Privacy-Aware Computing Introduction

Parties Concerning Privacy

• Individual privacy relates to customer data, public data, health records, locations, online activities, and more.
• Organization privacy involves business secrets and legal issues that prevent data sharing.

Cases of Privacy-Aware Computing

• Public use of private data: data mining enables knowledge discovery, but people are unwilling to release personal information due to privacy concerns.
• Industry collaborations/trade groups: identifying best practices while preserving secrets (e.g., manufacturing process Y gives low failure rates).
• Web search: search engine companies keep cookies and search history, which can be used to derive personal information (e.g., AOL dataset).
• Social networking: companies use data for ads targeting, risking privacy breach and personal data abuse.
• Mobile computing: allowing Google Latitude to trace locations compromises location privacy.
• Cloud computing: users must outsource sensitive data to the cloud (e.g., personal information, customer records, patient info).

Major Research Areas

• Micro data publishing: anonymizing data for statistical analysis and modeling, and privacy-preserving data mining.
• Data outsourcing: cloud computing and sensitive data management.
• Databases: statistical databases, private information retrieval, and collaborative data mining.

Major Areas

• Social networks: personal bio data, preferences, friends, interactions, and designing mechanisms for users to control private data.
• Mobile computing: location privacy and protecting user data.
• Collaborative computing: collaborative data mining and sharing models without individual records.

Major Technical Challenges

• Techniques: data perturbation, data anonymization, cryptographic techniques (e.g., secure multiparty computation, private information retrieval, crypto-protocols for privacy-preserving DM).
• Privacy evaluation: assessing the tradeoff between privacy and data utility.

Differences between Security and Privacy

• Data privacy: dealing with the ability to determine what data can be shared with third parties.
• Privacy: making decisions on what personal information is released and who can access it.
• Security: ensuring that privacy decisions are respected.

Privacy Protection

• Privacy protection can be undertaken by government laws, self-regulation, privacy-enhancing technologies (PETs), and education.

Threats to Privacy

• Identity theft: the most serious crime against privacy.
• Threats to privacy at application level: collection/transmission of large quantities of personal data.
• Threats to privacy at communication level: monitoring/logging of transactional data and extraction of user profiles.
• Threats to privacy at system level: system access threats.
• Threats to privacy in audit trails: aggregating and mining data.

Threats to Privacy (Another View)

• Aggregation and data mining.
• Poor system security.
• Government threats: government access to private data (e.g., taxes, homeland security).
• The Internet as privacy threat: unencrypted email/web surfing/attacks.
• Privacy for sale: many traps (e.g., accepting frequent-buyer cards reduces privacy).

National Security and Privacy

• National security and privacy are conflicting interests.
• Enhancing national security: surveillance devices are everywhere, and the US PATRIOT Act 2001 reduced restrictions on law enforcement agencies.
• Big Brother is watching you: individuals have to lose privacy.

Common Issues and Concerns

• Linkage attack: an attacker can "link" pseudonymous data with an auxiliary dataset.
• Privacy could be the next victim of the coronavirus: governments face trade-offs on privacy in the fight against coronavirus.