| author | Christian Urban <christian dot urban at kcl dot ac dot uk> |
| Fri, 14 Nov 2014 23:04:40 +0000 | |
| changeset 313 | 1d243ac51078 |
| parent 312 | c913fe9bfd59 |
| child 314 | e01f55e7485a |
| permissions | -rw-r--r-- |
|
307
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
1 |
\documentclass{article}
|
|
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
2 |
\usepackage{../style}
|
|
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
3 |
|
|
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
4 |
\begin{document}
|
|
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
5 |
|
|
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
6 |
\section*{Handout 7 (Privacy)}
|
|
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
7 |
|
|
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
8 |
The first motor car was invented around 1886. For ten years, |
|
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
9 |
until 1896, the law in the UK and elsewhere required a person |
|
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
10 |
to walk in front of any moving car waving a red flag. Cars |
|
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
11 |
were such a novelty that most people did not know what to make |
|
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
12 |
of them. The person with the red flag was intended to warn the |
|
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
13 |
public, for example horse owners, about the impending |
|
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
14 |
novelty---a car. In my humble opinion, we are at the same |
|
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
15 |
stage of development with privacy. Nobody really knows what it |
|
311
8befc029ca1e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
310
diff
changeset
|
16 |
is about or what it is good for. All seems very hazy. There |
|
313
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
17 |
are a few laws (e.g.~cookie law, right-to-be-forgotten law) |
|
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
18 |
which address problems with privacy, but even if they are well |
|
311
8befc029ca1e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
310
diff
changeset
|
19 |
intentioned, they either back-fire or are already obsolete |
|
8befc029ca1e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
310
diff
changeset
|
20 |
because of newer technologies. The result is that the world of |
|
8befc029ca1e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
310
diff
changeset
|
21 |
``privacy'' looks a little bit like the old Wild West. |
|
309
b1ba3d88696e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
308
diff
changeset
|
22 |
|
|
313
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
23 |
For example, UCAS, a charity set up to help students with |
|
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
24 |
applying to universities, has a commercial unit that happily |
|
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
25 |
sells your email addresses to anybody who forks out enough |
|
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
26 |
money in order to be able to bombard you with spam. Yes, you |
|
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
27 |
can opt out very often in such ``schemes'', but in case of |
|
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
28 |
UCAS any opt-out will limit also legit emails you might |
|
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
29 |
actually be interested in.\footnote{The main objectionable
|
|
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
30 |
point, in my opinion, is that the \emph{charity} everybody has
|
|
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
31 |
to use for HE applications has actually very honourable goals |
|
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
32 |
(e.g.~assist applicants in gaining access to universities), |
|
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
33 |
but the small print (or better the link ``About |
|
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
34 |
us'') reveals they set up their organisation so that they can |
|
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
35 |
also shamelessly sell the email addresses they ``harvest''. |
|
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
36 |
Everything is of course very legal\ldots{}moral?\ldots{}well
|
|
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
37 |
that is in the eye of the beholder. See: |
|
307
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
38 |
|
|
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
39 |
\url{http://www.ucas.com/about-us/inside-ucas/advertising-opportunities}
|
|
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
40 |
or |
|
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
41 |
\url{http://www.theguardian.com/uk-news/2014/mar/12/ucas-sells-marketing-access-student-data-advertisers}}
|
|
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
42 |
|
|
311
8befc029ca1e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
310
diff
changeset
|
43 |
Another example: Verizon, an ISP who is supposed to provide |
|
8befc029ca1e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
310
diff
changeset
|
44 |
you just with connectivity, has found a ``nice'' side-business |
|
8befc029ca1e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
310
diff
changeset
|
45 |
too: When you have enabled all privacy guards in your browser |
|
313
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
46 |
(the few you have at your disposal), Verizon happily adds a |
|
311
8befc029ca1e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
310
diff
changeset
|
47 |
kind of cookie to your |
|
307
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
48 |
HTTP-requests.\footnote{\url{http://webpolicy.org/2014/10/24/how-verizons-advertising-header-works/}}
|
|
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
49 |
As shown in the picture below, this cookie will be sent to |
|
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
50 |
every web-site you visit. The web-sites then can forward the |
|
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
51 |
cookie to advertisers who in turn pay Verizon to tell them |
|
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
52 |
everything they want to know about the person who just made |
|
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
53 |
this request, that is you. |
|
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
54 |
|
|
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
55 |
\begin{center}
|
|
311
8befc029ca1e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
