\documentclass[dvipsnames,14pt,t]{beamer}
\usepackage{../slides}

% beamer stuff 
\renewcommand{\slidecaption}{SEN 07, King's College London}
\newcommand{\bl}[1]{\textcolor{blue}{#1}}

\begin{document}

%% Differential privacy
%% http://www.cis.upenn.edu/~aaroth/Papers/privacybook.pdf

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[t]
\frametitle{%
  \begin{tabular}{@ {}c@ {}}
  \\
  \LARGE Security Engineering (6)\\[-3mm] 
  \end{tabular}}\bigskip\bigskip\bigskip

  \normalsize
  \begin{center}
  \begin{tabular}{ll}
  Email:  & christian.urban at kcl.ac.uk\\
  Office: & N7.07 (North Wing, Bush House)\\
  Slides: & KEATS (also homework is there)\\
  \end{tabular}
  \end{center}

\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%     

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[t]
\frametitle{Privacy vs Anonymity}

\begin{itemize}

\item everybody agrees that anonymity has its uses (e.g.,
      voting, whistleblowers, peer-review, exams)

\end{itemize}\bigskip\pause


But privacy?\bigskip\medskip

\textit{``You have zero privacy anyway. Get over it.''}\\
{\small\hfill{}Scott Mcnealy (CEO of Sun)}\bigskip\\


\textit{``If you have nothing to hide, you have nothing 
  to fear.''}\medskip\pause

\textit{
  A few years ago a Google executive tried to allay worries about
  Google pooring over all your emails on Gmail. He said something
  along the lines: You are watched by an algorithm; this is like being
  naked in front of your dog.
  }

\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[c]
\frametitle{Privacy: State of the Art}
  
  \begin{center}
  \begin{tabular}{cc}
  \raisebox{-0.8mm}{\includegraphics[scale=0.28]{../pics/flight.jpg}} &
  \includegraphics[scale=0.31]{../pics/airbus.jpg}\\
  \small Wright brothers, 1901 & \small Airbus, 2005 \\ 
  \end{tabular}
  \end{center}

  \end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%



%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}
\frametitle{UCAS (a charity)}
\mbox{}\\[-10mm]\mbox{} 
\small
\begin{quote}
``The Universities and Colleges Admissions Service received more
than \pounds{12m} last year in return for sending targeted advertising
to subscribers as young as 16.

The service, which controls admissions to UK universities and
attracts 700,000 new applicants each year, sells the access
via its commercial arm, Ucas Media.

Vodafone, O2, Microsoft and the private university
accommodation provider Pure Student Living are among those who
have marketed through Ucas, which offers access to over a
million student email addresses\ldots 

Applicants can opt out of receiving direct marketing, but only
at the cost of missing out on education and careers mailings
as well.''\bigskip\\
\footnotesize\hfill The Guardian, 12 March 2014
\end{quote}


\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}
\frametitle{Verizon}
\mbox{}\\[-23mm]\mbox{} 

\begin{center}
\includegraphics[scale=0.21]{../pics/verizon.png}
\end{center}
\vfill\footnotesize
\url{http://webpolicy.org/2014/10/24/how-verizons-advertising-header-works}
\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 



%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[c]
\frametitle{Privacy, Anonymity et al}

Some terminology:

\begin{itemize}
\item \alert{\bf secrecy} is the mechanism used to limit the
      number of principals with access to information (e.g.,
      cryptography or access controls)

\item \alert{\bf confidentiality} is the obligation to protect the
      secrets of other people or organizations (secrecy for
      the benefit of an organisation)

\item \alert{\bf anonymity} is the ability to leave no evidence of
      an activity (e.g., sharing a secret, whistle blowing)

\item \alert{\bf privacy} is the ability or right to protect your
      personal secrets (secrecy for the benefit of an
      individual)

\end{itemize}

\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 

% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
% \begin{frame}[t]
% \frametitle{Privacy vs Anonymity}

% \begin{itemize}

% \item everybody agrees that anonymity has its uses (e.g.,
%       voting, whistleblowers, peer-review, exams)

% \end{itemize}\bigskip\pause


% But privacy?\bigskip\medskip

% \textit{``You have zero privacy anyway. Get over it.''}\\
% {\small\hfill{}Scott Mcnealy (CEO of Sun)}\bigskip\\


