Privacy, Anonymization, Fair information practices, privacy decision making, Tor, OECD, FTC

1. Privacy
https://www.linkedin.com/in/ponguru/
Nov 19 - 20, 2022
Winter School on “Topics in Digital Trust”
IIT Bombay
Ponnurangam Kumaraguru (“PK”)
#ProfGiri CS IIIT Hyderabad
ACM Distinguished Member
TEDx Speaker
https://www.instagram.com/pk.profgiri/

2. 2

3. 3
https://precog.iiit.ac.in/

4. Know the Audience
4

5. Long Distance Train Journey
5
https://precog.iiit.ac.in/Publications_files/pk_lc_PET_2005.pdf

6. Content around
Definition & forms of Privacy
Privacy Attitudes & Awareness
Social Media Privacy
Data anonymity
User behavior & Usable privacy
Ethics around studying privacy
Non Personal Data [Discussion]
6

7. 7
https://youtu.be/vAXPzUrqBnI
Activity
Watch the full video
on YouTube
[Mandatory]

8. Activity
8
https://youtu.be/uaaC57tcci0
Watch the trailer on YouTube [Mandatory]
Watch the full documentary on Netflix
[Optional]

9. Activity
9
https://youtu.be/iX8GxLP1FHo
Watch the trailer on YouTube
[Mandatory]
Watch the full documentary on
Netflix [Optional]

10. 10
https://digitalcommons.law.yale.edu/cgi/viewcontent.cgi?article=1184&context=fss_papers&httpsredir=1&referer=
“Privacy is a value so
complex, so entangled in
competing and
contradictory dimensions,
so engorged with various
and distinct meanings, that
I sometimes despair
whether it can be usefully
addressed at all.”

11. Control over information
“Privacy is the claim of individuals, groups or institutions to
determine for themselves when, how, and to what extent
information about them is communicated to others.”
“…each individual is continually engaged in a personal
adjustment process in which he balances the desire for privacy
with the desire for disclosure and communication….”
Alan Westin, Privacy and Freedom, 1967
11

12. Westin's 4 states of Privacy
• Solitude
• individual separated from the group and freed from the observation of other
persons
• Intimacy
• individual is part of a small unit
• Anonymity
• individual in public but still seeks and finds freedom from identification and
surveillance
• Reserve
• the creation of a psychological barrier against unwanted intrusion - holding
back communication
12

13. Solove's Privacy Taxonomy
• Information Collection
• Surveillance
• Interrogation
• Information Processing
• Aggregation
• Identification
• Secondary Use
• Invasion
• Intrusion
• Decisional Interference
13
https://www.privacysecurityacademy.com/wp-content/uploads/2018/02/Handout-Foundations-and-Themes-
Professor-Soloves-Taxonomy-of-Privacy-01.pdf
• Information Dissemination
• Breach of Confidentiality
• Disclosure
• Exposure
• Increased Accessibility
• Blackmail
• Appropriation
• Distortion

14. Westin's Privacy Indexes
14
http://reports-archive.adm.cs.cmu.edu/anon/isri2005/CMU-ISRI-05-138.pdf
Fundamentalist
Pragmatist
Unconcerned

15. Westin's Privacy Indexes
15
http://reports-archive.adm.cs.cmu.edu/anon/isri2005/CMU-ISRI-05-138.pdf
Fundamentalist – 25%
Pragmatist – 60%
Unconcerned - 15%

16. Privacy in India
16
https://precog.iiit.ac.in/Publications_files/pk_lc_PET_2005.pdf
1st quantitative study in India
2005 study

17. India's largest privacy study
2011 / 2012
10,427 respondents
17
https://precog.iiit.ac.in/Publications_files/Niharika-Sachdeva-Privacy-in-India-Demystified-2017.pdf

18. 18
What do you feel about privacy of your personal information on your OSN?

19. 19
What do you feel about privacy of your personal information on your OSN?

20. 20
If you receive a friendship request on your most frequently used OSN, which of the following
people will you add as friends? (Choose all that apply)

21. 21
If you receive a friendship request on your most frequently used OSN, which of the following
people will you add as friends? (Choose all that apply)

22. 22
You thought that on the Internet nobody knew you were a dog…

23. 23
You thought that on the Internet nobody knew you were a dog…
…but then you started getting personalized ads for your favorite
brand of dog food

24. OECD guidelines
Collection limitation
Data quality
Purpose specification
Use limitation
Security safeguards
Openness
Individual participation
Accountability
24
https://www.oecd.org/sti/ieconomy/oecd_privacy_framework.pdf

25. FTC principles
Notice and disclosure
Choice and consent
Data security
Data quality and access
Recourse and remedies
25
https://www.ftc.gov/sites/default/files/documents/reports/privacy-online-report-congress/priv-23a.pdf

26. 26
Cost of Reading
Privacy Policies

27. Privacy Enhancing Technologies
27
To balance privacy & utility
Minimize personal data use, maximize data security, empower users
To express / protect the privacy of entities
Protect PII
Increase control
Choose degree of anonymization
Provide informed consent
Data minimization