310
diff
changeset
|
56 |
\includegraphics[scale=0.19]{../pics/verizon.png}
|
|
307
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
57 |
\end{center}
|
|
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
58 |
|
|
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
59 |
\noindent How disgusting? Even worse, Verizon is not known for |
|
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
60 |
being the cheapest ISP on the planet (completely the |
|
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
61 |
contrary), and also not known for providing the fastest |
|
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
62 |
possible speeds, but rather for being among the few ISPs in |
|
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
63 |
the US with a quasi-monopolistic ``market distribution''. |
|
310
591b62e1f86a
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
309
diff
changeset
|
64 |
|
|
591b62e1f86a
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
309
diff
changeset
|
65 |
|
|
307
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
66 |
Well, we could go on and on\ldots{}and that has not even
|
|
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
67 |
started us yet with all the naughty things NSA \& Friends are |
|
311
8befc029ca1e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
310
diff
changeset
|
68 |
up to. Why does privacy actually matter? Nobody, I think, has |
|
8befc029ca1e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
310
diff
changeset
|
69 |
a conclusive answer to this question yet. Maybe the following |
|
8befc029ca1e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
310
diff
changeset
|
70 |
four notions help with clarifying the overall picture |
|
8befc029ca1e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
310
diff
changeset
|
71 |
somewhat: |
|
307
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
72 |
|
|
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
73 |
\begin{itemize}
|
|
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
74 |
\item \textbf{Secrecy} is the mechanism used to limit the
|
|
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
75 |
number of principals with access to information (e.g., |
|
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
76 |
cryptography or access controls). For example I better |
|
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
77 |
keep my password secret, otherwise people from the wrong |
|
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
78 |
side of the law might impersonate me. |
|
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
79 |
|
|
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
80 |
\item \textbf{Confidentiality} is the obligation to protect
|
|
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
81 |
the secrets of other people or organisations (secrecy |
|
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
82 |
for the benefit of an organisation). For example as a |
|
308
2a814c06ae03
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
307
diff
changeset
|
83 |
staff member at King's I have access to data, even |
|
307
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
84 |
private data, I am allowed to use in my work but not |
|
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
85 |
allowed to disclose to anyone else. |
|
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
86 |
|
|
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
87 |
\item \textbf{Anonymity} is the ability to leave no evidence of
|
|
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
88 |
an activity (e.g., sharing a secret). This is not equal |
|
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
89 |
with privacy---anonymity is required in many |
|
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
90 |
circumstances, for example for whistle-blowers, |
|
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
91 |
voting, exam marking and so on. |
|
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
92 |
|
|
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
93 |
\item \textbf{Privacy} is the ability or right to protect your
|
|
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
94 |
personal secrets (secrecy for the benefit of an |
|
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
95 |
individual). For example, in a job interview, I might |
|
313
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
96 |
not like to disclose that I am pregnant, if I were a |
|
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
97 |
woman, or that I am a father. Lest they might not hire |
|
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
98 |
me. Similarly, I might not like to disclose my location |
|
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
99 |
data, because thieves might break into my house if they |
|
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
100 |
know I am away at work. Privacy is essentially |
|
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
101 |
everything which ``shouldn't be anybody's business''. |
|
307
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
102 |
|
|
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
103 |
\end{itemize}
|
|
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
104 |
|
|
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
105 |
\noindent While this might provide us with some rough |
|
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
106 |
definitions, the problem with privacy is that it is an |
|
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
107 |
extremely fine line what should stay private and what should |
|
310
591b62e1f86a
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
309
diff
changeset
|
108 |
not. For example, since I am working in academia, I am every |
|
591b62e1f86a
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
309
diff
changeset
|
109 |
so often very happy to be a digital exhibitionist: I am very |
|
591b62e1f86a
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
309
diff
changeset
|
110 |
happy to disclose all `trivia' related to my work on my |
|
591b62e1f86a
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
309
diff
changeset
|
111 |
personal web-page. This is a kind of bragging that is normal |
|
591b62e1f86a
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
309
diff
changeset
|
112 |
in academia (at least in the field of CS), even expected if |
|
591b62e1f86a
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
309
diff
changeset
|
113 |
you look for a job. I am even happy that Google maintains a |
|
309
b1ba3d88696e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
308
diff
changeset
|
114 |
