Privacy Research: New Advances, New Perspectives
At the 2006 Privacy Enhancing Technologies (PET) workshop, leading researchers in computer science, cryptography and law were recognised for their work at the intersection of technology and policy, as well as new statistical methods that can help protect individual privacy.
CAMBRIDGE, England — 28 June 2006 — This week at the Privacy Enhancing Technologies (PET) workshop, leading academics from around the world will come together to discuss the latest advances in privacy, bringing together perspectives on the issue from fields as diverse as cryptography, law and economics. Launched six years ago as a specialised conference focusing on anonymous communication, PET has expanded to cover the wide range of challenging technical problems in defining and protecting individual privacy.
“Addressing privacy issues requires contributions from many different fields — from human-computer interaction (HCI), to cryptography and information security, to law and economics,” says Alessandro Acquisti, assistant professor of Information Technology and Public Policy at Carnegie Mellon University. “Workshops like PET are a great opportunity for researchers who wouldn’t normally work together to explore opportunities to enhance privacy at the intersection of many different areas of research.”
In addition to providing stipends for graduate students who want to attend the workshop but lack adequate funding, Microsoft sponsors the PET Award, a €3000 prize supported by Microsoft and the Office of the Information and Privacy Commissioner of Ontario, Canada. It is presented annually to researchers who have made an outstanding contribution to the theory, design, implementation or deployment of privacy enhancing technology.
The winner is chosen by a committee of leading privacy researchers, with no involvement from Microsoft in the decision-making process. “We wanted to support a prize that was judged by leading privacy technologists, for leading privacy technologists,” says Caspar Bowden, chief privacy advisor for Microsoft Europe, Middle East and Africa (EMEA). “It’s great way for the best researchers to recognise and support the outstanding technical work of their peers.”
2006 PET Award Winner: “A Taxonomy of Privacy”
Daniel Solove, an associate professor at the George Washington University Law School, won this year’s PET award with “A Taxonomy of Privacy”, a paper that attempts to identify privacy problems in a comprehensive and concrete manner.
Solove argues that privacy is not a unitary concept with uniform value — instead, privacy violations involve a variety of types of harmful or problematic activities. And although technology helps facilitate some of those activities, privacy problems are ultimately caused by the actions of people, businesses and governments — and a better understanding of what “privacy” really means is necessary to guide efforts to regulate them.
“Privacy is a concept in disarray,” Solove says. “Abstract incantations of ‘privacy’ are not nuanced enough to capture the problems involved. The law has often failed to adequately protect privacy, and privacy problems are frequently misconstrued or inconsistently recognised. Without an understanding of what the privacy problems are, how can privacy be addressed in a meaningful way?”
His taxonomy defines threats to privacy from the perspective of the individual, in four categories of potentially harmful activities — information collection, information processing, information dissemination and invasion. With the help of this more comprehensive taxonomy, Solove hopes that privacy considerations can be better recognised and balanced against opposing interests.
Developing Privacy Policies in “Plain English”
IBM researchers Carolyn Brodie, Claire-Marie Karat and John Karat were also recognised for their work on the SPARCLE Policy Workbench, a prototype technology that simplifies how people manage organisational policies, improves the quality of policy rules, and enables those rules to be implemented in a way that ensures consistency, reliability and compliance.
Since current privacy policy management is largely carried out through human processes — such as documentation and training for people who handle sensitive information — enforcing consistent policies across people and technology can be challenging.
The SPARCLE workbench addresses this issue by enabling users to create policies in “plain English”, then transform these natural language rules into standardised, machine-readable policies usable by software. As a result, organisations can create consistent policies to regulate human behaviour as well as that of software.
Although initially targeted at privacy issues, the researchers are hopeful that this technology can have broader applications for other types of policies, including security, systems management, autonomic computing and compliance auditing.
Protecting Privacy in Statistical Analyses
When analysing databases containing personal information, researchers often add “noise” to the data to protect the privacy of the individuals involved; for instance, a database query for a group’s average age will return results within a certain margin of error, rather than a specific number. This makes it more difficult to use multiple database queries to make more specific inferences about the data, but it also reduces the accuracy of the overall analysis.
Working with Kobbi Nissim from Ben Gurion University and Adam Smith from the Weizmann Institute of Science, Microsoft researchers Cynthia Dwork and Frank McSherry approached this issue from a cryptographic perspective and developed a way to reduce the amount of noise required to perform these types of queries. In “Calibrating Noise to Sensitivity in Private Data Analysis”, they provide a more specific and rigorous definition of privacy, along with a powerful technique for analysing large amounts of data on individuals while simultaneously preserving a high degree of privacy.
Enhancing Privacy on Anonymous Networks
When conceiving technology geared towards anonymously exchanging data, security designers and engineers generally assume that people who want to eavesdrop on content or traffic patterns would need complete physical or logical access to the networks involved. The technologies rely on the assumption that real-time, global access to all of a network’s traffic is too expensive.
However, Cambridge University researchers Steven J Murdoch and George Danezis have shown how an intruder could perform indirect traffic measurements that could potentially degrade the security of these kinds of networks. In “Low Cost Traffic Analysis of Tor”, Murdoch and Danezis experimented with the Tor anonymous communications technology, by sending their own traffic though the system and observing variations in its latency. They discovered that they could use this latency data to partially trace anonymous communication streams through the network, demonstrating that a malicious party could potentially apply the same methods to determine the source and destination of anonymous communications.
“What I like about these papers is that they cover the diverse and growing areas of research involved in privacy issues — from anonymous communications, to database privacy, to fundamental notions of what privacy is and what it means,” says Bowden. “This work truly shows the rapid progress being made in the challenging field of academic privacy research, requiring collaborative effort and understanding between scholars of diverse disciplines.”
