Privacy in a Digital World: Understanding the Challenges and Enhancements - Prof. Rachel A, Study notes of Cryptography and System Security

Download Privacy in a Digital World: Understanding the Challenges and Enhancements - Prof. Rachel A and more Study notes Cryptography and System Security in PDF only on Docsity! Privacy : A Facilitated Discussion Rachel Greenstadt February 19, 2008 credits to Alessandro Acquisti and others Reminders • Project 2 due tonight • Blog post due tonight • Next week : guest lectures by Sadia and Mike • Due next Thursday : project 3 proposal by email (I’ll be out of the country) Security Review of Digital Privacy What is privacy? What is privacy? • Hard to define • Data concealment • A right “to be left alone” • Freedom • The ability to control the information released about you - “The overall B2C market opportunity should reach $450BN in transaction volume by 2004.” ¢ Actually... And then... Global E-Commerce Transactign Volume ($BN) 500 400 300 200 100 0 N | N I 7 \ XN 2000 2001 ] 20 2003 04 1 7 * ‘ Sources: Forrester Research and IDC, circa 2001 How the market reacted Economic challenges pushed merchants to more restrictive policies This policy may change from time to time so please check back periodically - Yahoo privacy policy circa 2001 Stakeholders • Individuals • Businesses • Governments • Other groups Threats or what could possibly go wrong? Threats or what could possibly go wrong? • Identity Fraud/Theft • Information actually used for harm • Discrimination - social or economic • Conformity pressure Privacy vs. Security • When is there a tradeoff? • When are they the same? Technology Rundown • Anonymous credentials (insurance cards, student IDs, etc) - can use digital signatures for this too • Brands generalized with certificate scheme • What if, instead of providing a SSN or ID number, you provided a zero-knowledge proof that you know the private key related to some public key that identifies you? • Mix-nets - Batch and mix messages to provide anonymity (high latency) Technology Rundown • Private Information Retrieval/Oblivious Transfer : Bob has database of n elements, Alice pays to access 1 item and should not get more, Bob should not know which item Alice accessed • Secure Function Evaluation - Alice and Bob want to compute some function, but keep the inputs private (classically, which one is richer?) • Both of these can be done, but not always efficiently - take crypto class to learn more What are the obstacles? @ To these identity management technologies? Lorrie Faith Cranor • http://lorrie.cranor.org/ Introduction to P3P 25 Privacy policy P3P policy Designed to be read by a human Designed to be read by a computer Can contain fuzzy language with “wiggle room” Mostly multiple choice – sites must place themselves in one “bucket” or another Can include as much or as little information as a site wants Must include disclosures in every required area Easy to provide detailed explanations Limited ability to provide detailed explanations Sometimes difficult for users to determine boundaries of what it applies to and when it might change Precisely scoped Web site controls presentation User agent controls presentation Risk Analysis The Privacy Paradox Why do we have great privacy enhancing technologies... that almost nobody uses? Why do so many people claim to be concerned about privacy… and then do little to protect it? Difficulties in privacy economics • Context-dependent (states of the world) • Anonymity sets (how many people could I be confused with ) • Sweeney (2002) 87% Americans uniquely identified by gender, birth year, and zip code. • The more parties that use the good (personal information) the higher risks for original data owner • Different individuals value the same piece of information differently • Market for personal information is not necessarily the same as a market for privacy Privacy trade-offs • Protect • Immediate cost (or loss of immediate benefit) • Future (uncertain) benefits • Do not protect • Immediate benefits • Future (uncertain) costs Why is this Problematic? • Incomplete information • Bounded rationality/Behavioral distortions • Complacency towards large risks • Inability to handle prolonged accumulation of small risks • Coherent arbitrariness • Hyperbolic discounting • Acquisti/Grossklags [2004]