profile about all my academic papers and their citations. |
|
307
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
115 |
|
|
309
b1ba3d88696e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
308
diff
changeset
|
116 |
On the other hand I would be very irritated if anybody I do |
|
b1ba3d88696e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
308
diff
changeset
|
117 |
not know had a too close look on my private live---it |
|
b1ba3d88696e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
308
diff
changeset
|
118 |
shouldn't be anybody's business. The reason is that knowledge |
|
b1ba3d88696e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
308
diff
changeset
|
119 |
about my private life usually is used against me. As mentioned |
|
b1ba3d88696e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
308
diff
changeset
|
120 |
above, public location data might mean I get robbed. If |
|
b1ba3d88696e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
308
diff
changeset
|
121 |
supermarkets build a profile of my shopping habits, they will |
|
b1ba3d88696e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
308
diff
changeset
|
122 |
use it to \emph{their} advantage---surely not to \emph{my}
|
|
b1ba3d88696e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
308
diff
changeset
|
123 |
advantage. Also whatever might be collected about my life will |
|
313
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
124 |
always be an incomplete, or even misleading, picture. For |
|
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
125 |
example I am pretty sure my creditworthiness score was |
|
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
126 |
temporarily(?) destroyed by not having a regular income in |
|
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
127 |
this country (before coming to King's I worked in Munich for |
|
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
128 |
five years). To correct such incomplete or flawed credit |
|
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
129 |
history data there is, since recently, a law that allows you |
|
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
130 |
to check what information is held about you for determining |
|
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
131 |
your creditworthiness. But this concerns only a very small |
|
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
132 |
part of the data that is held about me/you. |
|
307
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
133 |
|
|
311
8befc029ca1e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
310
diff
changeset
|
134 |
To see how private matter can lead really to the wrong |
|
8befc029ca1e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
310
diff
changeset
|
135 |
conclusions, take the example of Stephen Hawking: When he was |
|
8befc029ca1e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
310
diff
changeset
|
136 |
diagnosed with his disease, he was given a life expectancy of |
|
8befc029ca1e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
310
diff
changeset
|
137 |
two years. If employers would know about such problems, would |
|
8befc029ca1e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
310
diff
changeset
|
138 |
they have employed Hawking? Now, he is enjoying his 70+ |
|
8befc029ca1e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
310
diff
changeset
|
139 |
birthday. Clearly personal medical data needs to stay private. |
|
8befc029ca1e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
310
diff
changeset
|
140 |
A movie which has this topic as its main focus is Gattaca from |
|
313
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
141 |
1997, in case you like to watch |
|
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
142 |
it.\footnote{\url{http://www.imdb.com/title/tt0119177/}}
|
|
311
8befc029ca1e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
310
diff
changeset
|
143 |
|
|
310
591b62e1f86a
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
309
diff
changeset
|
144 |
|
|
309
b1ba3d88696e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
308
diff
changeset
|
145 |
To cut a long story short, I let you ponder about the two |
|
313
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
146 |
statements that are often voiced in discussions about privacy: |
|
307
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
147 |
|
|
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
148 |
\begin{itemize}
|
|
313
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
149 |
\item \textit{``You have zero privacy anyway. Get over it.''}
|
|
309
b1ba3d88696e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
308
diff
changeset
|
150 |
\mbox{}\hfill{}{\small{}by Scott Mcnealy (CEO of Sun)}
|
|
307
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
151 |
|
|
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
152 |
\item \textit{``If you have nothing to hide, you have nothing
|
|
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
153 |
to fear.''} |
|
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
154 |
\end{itemize}
|
|
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
155 |
|
|
311
8befc029ca1e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
310
diff
changeset
|
156 |
\noindent If you want to read up further on this topic, I can |
|
8befc029ca1e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
310
diff
changeset
|
157 |
recommend the following article that appeared in 2011 in the |
|
8befc029ca1e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
310
diff
changeset
|
158 |
Chronicle of Higher Education |
|
309
b1ba3d88696e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
308
diff
changeset
|
159 |
|
|
b1ba3d88696e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
308
diff
changeset
|
160 |
\begin{center}
|
|
b1ba3d88696e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
308
diff
changeset
|
161 |
\url{http://chronicle.com/article/Why-Privacy-Matters-Even-if/127461/}
|
|
b1ba3d88696e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
308
diff
changeset
|
162 |
\end{center}
|
|
b1ba3d88696e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
308
diff
changeset
|
163 |
|
|
b1ba3d88696e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
308
diff
changeset
|
164 |
\noindent Funnily, or maybe not so funnily, the author of this |
|
b1ba3d88696e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
308
diff
changeset
|
165 |
article carefully tries to construct an argument that does not |
|
b1ba3d88696e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
308
diff
changeset
|
166 |
only attack the nothing-to-hide statement in cases where |
|
313
