Presentation is loading. Please wait.

Presentation is loading. Please wait.

18734: Foundations of Privacy

Published byEjvind Knudsen Modified over 5 years ago

Similar presentations

Presentation on theme: "18734: Foundations of Privacy"— Presentation transcript:

1 18734: Foundations of Privacy
Course Review Anupam Datta CMU Fall 2017

2 Personal Information is Everywhere

3 Privacy and Fairness Problems
Collection Inference Use Collection: Massive online tracking, data brokers, govt surveillance Inference: Facebook – sexual orientation from friendship graph, Target – pregnancy status from purchase history Use: pricing, bias Dissemination: search engines, RECAP and online court records Dissemination

4 Organizing Questions What is privacy? What is fairness?
From philosophical and legal conceptions to computer science and engineering Inspiration from conceptions, but greater precision often through greater specificity How can we protect privacy and fairness? Beyond creating laws and institutions Computational mechanisms

5 An Organizing Viewpoint
Privacy as a right to restrictions on personal information flow Collection Inference Use Dissemination

6 Privacy enhancing technology adoption
Some drivers User/citizen trust Ethics/culture Internal team Regulation Public opinion

7 Privacy Problems

8 Module I: Privacy through Accountability
Collection Use Dissemination

9 Web Privacy: Online Tracking
Collection 64 Independent tracking mechanisms on average on top-50 sites

10 Healthcare Privacy Privacy Expectations Hospital Analyst Patient
information Patient information Patient information To understand why we want to formalize purpose restrictions, let’s start with an example. A patient goes to a hospital and provides medical information to a physician. The physician needs help and passed some of this information along to a nurse. The nurse then turns around and sells the information to a drug company that uses it for marketing. Since some patients object to such uses of their health information and we, as a society, want to encourage open communication between patients and their physicians, we have adopted privacy policies, such as HIPAA, that prohibit such uses of patient information without their consent. To ensure that employees comply with these policies, hospitals employ auditors who examine accesses to and transmissions of protected information looking for actions that violate the privacy policies in place. Drug Company Patient Physician Nurse

11 HIPAA Privacy Rule Use Dissemination
A covered entity may disclose an individual’s protected health information (phi) to law-enforcement officials for the purpose of identifying an individual if the individual made a statement admitting participating in a violent crime that the covered entity believes may have caused serious physical harm to the victim

12 Web Advertising Example privacy policies:
Use Example privacy policies: Not use detailed location (full IP address) for advertising Not use health information for advertising

13 Privacy Compliance for Bing
Use Setting: Auditor has access to source code

14 Web Privacy: Advertising
Use Ads Sensitive Information (e.g., race, health information) Google Confounding Inputs

15 Module I: Privacy through Accountability
Formalize Privacy Policies Precise semantics of privacy concepts (restrictions on personal information flow) Enforce Privacy Policies Accountability Detect Explain Correct We have a body of work on understanding concepts in these privacy policies --- laws and enterprise policies --- at an operational level and on algorithms and computer systems to aid in the task of enforcing these policies. Our enforcement regime comprises of audit and accountability mechanisms to detect policy violations, identify agents to blame for the violations, and impose appropriate sanctions to deter future violations.

16 Module I: Learning Outcomes
Understanding of real-world privacy policies and laws Methods for detecting privacy violations Experience with audit tools for healthcare privacy Experience with web tracking investigation tool

17 Module II: Protecting Privacy and Fairness in Big Data Analytics
Collection Inference Use Dissemination CMU

18 Database Privacy Goals
Government, marketers, researchers, … Health records Census data Web search records Conflicting goals: Provide useful information Protect individual privacy 18

19 Inference CMU

20 Inference CMU

21 Privacy Solutions Collection Inference Dissemination

22 Module II: Learning Outcomes
Understanding of pitfalls in anonymizing databases Understanding of methods for releasing privacy- preserving statistics and their limitations Understanding bias in machine learning and corrective measures Understanding transparency (explanations) for decisions of machine learning systems CMU

23 Module III: Cryptographic Mechanisms for Privacy Protection
Collection

24 Anonymous Communication

25 Digital Cash ... IN: scriptSig ... IN: scriptSig A OUT: OUT:
scriptPub A, 5.9 IN: scriptSig A OUT: scriptPubB, 5.0 scriptPubA, 0.9 ... IN: scriptSig A OUT: scriptPubC, 10.0 IN: scriptSig ... OUT: scriptPubA, 9.2 ... CMU Slide credit: Joe Bonneau

