Presentation is loading. Please wait.

Presentation is loading. Please wait.

Privacy and Security Lowell Meeting Joe Hellerstein.

Published byJulian Rivera Modified over 10 years ago

Similar presentations

Presentation on theme: "Privacy and Security Lowell Meeting Joe Hellerstein."— Presentation transcript:

1 Privacy and Security Lowell Meeting Joe Hellerstein

2 These notes based on prior discussion IBM Almaden Institute 2003: Privacy Organizer: Rakesh Agrawal These notes resulted from a group discussion I led: Technology requirements for privacy. Many participants, including computer scientists, government officials, product managers Distillation is my own I should be blamed for errors, misrepresentations, etc.

3 Whose Privacy? Whose Security? Individual Organization (corporation, library, school) Government Society

4 Traditional Topics & Today Access control Views (need-to-know) Roles, not individuals Etc. Now mix in: Serious adversaries (pass the bit tweezers) Large timescales Scale # of people: every person now has rights and access # of info-gatherers (people and sensors) Cross-source data integration: 1+1 >> 2!! Amount that people care

5 Some issues Managing Data Use Trust Relationships Transparency Incentives Mechanisms Goals/metrics

6 Primary & Secondary Use Examples The Prozac fiasco Cameras at traffic lights Specification of purpose for which data is collected Mechanisms for enforcement of primary use?

7 Trust & Relationships Two sorts of trust Policy adherence trust (enforce/check-able?) Relationship trust with the data recipient may be only loosely related to policy adherence Change in relationships can occur between data provider and data recipient E.g. recipient participates in merger/acquisition Effects on policy adherence Effects on desirability of relationship.

8 Transparency Of use Policy crisp and comprehensible? (not p3p!) Of disclosure You should be able to know what information you give out E.g. unclear whether the magstripe on your drivers license has the same info as the text Of extraction How do I know what info is extracted, and whether its extracted faithfully? E.g. swiping my drivers license proves Im >21, but swiping it also can time- and location-stamp me Does the voting booth correctly record/transmit my vote? Of data destruction Impossible to ensure?

9 Incentives Economic mechanisms? Graduated, not Boolean (opt-in/out) settings? Privacy is not a fungible good My privacy is more important to me than to you, and vice- versa The costs of privacy Dollar costs? E.g. black market value of identity today (assertion: $60 per capita). Value chain that follows? Frictional costs to doing business Cost vs. Usability E.g. unsafe human rights environments

10 Mechanisms Authorization vs. Accountability I.e. enforcement in the CS sense vs. the police sense Accountability scales better? Graceful degradation? Single point of failure = total leak forever? Erasure rather than leakage? The human factor Human leaks Key management Long Timescales?

11 Goals & Metrics Store my data forever? Not necessarily! Enforce my policy forever? Not necessarily! Ease of use! But how? Problem statements here are very tricky.

12 One Framework for Discussion Target User Technical Approaches (By analogy to Real World)

Download ppt "Privacy and Security Lowell Meeting Joe Hellerstein."

Similar presentations

1 of 16 Information Access The External Information Providers © FAO 2005 IMARK Investing in Information for Development Information Access The External.

1 of 16 Information Access The External Information Providers © FAO 2005 IMARK Investing in Information for Development Information Access The External.
Market Research Ms. Roberts 10/12. Definition: The process of obtaining the information needed to make sound marketing decisions.

Market Research Ms. Roberts 10/12. Definition: The process of obtaining the information needed to make sound marketing decisions.
Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.
Culture change: health and social care integration Alison Petch.

Culture change: health and social care integration Alison Petch.
Interaction of RFID Technology and Public Policy Presentation at RFID Privacy MIT 15 TH November 2003 By Rakesh Kumar

Interaction of RFID Technology and Public Policy Presentation at RFID Privacy MIT 15 TH November 2003 By Rakesh Kumar
Identity Management In A Federated Environment Identity Protection and Management Conference Presented by Samuel P. Jenkins, Director Defense Privacy and.

Identity Management In A Federated Environment Identity Protection and Management Conference Presented by Samuel P. Jenkins, Director Defense Privacy and.
Security and Privacy Issues in Wireless Communication By: Michael Glus, MSEE EEL 6788 11.

Security and Privacy Issues in Wireless Communication By: Michael Glus, MSEE EEL
Privacy No matter how exemplary your life is, there are things you want to keep to yourself © 2004, Lawrence Snyder.

Privacy No matter how exemplary your life is, there are things you want to keep to yourself © 2004, Lawrence Snyder.
© Copyright 2014 Saul Ewing LLP The Coalition for Academic Scientific Computation HIPAA Legal Framework and Breach Analysis Presented by: Bruce D. Armon,

© Copyright 2014 Saul Ewing LLP The Coalition for Academic Scientific Computation HIPAA Legal Framework and Breach Analysis Presented by: Bruce D. Armon,
Understanding Active Directory

Understanding Active Directory
1 CS 502: Computing Methods for Digital Libraries Lecture 26 Techniques of Access Management.

1 CS 502: Computing Methods for Digital Libraries Lecture 26 Techniques of Access Management.
Final Review Sunday March 13th. Databases –Entities/Rows –Attributes/Columns –Keys –Relationships –Schema –Instance.

Final Review Sunday March 13th. Databases –Entities/Rows –Attributes/Columns –Keys –Relationships –Schema –Instance.
March 13, 2004Securing Privacy Conference1 SENSOR NETWORKS & PRIVACY Pamela Samuelson, UC Berkeley, Securing Privacy Conference, March 13, 2004.

March 13, 2004Securing Privacy Conference1 SENSOR NETWORKS & PRIVACY Pamela Samuelson, UC Berkeley, Securing Privacy Conference, March 13, 2004.
The Role of Computers in Surveillance ~ Katie Hatland.

The Role of Computers in Surveillance ~ Katie Hatland.
How to Do Well In This Class 1.Spend enough time on the assignments and articles so that you feel comfortable with the topic. - this does not necessarily.

How to Do Well In This Class 1.Spend enough time on the assignments and articles so that you feel comfortable with the topic. - this does not necessarily.
Stephen S. Yau CSE465 & CSE591, Fall 2006 1 Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,

Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,
Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment ELC 200 Day 24.

Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment ELC 200 Day 24.
Cloud Usability Framework

Cloud Usability Framework
Property of Common Sense Privacy - all rights reserved 01875340890 THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.

Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.
D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.

D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.

Similar presentations

Ads by Google