Privacy and Data

From CyberSecurity
Jump to: navigation, search

From Jessica's intro email:

Specifically, I think the following are very interesting questions:

  • Should government take a role in protecting our personal data? Examing the EU has its Data Privacy Directive could be interesting here? How does this play out when a European citizen gives an American company his personal data?
  • Is privacy a fundamental human value that should be protected? Or is privacy something that should be evolved with the technologies that are emerging?
  • What can technological architectures do to protect privacy? What can policy do to protect privacy? How can technology and policy be co-evolved to protect privacy?
  • Who should own personal data stored on a server? The person that the data is about or the company that owns the server? Should the person that the data is about have the right to request edits or deletion of the data? How could this be done with policy/technology?

Chapter X: Maintaining Privacy While Exposing Data

Lead Author: Santeri Voutilainen

This chapter explores the possibilities of maintaining privacy while making data publicly available. The chapter is introduced by a general overview of the benefits of publicly available data, privacy, as well as an intro to the idea of combining both. A variety of methods that can be used to expose data while providing privacy, such as exposing only aggregate data and anonymizing through exclusion, generalization or renaming, are then explored. Each method is described in layman's terms. This is followed by an evaluation of the benefits and pitfalls, with respect to both maintaining privacy and allowing public access, of each method. Examples of academic and commercial products are provided for each method. The chapter concludes with policy recommendations, with justifications, on why or why not these methods are sufficient to adequately protect privacy while providing access to the data. Combinations with other policies or restrictions, for improved privacy protection, are also considered.


Sample sources:

  • CMU Data Privacy Lab publications. http://privacy.cs.cmu.edu/
  • Articles on academic and commercial products, such as: http://www.msnbc.msn.com/id/4486823/site/newsweek/
  • k-Anonymity: A Model For Protecting Privacy. Latanya Sweeney. http://privacy.cs.cmu.edu/people/sweeney/kanonymity.pdf
  • Controlling Access to Published Data Using Cryptography. Gerome Miklau and Dan Suciu. VLDB 2003, Proceedings of 29th International Conference on Very Large Data Bases, September 9-12, 2003, Berlin, Germany.
  • Nabil R. Adam, John C. Wortmann: Security-Control Methods for Statistical Databases: A Comparative Study. ACM Computing Surveys 21(4): 515-556 (1989). Surveys methods for protecting statistical databases against disclosure of confidential information.
Retrieved from "http://cubist.cs.washington.edu/CyberSecurity/index.php?title=Privacy_and_Data&oldid=2748"