28. Privacy Enhancing Technologies: Examples
28
Communication anonymizers – VoIP, P2P networking
Shared bogus online accounts – One account created, ID & Pwd posted
online, many people use, so one person identity cannot be retrieved
Obfuscation – Perturbing the data, adding noise
Anonymization – Data can be shared, individuals cant be find in the
data
Pseudonymization - Ponnurangam Kumaraguru --> CSProf; Reddit
Your examples?
…

29. Tor: Onion Routing
29
https://www.csoonline.com/article/3287653/what-is-the-tor-browser-how-it-
works-and-how-it-can-help-you-protect-your-identity-online.html

30. Tor: Onion Routing
30
https://www.csoonline.com/article/3287653/what-is-the-tor-browser-how-it-
works-and-how-it-can-help-you-protect-your-identity-online.html

31. Tor: Onion Routing
31
https://www.csoonline.com/article/3287653/what-is-the-tor-browser-how-it-
works-and-how-it-can-help-you-protect-your-identity-online.html

32. 32
https://www.torproject.org/download/

33. Privacy Invasive Technologies
33
Does not respect user privacy
Spyware – Share user details without user's knowledge
RFID – Enable tracking
Web bug (web beacons, clear gifs, tracker gifs)
Your examples?
…

34. Privacy decision making
To make privacy information more usable to consumers
Platform for Privacy Preferences (P3P)
XML format that web sites use to encode their privacy policies
User software to read P3P policies called a “P3P user agent”
34

35. HTTP connection
35
Lorrie's slides

36. P3P implementation
36
Lorrie's slides

37. P3P – XML Encoding
37
Lorrie's slides

38. Privacy Bird indicator
38
Lorrie's slides

39. Privacy Bird indicator
39
Lorrie's slides

40. Privacy Bird indicator
40
Lorrie's slides

41. Privacy Finder
41
Lorrie's slides

42. Privacy Finder
42
Lorrie's slides

43. 43
Lorrie's slides

44. 44
Lorrie's slides

45. Topics from Yesterday?
45

46. 46

47. 47

48. 48

49. 49
http://precog.iiitd.edu.in/Publications_files/aa-spyingextensions.pdf

50. Voter
Surveillance
50
https://precog.iiit.ac.in/assets/images/2020_10_Voted_to_Pwned_Poster.png SocInfo 2020

51. Facebook / Congress
51
https://youtu.be/EgI_KAkSyCw

52. Facebook / Congress – Shadow profiles
52
https://youtu.be/JiTQkbLzKUc

53. Posted on Social?
53

54. 54

55. 55

56. Google / Congress
56
https://youtu.be/-nSHiHO6QJI

57. 57
https://youtu.be/PArFP7ZJrtg
Activity Mandatory
Edward Snowden, Permanent Record

58. Homework
https://docs.google.com/document/d/1iih8B7m0-
gIYgFJTLzlxCd4bILKbRkVwW2Gv4GslKTQ/edit
58

59. Motivation for anonymization: AOL Search
data leak
59
https://en.wikipedia.org/wiki/AOL_search_data_leak

60. Motivation for anonymization: AOL Search
data leak
60
https://en.wikipedia.org/wiki/AOL_search_data_leak
On Aug 4, 2006
650,00 users, 20 Million search keywords,
for 3 months
Removed on Aug 7, 2006
AOL did not identify the users – PII of users
were in the data
NY Times re-identified users cross-
referencing other sources, including phone
book listing
AOL ACK the mistake; many copies of the
data was distributed
“101 Dumbest Moments in business”

61. 61
https://web.archive
.org/web/2018031
2064453/http://ww
w.nytimes.com/200
6/08/09/technolog
y/09aol.html

62. 62
https://web.archive
.org/web/2018031
2064453/http://ww
w.nytimes.com/200
6/08/09/technolog
y/09aol.html

63. Motivation for anonymization: Netflix Prize
63

64. Motivation for anonymization: Netflix Prize
64
Collaborative Filtering algorithm to predict user
rating for films based on previous ratings
without any other information
<user, movie, date of rating, rating>
Training: 100M
Testing: 2.8M
"deleting ratings; inserting alternative ratings
and dates; and modifying rating dates”
Source code + description to be submitted
Jury to decide
Started Oct 6, 2006 – June 2007 20,000 entries
submitted
https://en.wikipedia.org/wiki/Netflix_Prize

65. Netflix Prize: Privacy concerns
65

66. Anonymization techniques
K-anonymity
https://en.wikipedia.org/wiki/K-anonymity
L-diversity
https://en.wikipedia.org/wiki/L-diversity
T-closeness
https://en.wikipedia.org/wiki/T-closeness
Differential privacy
https://en.wikipedia.org/wiki/Differential_privacy
https://www.youtube.com/watch?v=OfWj89oRD7g
66

67. De-identification
67
Latanya Sweeney

68. k-anonymity
Suppression – Replace individual attribute with *
Generalization – Replace individual attributes with a broader category;
Weight: 45 Kgs à Weight: 40 – 50 Kgs
68
First name Last name Age Caste
Raj Sharma 25 BC
Srishti Rawat 40 GC
Manish Sharma 25 BC
Srishti Kaur 29 OBC
https://www.cs.cmu.edu/~jblocki/Slides/K-Anonymity.pdf