26 Module III: Learning Outcomes
Understanding of cryptography behind Anonymous communication Anonymous cash (zero-knowledge)

27 An Organizing Viewpoint
Privacy as a right to restrictions on personal information flow Collection Inference Use Dissemination

28 Privacy enhancing technology adoption
Some drivers User/citizen trust Ethics/culture Internal team Regulation Public opinion

29 Thanks! Questions?

Download ppt "18734: Foundations of Privacy"

Similar presentations

HIPAA AWARENESS TRAINING

HIPAA AWARENESS TRAINING
Policy Auditing over Incomplete Logs: Theory, Implementation and Applications Deepak Garg 1, Limin Jia 2 and Anupam Datta 2 1 MPI-SWS (work done at Carnegie.

Policy Auditing over Incomplete Logs: Theory, Implementation and Applications Deepak Garg 1, Limin Jia 2 and Anupam Datta 2 1 MPI-SWS (work done at Carnegie.
IT Security Policy Framework

IT Security Policy Framework
FERPA Refresher Training Start. Page 2 of 11 Copyright © 2006 Arizona Board of Regents FERPA Refresher Training What is FERPA FERPA stands for Family.

FERPA Refresher Training Start. Page 2 of 11 Copyright © 2006 Arizona Board of Regents FERPA Refresher Training What is FERPA FERPA stands for Family.
Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.

Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.
HIPAA and Public Health 2007 Epi Rapid Response Team Conference.

HIPAA and Public Health 2007 Epi Rapid Response Team Conference.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.

National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
 Original Intent: ◦ Act passed in 1996 with two main goals: 1.Ensure individuals would be able to maintain their health insurance between jobs (the “portability”

 Original Intent: ◦ Act passed in 1996 with two main goals: 1.Ensure individuals would be able to maintain their health insurance between jobs (the “portability”
HIPAA THE PRIVACY RULE Reviewed December 2012 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-

HIPAA THE PRIVACY RULE Reviewed December HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti-
Formalizing and Enforcing Privacy: Semantics and Audit Mechanisms Anupam Datta Carnegie Mellon University Verimag January 13, 2012.

Formalizing and Enforcing Privacy: Semantics and Audit Mechanisms Anupam Datta Carnegie Mellon University Verimag January 13, 2012.
Privacy and Contextual Integrity: Framework and Applications Adam Barth, Anupam Datta, John C. Mitchell (Stanford), and Helen Nissenbaum (NYU) TRUST Winter.

Privacy and Contextual Integrity: Framework and Applications Adam Barth, Anupam Datta, John C. Mitchell (Stanford), and Helen Nissenbaum (NYU) TRUST Winter.
Privacy 2. Additional references www.privacyrights.org www.epic.org www.eff.org.

Privacy 2. Additional references
Version 6.0 Approved by HIPAA Implementation Team April 14, 2003 1 HIPAA Learning Module The following is an educational Powerpoint presentation on the.

Version 6.0 Approved by HIPAA Implementation Team April 14, HIPAA Learning Module The following is an educational Powerpoint presentation on the.
Privacy-Aware Computing Introduction. Outline  Brief introduction Motivating applications Major research issues  Tentative schedule  Reading assignments.

Privacy-Aware Computing Introduction. Outline  Brief introduction Motivating applications Major research issues  Tentative schedule  Reading assignments.
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.

HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
HIPAA – Health Insurance Portability & Accountability Act and the Privacy Act MSgt Nechele M. Chambers Senior Enlisted Liaison TRICARE Area Office-Europe.

HIPAA – Health Insurance Portability & Accountability Act and the Privacy Act MSgt Nechele M. Chambers Senior Enlisted Liaison TRICARE Area Office-Europe.
Health Sciences.  Principles  Code of Conduct for right and wrong  Values  Core of all health care decisions.

Health Sciences.  Principles  Code of Conduct for right and wrong  Values  Core of all health care decisions.
ICT 1 Towards an Integrated Approach to Access Control to Health Information Presented by: Inger Anne Tøndel SINTEF Co-authors: Per Håkon Meland SINTEF.

ICT 1 Towards an Integrated Approach to Access Control to Health Information Presented by: Inger Anne Tøndel SINTEF Co-authors: Per Håkon Meland SINTEF.
Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.

Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.

Similar presentations

Ads by Google