Data Confidentiality Workshop
Home Workshop Agenda Participants Travel Information

 

Contact

 

WORKSHOP ON DATA CONFIDENTIALITY

September 6-7, 2007 in Arlington, VA

White Paper & Bio

The increased use of networked computers in our daily lives has led to a decrease in privacy over the last decade or so. There are a number of technological solutions out there that intend to preserve or enhance privacy in some way. However, we are still far from a "complete" solution to the privacy problem, and in fact, there are a number of potential reasons that this seems inherently difficult, some of which I discuss here.

What some people consider a privacy violation is considered completely innocuous by other people. Or what seems a privacy violation in one context may not seem to be one in another context. For this reason, privacy is not a purely technological issue and cannot have purely technological solutions. Rather, social, philosophical, psychological, legal, and public policy issues are also important. However, technology can enable new policy decisions to be possible by instantiating solutions with particular properties. Still, without a single unified notion of privacy, it seems clear that there cannot be a single unified mechanism for providing privacy, either.

In some contexts, it seems possible to achieve desired utility goals while also achieving desired privacy goals. Even in some cases where utility goals and privacy goals initially appear in conflict, sophisticated use of cryptography can sometimes resolve the apparent conflict. In other cases, however, the utility goals and the privacy goals are in direct conflict. The potential for conflict increases with multiple stakeholders with different goals. For example, a service provider might have interest in obtaining precisely the information an individual (such as a customer) wants to protect in order to more efficiently carry out its business processes. The same could be said of an identity thief. If we seek systems that can automatically infer and carry out reasonable privacy-sensitive behavior, such systems will require a way to distinguish between these two kinds of cases (either completely automatically or semi-automatically with some kind of support from users and/or infrastructure).

The notion of "personally identifiable information" or "individually identifiable information", which is commonly suggested as what must be protected or removed in order to protect privacy (e.g., in legislation such as the HIPAA privacy rule), is not very robust in the face of the extensive and detailed information now provided by the web and other content, especially user-provided content such as blogs and social network pages, and especially in conjunction with search engines. That is, it is becoming easier and easier to use pieces of non-identified information about someone, even with obvious identifiers such as name, address, and social security number stripped out, in conjunction with other public or purchasable data sets, to learn his or her identity.

Given the challenges such as these, is there any hope for a complete privacy solution? What would this even mean? While I don't have answers these questions, I think there is certainly some hope. There are many interesting "point solutions" that provide certain privacy properties. And the same mechanisms that make privacy difficult (use of computers and networks) can potentially be harnessed to provide privacy as well (such as the use of computer-readable and enforceable privacy policies surrounding data in very fine-grained manner). The challenge is to put these pieces together in a way that is meaningful, usable, and ultimately, actually used.

Rebecca Wright

Rutgers

Biographical Data

Rebecca Wright is an Associate Professor in the Computer Science Department and the Deputy Director of DIMACS at Rutgers. Prior to that, she was a Professor in the Computer Science Department at Stevens Institute of Technology in Hoboken, New Jersey until 2007. Earlier, she was a researcher in the Secure Systems Research Department at AT&T Labs and AT&T Bell Labs from 1994 to 2002. Her research spans the area of information security, including cryptography, privacy, foundations of computer security, and fault-tolerant distributed computing. Recent work includes privacy-preserving data mining, secure multiparty approximations, and improved bounds for Byzantine agreement in the shared memory model. Her ongoing research goals are the design of protocols, systems, and services that perform their specified computational or communication functions even if some of the participants or underlying components behave maliciously, and that balance individual needs such as privacy with collective needs such as network survivability and public safety. Dr. Wright serves as an editor of the Journal of Computer Security (IOS Press) and the International Journal of Information and Computer Security (Inderscience), and was a member of the board of directors of the International Association for Cryptologic Research from 2001 to 2005. She was Program Chair of Financial Cryptography 2003 and the 2006 ACM Conference on Computer and Communications Security (CCS) and General Chair of Crypto 2002. She has served on numerous program committees, including Crypto, the ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, and the Usenix Security Symposium. She received a Ph.D. in Computer Science from Yale University in 1994 and a B.A. from Columbia University in 1988. She received an honorary M.E. from Stevens Institute of Technology in 2006. She is a member of the IEEE, the ACM, and the IACR.