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
167 |
governments \& co collect people's deepest secrets, or |
|
309
b1ba3d88696e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
308
diff
changeset
|
168 |
pictures of people's naked bodies, but an argument that |
|
b1ba3d88696e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
308
diff
changeset
|
169 |
applies also in cases where governments ``only'' collect data |
|
310
591b62e1f86a
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
309
diff
changeset
|
170 |
relevant to, say, preventing terrorism. The fun is of course |
|
591b62e1f86a
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
309
diff
changeset
|
171 |
that in 2011 we could just not imagine that respected |
|
591b62e1f86a
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
309
diff
changeset
|
172 |
governments would do such infantile things as intercepting |
|
591b62e1f86a
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
309
diff
changeset
|
173 |
people's nude photos. Well, since Snowden we know some people |
|
591b62e1f86a
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
309
diff
changeset
|
174 |
at the NSA did exactly that and then shared such photos among |
|
591b62e1f86a
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
309
diff
changeset
|
175 |
colleagues as ``fringe benefit''. |
|
309
b1ba3d88696e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
308
diff
changeset
|
176 |
|
|
b1ba3d88696e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
308
diff
changeset
|
177 |
|
|
b1ba3d88696e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
308
diff
changeset
|
178 |
\subsubsection*{Re-Identification Attacks}
|
|
b1ba3d88696e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
308
diff
changeset
|
179 |
|
|
310
591b62e1f86a
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
309
diff
changeset
|
180 |
Apart from philosophical musings, there are fortunately also |
|
591b62e1f86a
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
309
diff
changeset
|
181 |
some real technical problems with privacy. The problem I want |
|
591b62e1f86a
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
309
diff
changeset
|
182 |
to focus on in this handout is how to safely disclose datasets |
|
313
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
183 |
containing potentially very private data, say health records. |
|
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
184 |
What can go wrong with such disclosures can be illustrated |
|
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
185 |
with four well-known examples: |
|
307
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
186 |
|
|
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
187 |
\begin{itemize}
|
|
309
b1ba3d88696e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
308
diff
changeset
|
188 |
\item In 2006, a then young company called Netflix offered a 1 |
|
307
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
189 |
Mio \$ prize to anybody who could improve their movie |
|
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
190 |
rating algorithm. For this they disclosed a dataset |
|
309
b1ba3d88696e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
308
diff
changeset
|
191 |
containing 10\% of all Netflix users at the time |
|
b1ba3d88696e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
308
diff
changeset
|
192 |
(appr.~500K). They removed names, but included numerical |
|
313
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
193 |
ratings of movies as well as times when ratings were |
|
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
194 |
uploaded. Though some information was perturbed (i.e., |
|
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
195 |
slightly modified). |
|
307
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
196 |
|
|
309
b1ba3d88696e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
308
diff
changeset
|
197 |
Two researchers had a closer look at this anonymised |
|
b1ba3d88696e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
308
diff
changeset
|
198 |
data and compared it with public data available from the |
|
311
8befc029ca1e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
310
diff
changeset
|
199 |
International Movie Database (IMDb). They found that |
|
8befc029ca1e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
310
diff
changeset
|
200 |
98\% of the entries could be re-identified in the |
|
8befc029ca1e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
310
diff
changeset
|
201 |
Netflix dataset: either by their ratings or by the dates |
|
8befc029ca1e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
310
diff
changeset
|
202 |
the ratings were uploaded. The result was a class-action |
|
309
b1ba3d88696e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
308
diff
changeset
|
203 |
suit against Netflix, which was only recently resolved |
|
b1ba3d88696e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
308
diff
changeset
|
204 |
involving a lot of money. |
|
307
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
205 |
|
|
310
591b62e1f86a
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
309
diff
changeset
|
206 |
\item In the 1990ies, medical datasets were often made public |
|
591b62e1f86a
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
309
diff
changeset
|
207 |
for research purposes. This was done in anonymised form |
|
311
8befc029ca1e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
310
diff
changeset
|
208 |
with names removed, but birth dates, gender and ZIP-code |
|
310
591b62e1f86a
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
309
diff
changeset
|
209 |
were retained. In one case where such data about |
|
591b62e1f86a
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
309
diff
changeset
|
210 |
hospital visits of state employees in Massachusetts was |
|
591b62e1f86a
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
309
diff
changeset
|
211 |
made public, the then governor assured the public that |
|
591b62e1f86a
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
309
diff
changeset
|
212 |
the released dataset protected patient privacy by |
|
311
8befc029ca1e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
310
diff
changeset
|
213 |
deleting identifiers. |
|
8befc029ca1e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
310
diff
changeset
|
214 |
|
|
8befc029ca1e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
310
diff
changeset
|
215 |
A graduate student could not resist cross-referencing |
|
313
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
216 |
public voter data with the released data that still |
|
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
