPS 96 Eduardo Cuervo Amre Shakimov.

Privacy and Networks CPS 96 Eduardo Cuervo Amre Shakimov.
Privacy-Aware Computing Introduction. Outline  Brief introduction Motivating applications Major research issues  Tentative schedule  Reading assignments.

Privacy-Aware Computing Introduction. Outline  Brief introduction Motivating applications Major research issues  Tentative schedule  Reading assignments.
Privacy as an International Information Issue MD823 October 18, 2004.

Privacy as an International Information Issue MD823 October 18, 2004.
Preserving Privacy in Clickstreams Isabelle Stanton.

Preserving Privacy in Clickstreams Isabelle Stanton.
Hippocratic Databases Paper by Rakesh Agrawal, Jerry Kiernan, Ramakrishnan Srikant, Yirong Xu CS 681 Presented by Xi Hua March 1st,Spring05.

Hippocratic Databases Paper by Rakesh Agrawal, Jerry Kiernan, Ramakrishnan Srikant, Yirong Xu CS 681 Presented by Xi Hua March 1st,Spring05.
HIPAA What’s Said Here – Stays Here…. WHAT IS HIPAA  Health Insurance Portability and Accountability Act  Purpose is to protect clients (patients)

HIPAA What’s Said Here – Stays Here…. WHAT IS HIPAA  Health Insurance Portability and Accountability Act  Purpose is to protect clients (patients)
Privacy in Computing Legal & Ethical Issues in Computer …Security Information Security Management …and Security Controls Week-9.

Privacy in Computing Legal & Ethical Issues in Computer …Security Information Security Management …and Security Controls Week-9.
R 18 G 65 B 145 R 0 G 201 B 255 R 104 G 113 B 122 R 216 G 217 B 218 R 168 G 187 B 192 Core and background colors: 1© Nokia Solutions and Networks 2014.

R 18 G 65 B 145 R 0 G 201 B 255 R 104 G 113 B 122 R 216 G 217 B 218 R 168 G 187 B 192 Core and background colors: 1© Nokia Solutions and Networks 2014.
The Privacy Torts Public Disclosure of a Private Fact Intrusion False Light Appropriation.

The Privacy Torts Public Disclosure of a Private Fact Intrusion False Light Appropriation.

Similar presentations

Ads by Google