Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dimensions of Privacy 18739A: Foundations of Security and Privacy Anupam Datta Fall 2009.

Published byAshlynn Stafford Modified over 8 years ago

Similar presentations

Presentation on theme: "Dimensions of Privacy 18739A: Foundations of Security and Privacy Anupam Datta Fall 2009."— Presentation transcript:

1 Dimensions of Privacy 18739A: Foundations of Security and Privacy Anupam Datta Fall 2009

2 Privacy in Organizational Processes Patient medical bills Insurance CompanyHospitalDrug Company Patient information Patient Advertising Achieve organizational purpose while respecting privacy expectations in the transfer and use of personal information (individual and aggregate) within and across organizational boundaries Aggregate anonymized patient information PUBLIC Complex Process within a Hospital

3 Dimensions of Privacy What is Privacy? Philosophy, Law, Public Policy Express and Enforce Privacy Policies Programming Languages, Logics, Usability Database Privacy Statistics, Cryptography

4 Philosophical studies on privacy  Reading  Overview article in Stanford Encyclopedia of Philosophy http://plato.stanford.edu/entries/privacy/  Alan Westin, Privacy and Freedom, 1967  Ruth Gavison, Privacy and the Limits of Law, 1980  Helen Nissenbaum, Privacy as Contextual Integrity, 2004 (more on Nov 8)

5 Westin 1967  Privacy and control over information “Privacy is the claim of individuals, groups or institutions to determine for themselves when, how, and to what extent information about them is communicated to others”  Relevant when you give personal information to a web site; agree to privacy policy posted on web site  May not apply to your personal health information

6 Gavison 1980  Privacy as limited access to self “A loss of privacy occurs as others obtain information about an individual, pay attention to him, or gain access to him. These three elements of secrecy, anonymity, and solitude are distinct and independent, but interrelated, and the complex concept of privacy is richer than any definition centered around only one of them.”  Basis for database privacy definition discussed later

7 Gavison 1980  On utility “We start from the obvious fact that both perfect privacy and total loss of privacy are undesirable. Individuals must be in some intermediate state – a balance between privacy and interaction …Privacy thus cannot be said to be a value in the sense that the more people have of it, the better.”  This balance between privacy and utility will show up in data privacy as well as in privacy policy languages, e.g. health data could be shared with medical researchers

8 Contextual Integrity [Nissenbaum 2004]  Philosophical framework for privacy  Central concept: Context  Examples: Healthcare, banking, education  What is a context?  Set of interacting agents in roles  Roles in healthcare: doctor, patient, …  Informational norms  Doctors should share patient health information as per the HIPAA rules  Norms have a specific structure (descriptive theory)  Purpose  Improve health  Some interactions should happen - patients should share personal health information with doctors

9 Informational Norms “ In a context, the flow of information of a certain type about a subject (acting in a particular capacity/role) from one actor (could be the subject) to another actor (in a particular capacity/role) is governed by a particular transmission principle.” Contextual Integrity [Nissenbaum2004]

10 10 Privacy Regulation Example (GLB Act) Financial institutions must notify consumers if they share their non-public personal information with non-affiliated companies, but the notification may occur either before or after the information sharing occurs Exactly as CI says! Sender roleSubject role Attribute Recipient role Transmission principle

11 Privacy Laws in the US  HIPAA (Health Insurance Portability and Accountability Act, 1996)  Protecting personal health information  GLBA (Gramm-Leach-Bliley-Act, 1999)  Protecting personal information held by financial service institutions  COPPA (Children‘s Online Privacy Protection Act, 1998)  Protecting information posted online by children under 13  More details in later lecture about these laws and a formal logic of privacy that captures concepts from contextual integrity

12 Database Privacy  Releasing sanitized databases 1. k-anonymity [Samarati 2001; Sweeney 2002] 2. (c,t)-isolation [Chawla et al. 2005] 3. Differential privacy [Dwork et al. 2006] (next lecture)

13 Sanitization of Databases Real Database (RDB) Sanitized Database (SDB) Health records Census data Add noise, delete names, etc. Protect privacy Provide useful information (utility)

14 Re-identification by linking Linking two sets of data on shared attributes may uniquely identify some individuals: Example [Sweeney] : De-identified medical data was released, purchased Voter Registration List of MA, re-identified Governor 87 % of US population uniquely identifiable by 5-digit ZIP, sex, dob

15 1. K-anonymity  Quasi-identifier: Set of attributes (e.g. ZIP, sex, dob) that can be linked with external data to uniquely identify individuals in the population  Issue: How do we know what attributes are quasi-identifiers?  Make every record in the table indistinguishable from at least k-1 other records with respect to quasi- identifiers  Linking on quasi-identifiers yields at least k records for each possible value of the quasi-identifier

16 K-anonymity and beyond Provides some protection: linking on ZIP, age, nationality yields 4 records Limitations: lack of diversity in sensitive attributes, background knowledge, subsequent releases on the same data set, syntactic definition Utility: less suppression implies better utility l-diversity, m-invariance, t-closeness, …

