(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
Privacy. Winter School on “Topics in Digital Trust”. IIT Bombay
1. Privacy
https://www.linkedin.com/in/ponguru/
Nov 19 - 20, 2022
Winter School on “Topics in Digital Trust”
IIT Bombay
Ponnurangam Kumaraguru (“PK”)
#ProfGiri CS IIIT Hyderabad
ACM Distinguished Member
TEDx Speaker
https://www.instagram.com/pk.profgiri/
5. Long Distance Train Journey
5
https://precog.iiit.ac.in/Publications_files/pk_lc_PET_2005.pdf
6. Content around
Definition & forms of Privacy
Privacy Attitudes & Awareness
Social Media Privacy
Data anonymity
User behavior & Usable privacy
Ethics around studying privacy
Non Personal Data [Discussion]
6
11. Control over information
“Privacy is the claim of individuals, groups or institutions to
determine for themselves when, how, and to what extent
information about them is communicated to others.”
“…each individual is continually engaged in a personal
adjustment process in which he balances the desire for privacy
with the desire for disclosure and communication….”
Alan Westin, Privacy and Freedom, 1967
11
12. Westin's 4 states of Privacy
• Solitude
• individual separated from the group and freed from the observation of other
persons
• Intimacy
• individual is part of a small unit
• Anonymity
• individual in public but still seeks and finds freedom from identification and
surveillance
• Reserve
• the creation of a psychological barrier against unwanted intrusion - holding
back communication
12
17. India's largest privacy study
2011 / 2012
10,427 respondents
17
https://precog.iiit.ac.in/Publications_files/Niharika-Sachdeva-Privacy-in-India-Demystified-2017.pdf
18. 18
What do you feel about privacy of your personal information on your OSN?
19. 19
What do you feel about privacy of your personal information on your OSN?
20. 20
If you receive a friendship request on your most frequently used OSN, which of the following
people will you add as friends? (Choose all that apply)
21. 21
If you receive a friendship request on your most frequently used OSN, which of the following
people will you add as friends? (Choose all that apply)
23. 23
You thought that on the Internet nobody knew you were a dog…
…but then you started getting personalized ads for your favorite
brand of dog food
24. OECD guidelines
Collection limitation
Data quality
Purpose specification
Use limitation
Security safeguards
Openness
Individual participation
Accountability
24
https://www.oecd.org/sti/ieconomy/oecd_privacy_framework.pdf
25. FTC principles
Notice and disclosure
Choice and consent
Data security
Data quality and access
Recourse and remedies
25
https://www.ftc.gov/sites/default/files/documents/reports/privacy-online-report-congress/priv-23a.pdf
27. Privacy Enhancing Technologies
27
To balance privacy & utility
Minimize personal data use, maximize data security, empower users
To express / protect the privacy of entities
Protect PII
Increase control
Choose degree of anonymization
Provide informed consent
Data minimization
28. Privacy Enhancing Technologies: Examples
28
Communication anonymizers – VoIP, P2P networking
Shared bogus online accounts – One account created, ID & Pwd posted
online, many people use, so one person identity cannot be retrieved
Obfuscation – Perturbing the data, adding noise
Anonymization – Data can be shared, individuals cant be find in the
data
Pseudonymization - Ponnurangam Kumaraguru --> CSProf; Reddit
Your examples?
…
33. Privacy Invasive Technologies
33
Does not respect user privacy
Spyware – Share user details without user's knowledge
RFID – Enable tracking
Web bug (web beacons, clear gifs, tracker gifs)
Your examples?
…
34. Privacy decision making
To make privacy information more usable to consumers
Platform for Privacy Preferences (P3P)
XML format that web sites use to encode their privacy policies
User software to read P3P policies called a “P3P user agent”
34
60. Motivation for anonymization: AOL Search
data leak
60
https://en.wikipedia.org/wiki/AOL_search_data_leak
On Aug 4, 2006
650,00 users, 20 Million search keywords,
for 3 months
Removed on Aug 7, 2006
AOL did not identify the users – PII of users
were in the data
NY Times re-identified users cross-
referencing other sources, including phone
book listing
AOL ACK the mistake; many copies of the
data was distributed
“101 Dumbest Moments in business”
64. Motivation for anonymization: Netflix Prize
64
Collaborative Filtering algorithm to predict user
rating for films based on previous ratings
without any other information
<user, movie, date of rating, rating>
Training: 100M
Testing: 2.8M
"deleting ratings; inserting alternative ratings
and dates; and modifying rating dates”
Source code + description to be submitted
Jury to decide
Started Oct 6, 2006 – June 2007 20,000 entries
submitted
https://en.wikipedia.org/wiki/Netflix_Prize
68. k-anonymity
Suppression – Replace individual attribute with *
Generalization – Replace individual attributes with a broader category;
Weight: 45 Kgs à Weight: 40 – 50 Kgs
68
First name Last name Age Caste
Raj Sharma 25 BC
Srishti Rawat 40 GC
Manish Sharma 25 BC
Srishti Kaur 29 OBC
https://www.cs.cmu.edu/~jblocki/Slides/K-Anonymity.pdf
70. k-anonymity
2-anaonymized with suppression
1 & 3, 2 & 4 identical
Every cell can be *, but data will be useless
Cost of doing is number of *s
Fewer cells suppressed to provide k-anonymity
70
First name Last name Age Caste
* Sharma 25 BC
Srishti * * *
* Sharma 25 BC
Srishti * * *
87. Stanford Prison Experiment
Randomly assigned participants as
guards or prisoners
1971
Arrested prisoners at home
24 UGs in the basement of a building
Authoritarian and draconian
behaviour
Sadistic behaviour by guards
Physical abuse
Sexual humiliation
Sleep on concrete
87
90. Common things Students
would do in the project
report, presentations
Refer the participant(s) by name
”We collected data and my friend Shiva said this”
Put screen shot of a conversation on email / chat in presentation
without anonymizing / suppressing / blackening the name / email ID
Especially if you collect some sensitive information you have to be
doubly careful
90
92. What is IRB
committee looking
for?
One being setup in IIITH now
Is this the only way to collect the information that Researcher is
interested in?
What protection is giving to the information that is collected?
Is there any implications of the data beyond the study?
92
94. Reactions for the
study
Anger
Unethical, inappropriate, illegal, fraudulent
Researchers fired
Psychological cost
Denial
Nobody accepted that they fell for it
Admitting our vulnerability is hard
Misunderstanding over spoofing emails
Underestimation of publicly available
information
94
95. Research Failures
U.S. Office for Human Research Protection
suspended all research at John Hopkins University
after one research participant died
May 1999, federal regulators temporarily stopped
research at Duke over concerns of volunteer safety
University of Pennsylvania, an 18-year-old died in
Sept 1999 from drugs administered as part of a
gene therapy study
Other studies where participants have died
95
96. Principles of
Research with
Human Subjects
Respect for Persons
individuals have autonomy and choice
people cannot be used as a means
to an end
provide protection to the vulnerable
provide informed consent and privacy
96
97. Principles of
Research with
Human Subjects
Beneficence
kindness beyond duty
obligation to do no harm
obligation to prevent harm
obligation to do good
minimize risks, maximize benefits
97