69. k-anonymity
69
First name Last name Age Caste
* Sharma 25 BC
Srishti * * *
* Sharma 25 BC
Srishti * * *

70. k-anonymity
2-anaonymized with suppression
1 & 3, 2 & 4 identical
Every cell can be *, but data will be useless
Cost of doing is number of *s
Fewer cells suppressed to provide k-anonymity
70
First name Last name Age Caste
* Sharma 25 BC
Srishti * * *
* Sharma 25 BC
Srishti * * *

71. K-anonymity
71

72. 72
https://epic.org/privacy/reidentification/Sweeney_Article.pdf

73. Limitations
Lack of diversity in sensitivity attributes
Background knowledge
Subsequent release of same dataset
73

74. My introduction to Privacy, Anonymity
74

75. 75
l-diversity
https://slideplayer.com/slide/6027080/
Sensitive attributes
must be “diverse”
within
each quasi-identifier
equivalence class

76. 76
l-diversity
Sensitive attributes
must be “diverse”
within
each quasi-identifier
equivalence class

77. 77
l-diversity
https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=1617392

78. Limitation
Values within one
equivalence class may
have semantic similarity
78

79. 79
t-closeness
https://slideplayer.com/slide/6027080/
Distribution of sensitive
attributes within each
quasi-identifier group
should be “close” to their
distribution in the entire
original database

80. 80
t-closeness
https://www.cs.purdue.edu/homes/ninghui/papers/t_closeness_icde07.pdf

81. 81
Differential privacy
https://www.microsoft.com/en-us/research/wp-content/uploads/2016/02/dwork.pdf

82. 82
Real world
implementation

83. 83
Cynthia Dwork
https://www.youtube.com/watch?v=lg-VhHlztqo

84. What is Ethics?
84

85. Why study Ethics in
the Privacy class?
85

86. Institutional Review Board
(IRB)
What is it?
Why do we need it?
Why study ethics?
86

87. Stanford Prison Experiment
Randomly assigned participants as
guards or prisoners
1971
Arrested prisoners at home
24 UGs in the basement of a building
Authoritarian and draconian
behaviour
Sadistic behaviour by guards
Physical abuse
Sexual humiliation
Sleep on concrete
87

88. Stanford Prison
Experiment
88

89. Milgram
Experiment
1961, Yale university
Participants to obey Experimenter
Shock
65% went to give 450V
89

90. Common things Students
would do in the project
report, presentations
Refer the participant(s) by name
”We collected data and my friend Shiva said this”
Put screen shot of a conversation on email / chat in presentation
without anonymizing / suppressing / blackening the name / email ID
Especially if you collect some sensitive information you have to be
doubly careful
90

91. Institutional Review Board
(IRB)
IRB Application
Consent form
Proposal
Flyer
IRB is only a floor not a ceiling!
91

92. What is IRB
committee looking
for?
One being setup in IIITH now
Is this the only way to collect the information that Researcher is
interested in?
What protection is giving to the information that is collected?
Is there any implications of the data beyond the study?
92

93. 93

94. Reactions for the
study
Anger
Unethical, inappropriate, illegal, fraudulent
Researchers fired
Psychological cost
Denial
Nobody accepted that they fell for it
Admitting our vulnerability is hard
Misunderstanding over spoofing emails
Underestimation of publicly available
information
94

95. Research Failures
U.S. Office for Human Research Protection
suspended all research at John Hopkins University
after one research participant died
May 1999, federal regulators temporarily stopped
research at Duke over concerns of volunteer safety
University of Pennsylvania, an 18-year-old died in
Sept 1999 from drugs administered as part of a
gene therapy study
Other studies where participants have died
95

96. Principles of
Research with
Human Subjects
Respect for Persons
individuals have autonomy and choice
people cannot be used as a means
to an end
provide protection to the vulnerable
provide informed consent and privacy
96

97. Principles of
Research with
Human Subjects
Beneficence
kindness beyond duty
obligation to do no harm
obligation to prevent harm
obligation to do good
minimize risks, maximize benefits
97

98. Principles of
Research with
Human Subjects
Justice
treat all fairly
share equitably burdens and benefits
98

99. Federal
regulations,
implementation
Respect for Persons -- Informed Consent
Beneficence -- Assessment of risk and
benefits, minimize risk
Justice -- Fair selection of participants
99

100. 100
https://phrptraining.com/about-phrp-course

101. Ethical Security
Studies
101

102. Our responsibility
Researchers have a responsibility to know how to conduct research
ethically
102

103. Datasets
103
https://precog.iiit.ac.in/resources.html

104. 104
https://precog.iiit.ac.in/

105. Takeaways
No dearth of problems to study…
You should be keen to look for it around…
Will be happy to discuss anything further…
105

106. Acknowledgements
Lorrie Cranor’s slides
Thanks to faculty who taught courses on these topics
106

107. 107
Thanks!
Questions? pk.guru@iiit.ac.in
http://precog.iiit.ac.in/
@ponguru
pk.profgiri
linkedin/in/ponguru