sen-material: handouts/ho07.tex@591b62e1f86a (annotated)

307 98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	1	\documentclass{article}
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	2	\usepackage{../style}
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	3
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	4	\begin{document}
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	5
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	6	\section*{Handout 7 (Privacy)}
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	7
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	8	The first motor car was invented around 1886. For ten years,
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	9	until 1896, the law in the UK and elsewhere required a person
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	10	to walk in front of any moving car waving a red flag. Cars
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	11	were such a novelty that most people did not know what to make
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	12	of them. The person with the red flag was intended to warn the
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	13	public, for example horse owners, about the impending
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	14	novelty---a car. In my humble opinion, we are at the same
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	15	stage of development with privacy. Nobody really knows what it
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	16	is about or what it is good for. All seems very hazy. The
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	17	result is that the world of ``privacy'' looks a little bit
309 b1ba3d88696e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 308 diff changeset	18	like the old Wild West. Anything seems to go.
b1ba3d88696e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 308 diff changeset	19
b1ba3d88696e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 308 diff changeset	20	For example, UCAS, a charity set up to help students to apply
b1ba3d88696e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 308 diff changeset	21	to universities, has a commercial unit that happily sells your
b1ba3d88696e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 308 diff changeset	22	email addresses to anybody who forks out enough money in order
b1ba3d88696e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 308 diff changeset	23	to be able to bombard you with spam. Yes, you can opt out very
b1ba3d88696e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 308 diff changeset	24	often in such ``schemes'', but in case of UCAS any opt-out
b1ba3d88696e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 308 diff changeset	25	will limit also legit emails you might actually be interested
307 98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	26	in.\footnote{The main objectionable point, in my opinion, is
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	27	that the \emph{charity} everybody has to use for HE
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	28	applications has actually very honourable goals (e.g.~assist
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	29	applicants in gaining access to universities), but in their
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	30	small print (or better under the link ``About us'') reveals
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	31	they set up their organisation so that they can also
309 b1ba3d88696e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 308 diff changeset	32	shamelessly sell email addresses they ``harvest''. Everything
307 98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	33	is of course very legal\ldots{}moral?\ldots{}well that is in
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	34	the eye of the beholder. See:
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	35
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	36	\url{http://www.ucas.com/about-us/inside-ucas/advertising-opportunities}
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	37	or
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	38	\url{http://www.theguardian.com/uk-news/2014/mar/12/ucas-sells-marketing-access-student-data-advertisers}}
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	39
309 b1ba3d88696e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 308 diff changeset	40	Another example: Verizon, an ISP who provides you with
b1ba3d88696e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 308 diff changeset	41	connectivity, has found a ``nice'' side-business too: When you
b1ba3d88696e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 308 diff changeset	42	have enabled all privacy guards in your browser, the few you
b1ba3d88696e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 308 diff changeset	43	have at your disposal, Verizon happily adds a kind of cookie
b1ba3d88696e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 308 diff changeset	44	to your
307 98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	45	HTTP-requests.\footnote{\url{http://webpolicy.org/2014/10/24/how-verizons-advertising-header-works/}}
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	46	As shown in the picture below, this cookie will be sent to
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	47	every web-site you visit. The web-sites then can forward the
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	48	cookie to advertisers who in turn pay Verizon to tell them
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	49	everything they want to know about the person who just made
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	50	this request, that is you.
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	51
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	52	\begin{center}
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	53	\includegraphics[scale=0.21]{../pics/verizon.png}
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	54	\end{center}
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	55
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	56	\noindent How disgusting? Even worse, Verizon is not known for
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	57	being the cheapest ISP on the planet (completely the
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	58	contrary), and also not known for providing the fastest
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	59	possible speeds, but rather for being among the few ISPs in
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	60	the US with a quasi-monopolistic ``market distribution''.
310 591b62e1f86a updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 309 diff changeset	61
591b62e1f86a updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 309 diff changeset	62
307 98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	63	Well, we could go on and on\ldots{}and that has not even
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	64	started us yet with all the naughty things NSA \& Friends are
310 591b62e1f86a updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 309 diff changeset	65	up to. Why does privacy matter? Nobody, I think, has a
591b62e1f86a updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 309 diff changeset	66	conclusive answer to this question yet. Maybe the following four
591b62e1f86a updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 309 diff changeset	67	notions help with clarifying the overall picture somewhat:
307 98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	68
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	69	\begin{itemize}
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	70	\item \textbf{Secrecy} is the mechanism used to limit the
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	71	number of principals with access to information (e.g.,
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	72	cryptography or access controls). For example I better
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	73	keep my password secret, otherwise people from the wrong
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	74	side of the law might impersonate me.
