View
218
Download
1
Tags:
Embed Size (px)
Citation preview
Privacy: Challenges and Privacy: Challenges and OpportunitiesOpportunities
Tadayoshi KohnoDepartment of Computer Science and EngineeringUniversity of Washington
Definition - Oxford English Dictionary:“The state or condition of being alone, undisturbed, or free from public attention, as a matter of choice or right; seclusion; freedom from interference or intrusion.”
Questions:Who: Who receives access to your information?What: What information is disclosed?When: Under what conditions is it exposed?Why: What will they use that information for?
Claim: It’s a lost cause - we’ve already lost our privacyClaim: “I’ve got nothing to hide”Claim: Users choose functionality over privacy
Examples:The web (search engines, web mail, social networking sites, traffic through ISPs, …)Shopping (customer loyalty cards, conventional credit cards, RFID credit cards)Electronic voting (privacy issues seldom discussed)
What are users’ privacy goals and values (users may differ)?How can we give users a more intuitive understanding of:
What information leaks out;To whom; andFor what purposes?
Proposals like P3P (Platform for Privacy Preferences) help
Who should take responsibility?The data collector?
Harden systems against attacksSufficiently scrub data before sharing data with the public (recall the AOL logs)What about sharing data with corporate partners?
The user?Don’t reveal information in the first place (cash purchases, no Web)Tor, anonymization systems, pseudonymsBut what if data collectors aggregate information or are not trustworthy?
Privacy may come with a cost (efficiency, time to market, usability, ...)
Is the cost worth it?
Assume products/services A, B, and C violate a user’s privacy
Is it worth just fixing the privacy properties of A?What are the incentives when A, B, and C are produced by competing companies?
Scrubbing data while preserving utility is challengingWhat constitutes identifying (or too revealing) information?Recent examples:
Identifying users in “anonymized” AOL logsDe-anonymizing IP addresses in “anonymized” network tracesIdentifying encrypted web content (from MSR and elsewhere)
Example directions (for query logs) [Adar, QLW WWW07]
Remove queries that occur < n timesNew pseudonyms every t minutesDifferent pseudonyms for each “type” of query
Multiple parties involvedUsers, companies, and adversariesDifferent parties may have different goals, perceptions of privacy
Users may not understand implications of revealing data
Users may not even consider that data to be private
Where should we focus our efforts?Users and usability?Individual products and services?Policy?
© 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of
this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.