217 |
included birth dates, gender and ZIP-code. The result |
|
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
218 |
was that she could send the governor his own hospital |
|
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
219 |
record. It turns out that birth dates, gender and |
|
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
220 |
ZIP-code uniquely identify 87\% of people in the US. |
|
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
221 |
This work resulted in a number of laws prescribing which |
|
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
222 |
private data cannot be released in such datasets. |
|
309
b1ba3d88696e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
308
diff
changeset
|
223 |
|
|
b1ba3d88696e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
308
diff
changeset
|
224 |
\item In 2006, AOL published 20 million Web search queries |
|
310
591b62e1f86a
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
309
diff
changeset
|
225 |
collected from 650,000 users (names had been deleted). |
|
591b62e1f86a
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
309
diff
changeset
|
226 |
This was again done for research purposes. However, |
|
591b62e1f86a
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
309
diff
changeset
|
227 |
within days an old lady, Thelma Arnold, from Lilburn, |
|
591b62e1f86a
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
309
diff
changeset
|
228 |
Georgia, (11,596 inhabitants) was identified as user |
|
591b62e1f86a
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
309
diff
changeset
|
229 |
No.~4417749 in this dataset. It turned out that search |
|
591b62e1f86a
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
309
diff
changeset
|
230 |
engine queries are deep windows into people's private |
|
591b62e1f86a
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
309
diff
changeset
|
231 |
lives. |
|
309
b1ba3d88696e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
308
diff
changeset
|
232 |
|
|
311
8befc029ca1e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
310
diff
changeset
|
233 |
\item Genome-Wide Association Studies (GWAS) was a public |
|
309
b1ba3d88696e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
308
diff
changeset
|
234 |
database of gene-frequency studies linked to diseases. |
|
311
8befc029ca1e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
310
diff
changeset
|
235 |
It would essentially record that people who have a |
|
313
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
236 |
disease, say diabetes, have also certain genes. In order |
|
311
8befc029ca1e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
310
diff
changeset
|
237 |
to maintain privacy, the dataset would only include |
|
313
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
238 |
aggregate information. In case of DNA data this |
|
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
239 |
aggregation was achieved by mixing the DNA of many |
|
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
240 |
individuals (having a disease) into a single solution. |
|
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
241 |
Then this mixture was sequenced and included in the |
|
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
242 |
dataset. The idea was that the aggregate information |
|
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
243 |
would still be helpful to researchers, but would protect |
|
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
244 |
the DNA data of individuals. |
|
311
8befc029ca1e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
310
diff
changeset
|
245 |
|
|
313
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
246 |
In 2007 a forensic computer scientist showed that |
|
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
247 |
individuals can still be identified. For this he used |
|
311
8befc029ca1e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
310
diff
changeset
|
248 |
the DNA data from a comparison group (people from the |
|
8befc029ca1e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
310
diff
changeset
|
249 |
general public) and ``subtracted'' this data from the |
|
313
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
250 |
published data. He was left with data that included all |
|
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
251 |
``special'' DNA-markers of the individuals present in |
|
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
252 |
the original mixture. He essentially deleted the |
|
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
253 |
``background noise'' in the published data. The |
|
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
254 |
problem with DNA data is that it is of such a high |
|
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
255 |
resolution that even if the mixture contained maybe 100 |
|
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
256 |
individuals, you can now detect whether an individual |
|
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
257 |
was included in the mixture or not. |
|
310
591b62e1f86a
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
309
diff
changeset
|
258 |
|
|
311
8befc029ca1e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
310
diff
changeset
|
259 |
This result changed completely how DNA data is nowadays |
|
8befc029ca1e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
310
diff
changeset
|
260 |
published for research purposes. After the success of |
|
8befc029ca1e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
310
diff
changeset
|
261 |
the human-genome project with a very open culture of |
|
8befc029ca1e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
310
diff
changeset
|
262 |
exchanging data, it became much more difficult to |
|
313
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
263 |
anonymise data so that patient's privacy is preserved. |
|
311
8befc029ca1e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
310
diff
changeset
|
264 |
The public GWAS database was taken offline in 2008. |
|
307
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
265 |
|
|
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
266 |
\end{itemize}
|
|
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
267 |
|
|
311
8befc029ca1e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
310
diff
changeset
|
268 |
\noindent There are many lessons that can be learned from |
|
313
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
269 |
these examples. One is that when making datasets public in |
|
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
270 |
anonymised form, you want to achieve \emph{forward privacy}.