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	75
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	76	\item \textbf{Confidentiality} is the obligation to protect
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	77	the secrets of other people or organisations (secrecy
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	78	for the benefit of an organisation). For example as a
308 2a814c06ae03 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 307 diff changeset	79	staff member at King's I have access to data, even
307 98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	80	private data, I am allowed to use in my work but not
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	81	allowed to disclose to anyone else.
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	82
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	83	\item \textbf{Anonymity} is the ability to leave no evidence of
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	84	an activity (e.g., sharing a secret). This is not equal
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	85	with privacy---anonymity is required in many
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	86	circumstances, for example for whistle-blowers,
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	87	voting, exam marking and so on.
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	88
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	89	\item \textbf{Privacy} is the ability or right to protect your
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	90	personal secrets (secrecy for the benefit of an
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	91	individual). For example, in a job interview, I might
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	92	not like to disclose that I am pregnant, if I were
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	93	a woman, or that I am a father. Similarly, I might not
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	94	like to disclose my location data, because thieves might
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	95	break into my house if they know I am away at work.
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	96	Privacy is essentially everything which `shouldn't be
309 b1ba3d88696e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 308 diff changeset	97	anybody's business'.
307 98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	98
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	99	\end{itemize}
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	100
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	101	\noindent While this might provide us with some rough
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	102	definitions, the problem with privacy is that it is an
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	103	extremely fine line what should stay private and what should
310 591b62e1f86a updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 309 diff changeset	104	not. For example, since I am working in academia, I am every
591b62e1f86a updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 309 diff changeset	105	so often very happy to be a digital exhibitionist: I am very
591b62e1f86a updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 309 diff changeset	106	happy to disclose all `trivia' related to my work on my
591b62e1f86a updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 309 diff changeset	107	personal web-page. This is a kind of bragging that is normal
591b62e1f86a updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 309 diff changeset	108	in academia (at least in the field of CS), even expected if
591b62e1f86a updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 309 diff changeset	109	you look for a job. I am even happy that Google maintains a
309 b1ba3d88696e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 308 diff changeset	110	profile about all my academic papers and their citations.
307 98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	111
309 b1ba3d88696e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 308 diff changeset	112	On the other hand I would be very irritated if anybody I do
b1ba3d88696e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 308 diff changeset	113	not know had a too close look on my private live---it
b1ba3d88696e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 308 diff changeset	114	shouldn't be anybody's business. The reason is that knowledge
b1ba3d88696e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 308 diff changeset	115	about my private life usually is used against me. As mentioned
b1ba3d88696e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 308 diff changeset	116	above, public location data might mean I get robbed. If
b1ba3d88696e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 308 diff changeset	117	supermarkets build a profile of my shopping habits, they will
b1ba3d88696e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 308 diff changeset	118	use it to \emph{their} advantage---surely not to \emph{my}
b1ba3d88696e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 308 diff changeset	119	advantage. Also whatever might be collected about my life will
b1ba3d88696e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 308 diff changeset	120	always be an incomplete, or even misleading, picture---for
b1ba3d88696e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 308 diff changeset	121	example I am sure my creditworthiness score was temporarily(?)
b1ba3d88696e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 308 diff changeset	122	destroyed by not having a regular income in this country
b1ba3d88696e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 308 diff changeset	123	(before coming to King's I worked in Munich for five years).
b1ba3d88696e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 308 diff changeset	124	To correct such incomplete or flawed credit history data there
b1ba3d88696e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 308 diff changeset	125	is, since recently, a law that allows you to check what
b1ba3d88696e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 308 diff changeset	126	information is held about you for determining your
307 98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	127	creditworthiness. But this concerns only a very small part of
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	128	the data that is held about me/you.
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	129
310 591b62e1f86a updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 309 diff changeset	130	Take the example of Stephen Hawking: when he was diagnosed
591b62e1f86a updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 309 diff changeset	131	with his disease, he was given a life expectancy of two years.
591b62e1f86a updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 309 diff changeset	132	If an employer would know about such problems, would they have
591b62e1f86a updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 309 diff changeset	133	employed Hawking? Now he is enjoying his 70+ birthday.