17 2. ( c,t )-isolation  Mathematical definition motivated by Gavison’s idea that privacy is protected to the extent that an individual blends into a crowd. Image courtesy of WaldoWiki: http://images.wikia.com/waldo/images/a/ae/LandofWaldos.jpg

18 Definition of ( c,t )-isolation  A database is represented by n points in high dimensional space (one dimension per column)  Let y be any RDB point, and let δ y =║q-y║ 2. We say that q ( c,t )-isolates y iff B(q,cδ y ) contains fewer than t points in the RDB, that is, |B(q,cδ y ) ∩ RDB| < t. q y δyδy cδ y x2x2 x1x1 x t-2

19 Definition of ( c,t )-isolation (contd)

20 Another influence  Next lecture: Issues with this definition of privacy (impossible to achieve for arbitrary auxiliary information) and an alternate definition (differential privacy) 20

Download ppt "Dimensions of Privacy 18739A: Foundations of Security and Privacy Anupam Datta Fall 2009."

Similar presentations

Policy Auditing over Incomplete Logs: Theory, Implementation and Applications Deepak Garg 1, Limin Jia 2 and Anupam Datta 2 1 MPI-SWS (work done at Carnegie.

Policy Auditing over Incomplete Logs: Theory, Implementation and Applications Deepak Garg 1, Limin Jia 2 and Anupam Datta 2 1 MPI-SWS (work done at Carnegie.
HIPAA and Public Health 2007 Epi Rapid Response Team Conference.

HIPAA and Public Health 2007 Epi Rapid Response Team Conference.
HRD as a Tool for Good Governance in Cooperatives

HRD as a Tool for Good Governance in Cooperatives
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
1 Privacy in Microdata Release Prof. Ravi Sandhu Executive Director and Endowed Chair March 22, 2013 © Ravi Sandhu.

1 Privacy in Microdata Release Prof. Ravi Sandhu Executive Director and Endowed Chair March 22, © Ravi Sandhu.
1 IS 2150 / TEL 2810 Information Security & Privacy James Joshi Associate Professor, SIS Lecture 11 April 10, 2013 Information Privacy (Contributed by.

1 IS 2150 / TEL 2810 Information Security & Privacy James Joshi Associate Professor, SIS Lecture 11 April 10, 2013 Information Privacy (Contributed by.
Project Update : Claims/Clinical Linkage Project MHDO Board of Directors June 6, 2013.

Project Update : Claims/Clinical Linkage Project MHDO Board of Directors June 6, 2013.
UTEPComputer Science Dept.1 University of Texas at El Paso Privacy in Statistical Databases Dr. Luc Longpré Computer Science Department Spring 2006.

UTEPComputer Science Dept.1 University of Texas at El Paso Privacy in Statistical Databases Dr. Luc Longpré Computer Science Department Spring 2006.
Privacy and Contextual Integrity: Framework and Applications Adam Barth, Anupam Datta, John C. Mitchell (Stanford), and Helen Nissenbaum (NYU) TRUST Winter.

Privacy and Contextual Integrity: Framework and Applications Adam Barth, Anupam Datta, John C. Mitchell (Stanford), and Helen Nissenbaum (NYU) TRUST Winter.
Hybrid Policies Overview Chinese Wall Model Clinical Information Systems Security Policy ORCON RBAC Introduction to Computer Security ©2004 Matt Bishop.

Hybrid Policies Overview Chinese Wall Model Clinical Information Systems Security Policy ORCON RBAC Introduction to Computer Security ©2004 Matt Bishop.
Differential Privacy 18739A: Foundations of Security and Privacy Anupam Datta Fall 2009.

Differential Privacy 18739A: Foundations of Security and Privacy Anupam Datta Fall 2009.
Privacy Research Overview

Privacy Research Overview
C MU U sable P rivacy and S ecurity Laboratory 1 Privacy Policy, Law and Technology Engineering Privacy November 6, 2008.

C MU U sable P rivacy and S ecurity Laboratory 1 Privacy Policy, Law and Technology Engineering Privacy November 6, 2008.
Privacy Chris Kelly iLaw July 5, 2002.

Privacy Chris Kelly iLaw July 5, 2002.
Course Review Anupam Datta CMU Fall 2007-08 18739A: Foundations of Security and Privacy.

Course Review Anupam Datta CMU Fall A: Foundations of Security and Privacy.
C MU U sable P rivacy and S ecurity Laboratory 1 Privacy Policy, Law and Technology Data Privacy October 30, 2008.

C MU U sable P rivacy and S ecurity Laboratory 1 Privacy Policy, Law and Technology Data Privacy October 30, 2008.
On Privacy and Compliance: Philosophy and Law meets Computer Science Anupam Datta Stanford University Oakland PC Crystal Ball Workshop January 2007.

On Privacy and Compliance: Philosophy and Law meets Computer Science Anupam Datta Stanford University Oakland PC Crystal Ball Workshop January 2007.
C MU U sable P rivacy and S ecurity Laboratory Philosophical definitions of privacy Lorrie Faith Cranor October 19, 2007.

C MU U sable P rivacy and S ecurity Laboratory Philosophical definitions of privacy Lorrie Faith Cranor October 19, 2007.
Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Data Privacy.

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Data Privacy.

Similar presentations

Ads by Google