Presentation on theme: "Security and Privacy: Are they Two Sides of the Same Coin? Organizer: Lillie Coney, epic.org Sherry Burs-Howard, The MITRE Corporation Chris Clifton, Purdue."— Presentation transcript:
Security and Privacy: Are they Two Sides of the Same Coin? Organizer: Lillie Coney, epic.org Sherry Burs-Howard, The MITRE Corporation Chris Clifton, Purdue University / CERIAS David Farber, Professor Emeritus U. Penn.
I’m Chris Clifton, and I Want Your Data! Your Data is Valuable! –H–Health and Social Sciences Research –M–Market and Product Research –P–Personalization –T–Targeted marketing –I–Identity theft Is it worth the risk to privacy?
Privacy Security? New Issues Ownership of data –Often NOT the individual –But individual still has a say Consent for use of data –By the individual –For a specific purpose Secondary use –May be “authorized user” –But only authorized for the right purpose
CPO ≠ CSO Privacy shouldn’t be an add-on –We already have to fight this with Security Compliance –Regulations vary by jurisdiction, type of data HIPAA, FERPA, U.S. Persons, … EC95/46 –Enforcement happens But without security, we don’t get privacy
Analysis of Private Data Security technology enables safe analysis of private data –I may want your data –But I only need analysis of the data We need a vision for managing data about individuals that recognizes this distinction
Privacy-Preserving Data Mining Approaches (Outlier Detection) Algorithm – – – Carl362 Jessica248 Chris195 Dirk482 Chris84 Dirk29 Carl15 Jessica34... Bank Credit Card Tom Terrorist: Evaluate Give the Algorithm Get the Data PPDM: Randomization Transformation Anonymization Secure Multiparty Computation 2
Beneficial Use of Data Dot chart by Dr. James Snow showing deaths from cholera in relation to the locations of public water pumps. –Observed that cholera occurred almost entirely among those who lived near (and drank from) the Broad Street water pump Can we do this without risk to Privacy? –HIPAA Safe-Harbor Anonymization
HIPAA: De-Identifying Data A person with appropriate knowledge of and experience with generally accepted statistical and scientific principles and methods for rendering information not individually identifiable –Applying such principles and methods, determines that the risk is very small that the information could be used, alone or in combination with other reasonably available information, by an anticipated recipient to identify an individual who is a subject of the information; and –Documents the methods and results of the analysis that justify such determination The following identifiers of the individual or of relatives, employers, or household members of the individual, are removed: –Names, Location < 1 st three digits of zip, dates < year, Tel/Fax/ /SSN/MRN/InsuranceID/Account/licence/VIN/License Plate Numbers, DeviceID, URL/IP, Biometric IDs, full-face photographs, any other unique identifiers; and –The covered entity does not have actual knowledge that the information could be used alone or in combination with other information to identify an individual who is a subject of the information.
Anonymized Data HIPAA Safe-Harbor De-Identified Data –Is it useful? NameAddr.BirthSexDiagnosis 479xx56F… 479xx67M… 479xx78MSchizophrenic