|
|
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
271 |
This means, no matter what other data that is also available |
|
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
272 |
or will be released later, the data in the original dataset |
|
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
273 |
does not compromise an individual's privacy. This principle |
|
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
274 |
was violated by the availability of ``outside data'' in the |
|
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
275 |
Netflix and governor of Massachusetts cases. The additional |
|
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
276 |
data permitted a re-identification of individuals in the |
|
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
277 |
dataset. In case of GWAS a new technique of re-identification |
|
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
278 |
compromised the privacy of people in the dataset. The case of |
|
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
279 |
the AOL dataset shows clearly how incomplete such data can be: |
|
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
280 |
Although the queries uniquely identified the older lady, she |
|
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
281 |
also looked up diseases that her friends had, which had |
|
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
282 |
nothing to do with her. Any rational analysis of her query |
|
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
283 |
data must therefore have concluded, the lady is on her |
|
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
284 |
deathbed, while she was actually very much alive and kicking. |
|
311
8befc029ca1e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
310
diff
changeset
|
285 |
|
|
8befc029ca1e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
310
diff
changeset
|
286 |
\subsubsection*{Differential Privacy}
|
|
8befc029ca1e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
310
diff
changeset
|
287 |
|
|
8befc029ca1e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
310
diff
changeset
|
288 |
Differential privacy is one of the few methods, that tries to |
|
8befc029ca1e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
310
diff
changeset
|
289 |
achieve forward privacy with large datasets. The basic idea |
|
8befc029ca1e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
310
diff
changeset
|
290 |
is to add appropriate noise, or errors, to any query of the |
|
8befc029ca1e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
310
diff
changeset
|
291 |
dataset. The intention is to make the result of a query |
|
8befc029ca1e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
310
diff
changeset
|
292 |
insensitive to individual entries in the database. The hope is |
|
8befc029ca1e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
310
diff
changeset
|
293 |
that the added error does not eliminate the ``signal'' one is |
|
8befc029ca1e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
310
diff
changeset
|
294 |
looking for by querying the dataset. |
|
8befc029ca1e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
310
diff
changeset
|
295 |
|
|
8befc029ca1e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
310
diff
changeset
|
296 |
|
|
8befc029ca1e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
310
diff
changeset
|
297 |
|
|
8befc029ca1e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
310
diff
changeset
|
298 |
\begin{center}
|
|
8befc029ca1e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
310
diff
changeset
|
299 |
User\;\;\;\; |
|
8befc029ca1e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
310
diff
changeset
|
300 |
\begin{tabular}{c}
|
|
8befc029ca1e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
310
diff
changeset
|
301 |
tell me $f(x)$ $\Rightarrow$\\ |
|
8befc029ca1e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
310
diff
changeset
|
302 |
$\Leftarrow$ $f(x) + \text{noise}$
|
|
8befc029ca1e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
310
diff
changeset
|
303 |
\end{tabular}
|
|
8befc029ca1e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
310
diff
changeset
|
304 |
\;\;\;\;\begin{tabular}{@{}c}
|
|
8befc029ca1e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
310
diff
changeset
|
305 |
Database\\ |
|
8befc029ca1e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
310
diff
changeset
|
306 |
$x_1, \ldots, x_n$ |
|
8befc029ca1e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
310
diff
changeset
|
307 |
\end{tabular}
|
|
8befc029ca1e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
310
diff
changeset
|
308 |
\end{center}
|
|
8befc029ca1e
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
310
diff
changeset
|
309 |
|
|
313
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
310 |
\ldots |
|
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
311 |
|
|
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
312 |
|
|
312
c913fe9bfd59
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
311
diff
changeset
|