591b62e1f86a updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 309 diff changeset	134	Clearly personal medical data needs to stay private.
591b62e1f86a updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 309 diff changeset	135
309 b1ba3d88696e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 308 diff changeset	136	To cut a long story short, I let you ponder about the two
b1ba3d88696e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 308 diff changeset	137	statements that often voiced in discussions about privacy:
307 98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	138
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	139	\begin{itemize}
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	140	\item \textit{``You have zero privacy anyway. Get over it.''}\\
309 b1ba3d88696e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 308 diff changeset	141	\mbox{}\hfill{}{\small{}by Scott Mcnealy (CEO of Sun)}
307 98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	142
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	143	\item \textit{``If you have nothing to hide, you have nothing
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	144	to fear.''}
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	145	\end{itemize}
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	146
309 b1ba3d88696e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 308 diff changeset	147	\noindent An article that attempts a deeper analysis appeared
b1ba3d88696e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 308 diff changeset	148	in 2011 in the Chronicle of Higher Education
b1ba3d88696e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 308 diff changeset	149
b1ba3d88696e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 308 diff changeset	150	\begin{center}
b1ba3d88696e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 308 diff changeset	151	\url{http://chronicle.com/article/Why-Privacy-Matters-Even-if/127461/}
b1ba3d88696e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 308 diff changeset	152	\end{center}
b1ba3d88696e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 308 diff changeset	153
b1ba3d88696e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 308 diff changeset	154	\noindent Funnily, or maybe not so funnily, the author of this
b1ba3d88696e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 308 diff changeset	155	article carefully tries to construct an argument that does not
b1ba3d88696e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 308 diff changeset	156	only attack the nothing-to-hide statement in cases where
b1ba3d88696e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 308 diff changeset	157	governments \& Co collect people's deepest secrets, or
b1ba3d88696e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 308 diff changeset	158	pictures of people's naked bodies, but an argument that
b1ba3d88696e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 308 diff changeset	159	applies also in cases where governments ``only'' collect data
310 591b62e1f86a updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 309 diff changeset	160	relevant to, say, preventing terrorism. The fun is of course
591b62e1f86a updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 309 diff changeset	161	that in 2011 we could just not imagine that respected
591b62e1f86a updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 309 diff changeset	162	governments would do such infantile things as intercepting
591b62e1f86a updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 309 diff changeset	163	people's nude photos. Well, since Snowden we know some people
591b62e1f86a updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 309 diff changeset	164	at the NSA did exactly that and then shared such photos among
591b62e1f86a updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 309 diff changeset	165	colleagues as ``fringe benefit''.
309 b1ba3d88696e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 308 diff changeset	166
b1ba3d88696e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 308 diff changeset	167
b1ba3d88696e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 308 diff changeset	168	\subsubsection*{Re-Identification Attacks}
b1ba3d88696e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 308 diff changeset	169
310 591b62e1f86a updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 309 diff changeset	170	Apart from philosophical musings, there are fortunately also
591b62e1f86a updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 309 diff changeset	171	some real technical problems with privacy. The problem I want
591b62e1f86a updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 309 diff changeset	172	to focus on in this handout is how to safely disclose datasets
591b62e1f86a updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 309 diff changeset	173	containing potentially private data, say health data. What can
591b62e1f86a updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 309 diff changeset	174	go wrong with such disclosures can be illustrated with four
591b62e1f86a updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 309 diff changeset	175	well-known examples:
307 98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	176
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	177	\begin{itemize}
309 b1ba3d88696e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 308 diff changeset	178	\item In 2006, a then young company called Netflix offered a 1
307 98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	179	Mio \$ prize to anybody who could improve their movie
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	180	rating algorithm. For this they disclosed a dataset
309 b1ba3d88696e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 308 diff changeset	181	containing 10\% of all Netflix users at the time
b1ba3d88696e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 308 diff changeset	182	(appr.~500K). They removed names, but included numerical
b1ba3d88696e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 308 diff changeset	183	ratings of movies as well as times of ratings. Though
b1ba3d88696e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 308 diff changeset	184	some information was perturbed (i.e., slightly
b1ba3d88696e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 308 diff changeset	185	modified).