% \textit{``If you have nothing to hide, you have nothing 
%   to fear.''}\medskip\pause

% \textit{
%   A few years ago a Google executive tried to allay worries about
%   Google pooring over all your emails on Gmail. He said something
%   along the lines: You are watched by an algorithm; this is like being
%   naked in front of your dog.
%   }

% \end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[t]
\frametitle{Privacy Problems}

Private data can be often used against me:

\begin{itemize}

\item if my location data becomes public, thieves will switch
      off their phones and help themselves in my home
\item if supermarkets can build a profile of what I buy, they
      can use it to their advantage (banks - mortgages)
\item my employer might not like my opinions\bigskip\pause

\item one the other hand, Freedom-of-Information Act 
\item medical data should be private, but medical research
      needs data 
\end{itemize}

\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[t]
\frametitle{Privacy Problems}

\begin{itemize}

\item Apple takes note of every Siri dictation (sent over the
      Internet to Apple; retained for 2 years)

\item markets often only work, if data is restricted (to build
      trust)

\item social networks can reveal data about you 

\item have you tried the collusion (lightbeam?) extension for
      FireFox?

\item I do use Dropbox, store cards

\end{itemize}

\begin{textblock}{5}(12,9.9)
\includegraphics[scale=0.2]{../pics/gattaca.jpg}\\
\small Gattaca (1997)
\end{textblock}

\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[t]
\frametitle{Privacy}

\begin{minipage}{1.05\textwidth}
\begin{itemize}

\item we \alert{do} want that government data is made public
      (free maps for example)

\item we \alert{do not} want that medical data becomes public
      (similarly tax data, school records, job search)\bigskip

\item personal information can potentially lead to fraud
      (identity theft)

\end{itemize}\pause

{\bf ``The reality'':}
\only<2>{\begin{itemize}
\item London Health Programmes lost in 2011 unencrypted
      details of more than 8 million people (no names, but
      postcodes and details such as gender, age and ethnic
      origin)
\end{itemize}}

\only<3>{\begin{itemize}
\item also in 2011, Sony got hacked: over 1M users' personal
      information, including passwords, email addresses, home
      addresses, dates of birth, and all Sony opt-in data
      associated with their accounts.
\end{itemize}}

\only<4>{\begin{itemize}
\item in 2007, Gordon Brown needed to apologise for the loss
      of tax data of 25M  people (a junior civil servant sent
      a CD in the mail, which got lost)
\end{itemize}}
\end{minipage}

\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[c]
%\frametitle{Privacy and Big Data}
%\mbox{}\\[-16mm]\mbox{}

Selected sources of ``Big Data'':\smallskip{}

\begin{itemize}
\item Facebook 
\begin{itemize}
\item 40+ Billion photos (100 PB)
\item 6 Billion messages daily (5 - 10 TB)
\item 900 Million users  
\end{itemize}
\item Common Crawl
\begin{itemize}
\item covers 3.8 Billion webpages (2012 dataset)
\item 50 TB of data
\end{itemize}
\item Google
\begin{itemize}
\item 20 PB daily (2008)
\end{itemize}
\item Twitter
\begin{itemize}
\item 15 Million active users in the UK; 500M tweets per day
\item a company called Datasift is allowed to mine all tweets since 2010
\item they charge 10k per month for other companies to target advertisement
\end{itemize}
\end{itemize}


\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{Cookies\ldots}

``We have published a new cookie policy. It explains what cookies are 
and how we use them on our site. To learn more about cookies and 
their benefits, please view our cookie policy.\medskip

If you'd like to disable cookies on this device, please view our information 
pages on 'How to manage cookies'. Please be aware that parts of the 
site will not function correctly if you disable cookies. \medskip

By closing this 
message, you consent to our use of cookies on this device in accordance 
with our cookie policy unless you have disabled them.''


\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[c]
\frametitle{Scare Tactics}

The actual policy reads:\bigskip

``As we explain in our Cookie Policy, cookies help you to get the most 
out of our websites.\medskip

If you do disable our cookies you may find that certain sections of our 
website do not work. For example, you may have difficulties logging in 
or viewing articles.''

