Data Confidentiality Workshop
Home Workshop Agenda Participants Travel Information

 

Contact

 

WORKSHOP ON DATA CONFIDENTIALITY

September 6-7, 2007 in Arlington, VA

White Paper & Bio

Data privacy protections might be classified as either "privacy by policy" or "privacy by architecture" [1]. Privacy regulations and corporate privacy policies fall into the privacy-by-policy category while technologies that encrypt, de-identify, or destroy data fall into the privacy-by-architecture category. Often the policy and legal community focuses on privacy by policy while the technical community focuses on privacy by architecture. However, practical solutions to data confidentiality problems will likely require a hybrid approach.

While there is a growing body of literature on technical approaches to de-identifying data, privacy-preserving data mining, and other privacy-by-architecture techniques, these approaches have not been widely adopted. On the other hand, privacy by policy has been widely implemented. In the United States, privacy self-regulation has translated into companies adopting and publicizing privacy policies offering varying degrees of privacy protection. For the most part, the privacy offered by these policies is achieved by the company refraining from using personal information in ways they have promised not to use it. In Europe (and other countries, as well as for regulated sectors in the US), privacy regulation has resulted in legal restrictions on the use of data. Here privacy is achieved by companies refraining from engaging in practices that are illegal. But aside from the threat of prosecution or consumer backlash, there is little to actually prevent privacy violations under either the regulatory or self-regulatory regimes. Only recently have companies begun to widely deploy technologies to detect and prevent data leakage, and these, for the most part, only ensure data confidentiality with respect to third parties. Within the enterprise, there are few technical means in place to enforce privacy policy. Privacy by policy is, arguably, somewhat effective despite its limitations, but is clearly far from perfect.

Research problems include:

Developing privacy-by-architecture solutions that are practical for enterprises to adopt. This will require solutions that are cost effective and don't interfere with data uses that businesses view as essential.

Developing solutions that merge privacy-by-architecture with privacy-by-policy to allow technical protections to help enforce policy promises, even if they cannot fully guarantee complete privacy on their own.

Developing clear and accessible approaches to communicating with individuals about what privacy protections they have and what choices are available to them. Most existing privacy policies are completely ineffective at communicating privacy information to consumers. What is a more effective way to communicate about privacy? How can we use electronic tools to help individuals understand and effectively manage their privacy online without constantly interrupting their primary tasks?

One example of a current problem for which good research solutions are needed is protecting the privacy of search engine records. Search engine companies have a variety of business reasons for keeping detailed records for long periods of time, including fraud detection, competitive research, targeted marketing, and personalization. But there is also a clear privacy interest in destroying these records or at least in not keeping this information in a form that would allow it to be traced back to a particular individual. Is there a technical solution that will allow for these business uses of search records while ensuring that these records cannot be linked to particular individuals?

REFERENCES 1. Sarah Spiekermann and Lorrie Faith Cranor. Engineering Privacy. 2007. Under submission.

Lorrie Cranor

Carnegie Mellon

 

 

Biographical Data

Lorrie Faith Cranor is an Associate Research Professor in the School of Computer Science at Carnegie Mellon University. She is a faculty member in the Institute for Software Research, the Human Computer Interaction Institute, and the Engineering and Public Policy department. She is director of the CMU Usable Privacy and Security Laboratory (CUPS).
She came to CMU in December 2003 after seven years at AT&T Labs-Research. While at AT&T she also taught in the Stern School of Business at New York University. Dr. Cranor has played a key role in building the usable privacy and security research community. She co-edited the seminal book Security and Usability (O'Reilly 2005), and founded the Symposium On Usable Privacy and Security (SOUPS).
She also directs an NSF-funded project that is studying the human aspects of phishing attacks and other semantic attacks. She chaired the Platform for Privacy Preferences Project (P3P) Specification Working Group at the World Wide Web Consortium and authored the book Web Privacy with P3P (O'Reilly 2002). In 2003 she was named one of the top 100 innovators 35 or younger by Technology Review magazine. Dr. Cranor served on the Federal Trade Commission Advisory Committee on Online Access and Security in 2000. She also serves on the editorial boards of the journals ACM Transactions on Internet Technology, The Information Society, and Journal of Privacy Technology.
Dr. Cranor spends most of her free time with her husband and three children, but sometimes she finds time to play the tenor saxophone or design and create award-winning quilts.