307 98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	186
309 b1ba3d88696e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 308 diff changeset	187	Two researchers had a closer look at this anonymised
b1ba3d88696e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 308 diff changeset	188	data and compared it with public data available from the
b1ba3d88696e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 308 diff changeset	189	International Movie Database (IMDb). They found that 98
b1ba3d88696e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 308 diff changeset	190	\% of the entries could be re-identified in the Netflix
b1ba3d88696e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 308 diff changeset	191	dataset: either by their ratings or by the dates the
b1ba3d88696e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 308 diff changeset	192	ratings were uploaded. The result was a class-action
b1ba3d88696e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 308 diff changeset	193	suit against Netflix, which was only recently resolved
b1ba3d88696e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 308 diff changeset	194	involving a lot of money.
307 98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	195
310 591b62e1f86a updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 309 diff changeset	196	\item In the 1990ies, medical datasets were often made public
591b62e1f86a updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 309 diff changeset	197	for research purposes. This was done in anonymised form
591b62e1f86a updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 309 diff changeset	198	with names removed, but birth dates, gender, ZIP-code
591b62e1f86a updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 309 diff changeset	199	were retained. In one case where such data about
591b62e1f86a updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 309 diff changeset	200	hospital visits of state employees in Massachusetts was
591b62e1f86a updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 309 diff changeset	201	made public, the then governor assured the public that
591b62e1f86a updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 309 diff changeset	202	the released dataset protected patient privacy by
591b62e1f86a updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 309 diff changeset	203	deleting identifiers. A graduate student could not
591b62e1f86a updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 309 diff changeset	204	resist cross-referencing public voter data with the
591b62e1f86a updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 309 diff changeset	205	released data including birth dates, gender and
591b62e1f86a updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 309 diff changeset	206	ZIP-code. The result was that she could send the
591b62e1f86a updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 309 diff changeset	207	governor his own hospital record. It turns out that
591b62e1f86a updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 309 diff changeset	208	birth dates, gender and ZIP-code uniquely identify 87\%
591b62e1f86a updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 309 diff changeset	209	people in the US.
309 b1ba3d88696e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 308 diff changeset	210
b1ba3d88696e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 308 diff changeset	211	\item In 2006, AOL published 20 million Web search queries
310 591b62e1f86a updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 309 diff changeset	212	collected from 650,000 users (names had been deleted).
591b62e1f86a updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 309 diff changeset	213	This was again done for research purposes. However,
591b62e1f86a updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 309 diff changeset	214	within days an old lady, Thelma Arnold, from Lilburn,
591b62e1f86a updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 309 diff changeset	215	Georgia, (11,596 inhabitants) was identified as user
591b62e1f86a updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 309 diff changeset	216	No.~4417749 in this dataset. It turned out that search
591b62e1f86a updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 309 diff changeset	217	engine queries are deep windows into people's private
591b62e1f86a updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 309 diff changeset	218	lives.
309 b1ba3d88696e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 308 diff changeset	219
b1ba3d88696e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 308 diff changeset	220	\item Genomic-Wide Association Studies (GWAS) was a public
b1ba3d88696e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 308 diff changeset	221	database of gene-frequency studies linked to diseases.
310 591b62e1f86a updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 309 diff changeset	222
591b62e1f86a updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 309 diff changeset	223
309 b1ba3d88696e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 308 diff changeset	224	you only needed partial DNA information in order to
b1ba3d88696e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 308 diff changeset	225	identify whether an individual was part of the study —
b1ba3d88696e updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 308 diff changeset	226	DB closed in 2008
307 98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	227
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	228	\end{itemize}
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	229
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	230
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	231	\end{document}
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	232
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	233	http://randomwalker.info/teaching/fall-2012-privacy-technologies/?
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	234	http://chronicle.com/article/Why-Privacy-Matters-Even-if/127461/
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	235	http://repository.cmu.edu/cgi/viewcontent.cgi?article=1077&context=hcii
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	236	https://josephhall.org/papers/NYU-MCC-1303-S2012_privacy_syllabus.pdf
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	237	%%% Local Variables:
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	238	%%% mode: latex
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	239	%%% TeX-master: t
98ee5f760a8c added hw 7 Christian Urban <christian dot urban at kcl dot ac dot uk> parents: diff changeset	240	%%% End:

author	Christian Urban <christian dot urban at kcl dot ac dot uk>
	Fri, 14 Nov 2014 01:37:46 +0000
changeset 310	591b62e1f86a
parent 309	b1ba3d88696e
child 311	8befc029ca1e
permissions	-rw-r--r--