313 |
\subsubsection*{Further Reading}
|
|
c913fe9bfd59
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
311
diff
changeset
|
314 |
|
|
c913fe9bfd59
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
311
diff
changeset
|
315 |
A readable article about how supermarkets mine your shopping |
|
c913fe9bfd59
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
311
diff
changeset
|
316 |
habits (especially how they prey on young exhausted families |
|
313
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
317 |
;o) appeared in 2012 in the New York Times: |
|
312
c913fe9bfd59
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
311
diff
changeset
|
318 |
|
|
c913fe9bfd59
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
311
diff
changeset
|
319 |
\begin{center}
|
|
c913fe9bfd59
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
311
diff
changeset
|
320 |
\url{http://www.nytimes.com/2012/02/19/magazine/shopping-habits.html}
|
|
c913fe9bfd59
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
311
diff
changeset
|
321 |
\end{center}
|
|
c913fe9bfd59
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
311
diff
changeset
|
322 |
|
|
c913fe9bfd59
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
311
diff
changeset
|
323 |
\noindent An article that analyses privacy and shopping habits |
|
c913fe9bfd59
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
311
diff
changeset
|
324 |
from a more economic point is available from: |
|
c913fe9bfd59
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
311
diff
changeset
|
325 |
|
|
c913fe9bfd59
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
311
diff
changeset
|
326 |
\begin{center}
|
|
c913fe9bfd59
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
311
diff
changeset
|
327 |
\url{http://www.dtc.umn.edu/~odlyzko/doc/privacy.economics.pdf}
|
|
c913fe9bfd59
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
311
diff
changeset
|
328 |
\end{center}
|
|
c913fe9bfd59
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
311
diff
changeset
|
329 |
|
|
c913fe9bfd59
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
311
diff
changeset
|
330 |
\noindent An attempt to untangle the web of current technology |
|
c913fe9bfd59
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
311
diff
changeset
|
331 |
for spying on consumers is published in: |
|
c913fe9bfd59
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
311
diff
changeset
|
332 |
|
|
c913fe9bfd59
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
311
diff
changeset
|
333 |
\begin{center}
|
|
c913fe9bfd59
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
311
diff
changeset
|
334 |
\url{http://cyberlaw.stanford.edu/files/publication/files/trackingsurvey12.pdf}
|
|
c913fe9bfd59
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
311
diff
changeset
|
335 |
\end{center}
|
|
c913fe9bfd59
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
311
diff
changeset
|
336 |
|
|
313
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
337 |
\noindent An article that sheds light on the paradox that |
|
312
c913fe9bfd59
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
311
diff
changeset
|
338 |
people usually worry about privacy invasions of little |
|
313
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
339 |
significance, and overlook the privacy invasion that might |
|
1d243ac51078
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
312
diff
changeset
|
340 |
cause significant damage: |
|
312
c913fe9bfd59
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
311
diff
changeset
|
341 |
|
|
c913fe9bfd59
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
311
diff
changeset
|
342 |
\begin{center}
|
|
c913fe9bfd59
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
311
diff
changeset
|
343 |
\url{http://www.heinz.cmu.edu/~acquisti/papers/Acquisti-Grossklags-Chapter-Etrics.pdf}
|
|
c913fe9bfd59
updated
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
311
diff
changeset
|
344 |
\end{center}
|
|
307
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
345 |
|
|
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
346 |
\end{document}
|
|
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
347 |
|
|
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
348 |
http://randomwalker.info/teaching/fall-2012-privacy-technologies/? |
|
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
349 |
http://chronicle.com/article/Why-Privacy-Matters-Even-if/127461/ |
|
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
350 |
http://repository.cmu.edu/cgi/viewcontent.cgi?article=1077&context=hcii |
|
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
351 |
https://josephhall.org/papers/NYU-MCC-1303-S2012_privacy_syllabus.pdf |
|
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
352 |
%%% Local Variables: |
|
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
353 |
%%% mode: latex |
|
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
354 |
%%% TeX-master: t |
|
98ee5f760a8c
added hw 7
Christian Urban <christian dot urban at kcl dot ac dot uk>
parents:
diff
changeset
|
355 |
%%% End: |