Privacy-Aware Computing Introduction

Questions and Answers

What is an example of individual privacy?

• Industry collaborations
• Health records (correct)
• Business secrets
• Manufacturing process

Why are people unwilling to release personal information for data mining?

• Due to privacy concerns (correct)
• Due to high failure rates
• Due to disease outbreaks
• Due to lack of profits

What is an example of organization privacy?

• Patient background
• Public data
• Business secrets (correct)
• Customer data

Why do insurance companies want to access personal medical records?

To maximize profits (D)

What is a challenge in industry collaborations?

Preserving trade secrets (A)

What is the goal of data mining in the context of disease outbreaks?

To identify disease outbreaks (A)

What is the primary goal of security in relation to privacy?

To respect and enforce privacy decisions (B)

What is the most serious crime against privacy mentioned in the content?

Identity theft (C)

What is an example of a threat to privacy at the application level?

Projects for new applications on the Information Highway (C)

What is an example of a threat to privacy at the communication level?

Monitoring of transactional data (A)

What is a method of privacy protection mentioned in the content?

Self-regulation for fair information practices (D)

What is another view of threats to privacy mentioned in the content?

Aggregation and data mining, poor system security, government threats (C)

What is the main concern related to web search and search engines?

Derivation of personal information from search history (D)

What is a risk associated with social networking?

Privacy breach and personal data abuse (B)

What is the concern related to mobile computing and Google Latitude?

Loss of location privacy (D)

What is the goal of micro data publishing?

Anonymize data for statistical analysis and modeling (A)

What is the main concern related to cloud computing?

Data outsourcing (D)

What is a major research area in privacy?

Social networks (C)

What is the goal of data anonymization?

Make sure at least k records have the same virtual identifiers (B)

What is the main difference between security and privacy?

Decisions on what personal information is released and who can access it vs. protection from unauthorized access (B)

What is a major concern regarding national security and privacy?

They are conflicting and often require trade-offs. (B)

What is the main issue with 'free' services, such as frequent-buyer cards?

They are not really free and often come with hidden costs. (D)

What is the main concern with the US PATRIOT Act 2001?

It dramatically reduced restrictions on law enforcement agencies' ability to search records. (B)

What is the goal of data anonymization techniques?

To protect individual privacy by removing personally identifiable information. (C)

What is a common issue with anonymized data?

It can be linked with auxiliary data to reveal personally identifiable information. (C)

What is a concern regarding the use of surveillance devices in the context of national security?

They can lead to a loss of individual privacy. (B)

What is a trade-off being considered in the fight against coronavirus?

Privacy vs. public health. (C)

What is a concern regarding online activities, such as unencrypted e-mail and web surfing?

They are not secure and can be attacked. (A)

Study Notes

Parties Concerning Privacy

• Individual privacy relates to customer data, public data, health records, locations, online activities, and more.
• Organization privacy involves business secrets and legal issues that prevent data sharing.

Cases of Privacy-Aware Computing

• Public use of private data: data mining enables knowledge discovery, but people are unwilling to release personal information due to privacy concerns.
• Industry collaborations/trade groups: identifying best practices while preserving secrets (e.g., manufacturing process Y gives low failure rates).
• Web search: search engine companies keep cookies and search history, which can be used to derive personal information (e.g., AOL dataset).
• Social networking: companies use data for ads targeting, risking privacy breach and personal data abuse.
• Mobile computing: allowing Google Latitude to trace locations compromises location privacy.
• Cloud computing: users must outsource sensitive data to the cloud (e.g., personal information, customer records, patient info).

Major Research Areas

• Micro data publishing: anonymizing data for statistical analysis and modeling, and privacy-preserving data mining.
• Data outsourcing: cloud computing and sensitive data management.
• Databases: statistical databases, private information retrieval, and collaborative data mining.

Major Areas

• Social networks: personal bio data, preferences, friends, interactions, and designing mechanisms for users to control private data.
• Mobile computing: location privacy and protecting user data.
• Collaborative computing: collaborative data mining and sharing models without individual records.

Major Technical Challenges

• Techniques: data perturbation, data anonymization, cryptographic techniques (e.g., secure multiparty computation, private information retrieval, crypto-protocols for privacy-preserving DM).
• Privacy evaluation: assessing the tradeoff between privacy and data utility.

Differences between Security and Privacy

• Data privacy: dealing with the ability to determine what data can be shared with third parties.
• Privacy: making decisions on what personal information is released and who can access it.
• Security: ensuring that privacy decisions are respected.

Privacy Protection

• Privacy protection can be undertaken by government laws, self-regulation, privacy-enhancing technologies (PETs), and education.

Threats to Privacy

• Identity theft: the most serious crime against privacy.
• Threats to privacy at application level: collection/transmission of large quantities of personal data.
• Threats to privacy at communication level: monitoring/logging of transactional data and extraction of user profiles.
• Threats to privacy at system level: system access threats.
• Threats to privacy in audit trails: aggregating and mining data.

Threats to Privacy (Another View)

• Aggregation and data mining.
• Poor system security.
• Government threats: government access to private data (e.g., taxes, homeland security).
• The Internet as privacy threat: unencrypted email/web surfing/attacks.
• Privacy for sale: many traps (e.g., accepting frequent-buyer cards reduces privacy).

National Security and Privacy

• National security and privacy are conflicting interests.
• Enhancing national security: surveillance devices are everywhere, and the US PATRIOT Act 2001 reduced restrictions on law enforcement agencies.
• Big Brother is watching you: individuals have to lose privacy.

Common Issues and Concerns

• Linkage attack: an attacker can "link" pseudonymous data with an auxiliary dataset.
• Privacy could be the next victim of the coronavirus: governments face trade-offs on privacy in the fight against coronavirus.

Description

This quiz covers the basics of privacy-aware computing, including individual and organization privacy concerns, and cases of public use of private data.