\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{Netflix Prize}

Anonymity is \alert{necessary} for privacy, but \alert{not} enough!\bigskip

\begin{itemize}
\item Netflix offered in 2006 (and every year until 2010) a 1 Mio \$ prize for improving their movie rating algorithm
\item dataset contained 10\% of all Netflix users (appr.~500K)
\item names were removed, but included numerical ratings as well as times of rating
\item some information was \alert{perturbed} (i.e., slightly modified)
\end{itemize}

\hfill{\bf\alert{All OK?}}

\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{Re-identification Attacks}

Two researchers analysed the data: 

\begin{itemize}
\item with 8 ratings (2 of them can be wrong) and corresponding dates that can have a margin 14-day error, 98\% of the
records can be identified
\item for 68\% only two ratings and dates are sufficient (for movie ratings outside the top 500)\bigskip\pause
\item they took 50 samples from IMDb (where people can reveal their identity)
\item 2 of them uniquely identified entries in the Netflix database (either by movie rating or by dates)
\end{itemize}

\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[c]
\frametitle{Re-identification Attacks}


\begin{itemize}

\item in 1990 medical databases were routinely made public
      with names removed, but birth dates, gender, ZIP-code
      were retained\medskip

\item could be cross referenced with public voter registration
      data in order to find out what the medical record of the
      governor of Massachusetts was (in 1997 Latanya Sweeney)
      \bigskip

      \small
      (his record included diagnoses and prescriptions)
\end{itemize}

\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 


%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}[c]
\frametitle{}

\begin{itemize}
\item Birth data, postcode and gender (unique for\\ 87\% of the US population)
\item Preferences in movies (99\% of 500K for 8 ratings)
\end{itemize}\bigskip

Therefore best practices / or even law (HIPAA, EU): 

\begin{itemize}
\item only year dates (age group for 90 years or over), 
\item no postcodes (sector data is OK, similarly in the US)\\
\textcolor{gray}{no names, addresses, account numbers, licence plates}
\item disclosure information needs to be retained for 5 years
\end{itemize}

\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[c]
\frametitle{AOL Search Queries}

\begin{itemize}
\item In 2006, AOL published 20 million Web search queries 
  collected from 650,000 users (names had been deleted)\medskip
  
\item \ldots{}within days an old lady, Thelma Arnold, from
      Lilburn, Georgia, (11,596 inhabitants) was identified as
      user No.~4417749\medskip
  
\item some of the queries that identified her away:  
\begin{itemize}
\item landscapers in Lilburn, Ga
\item 60 single men
\item nicotine effects on the body
\item \ldots 
\end{itemize}  
\end{itemize}

\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[b]
\frametitle{FOI: New York Taxi DB}

\begin{itemize}
\item in 2013 somebody requested the Taxi DB (50GB of
data, 173 million individual rides)\medskip

\item data contained pickup and drop-off times, locations,
 data that identified the taxi, amount paid + tip\bigskip
 
\item no passenger data included\pause\medskip

\item well paparazzi photos contain taxi licence (and sometimes
photos are time stamped)\medskip

\item a PhD student could identify rides of  
  Bradley Cooper and Jessica Alba (more have been done
  since then)
\end{itemize}

\only<2->{
\begin{textblock}{5}(10,7)
\includegraphics[scale=0.15]{../pics/newyorktaxi.jpg}\\
\end{textblock}}


\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 



%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}<2>[c]
\frametitle{\large How to Safely Disclose Information?}

\only<1>{
\begin{itemize}
\item Assume you make a survey of 100 randomly chosen people.
\item Say 99\% of the surveyed people in the 10 - 40 age group have seen the
Gangnam video on youtube.\bigskip

\item What can you infer about the rest of the population? 
\end{itemize}}
\only<2>{
\begin{itemize}
\item Is it possible to re-identify data later, if more data is released? \bigskip\bigskip\pause

\item Not even releasing only  aggregate information prevents re-identification attacks.
(GWAS was a public database of gene-frequency studies linked to diseases;
you only needed partial DNA information  in order
to identify whether an individual was part of the study --- DB closed in 2008) 
\end{itemize}}

\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[c]
\frametitle{\Large We cannot exclude all Harm}

\begin{itemize}
\item Analysis of a given data set teaches us that smoking causes cancer. 
Mary, a smoker, is harmed by this analysis: her insurance premiums rise. 
Mary’s premiums rise whether or not her data are in the data set. In other words, 
Mary is harmed by the finding smoking causes cancer.\bigskip

\item \ldots of course she is also helped; she might quit smoking
\end{itemize}

\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 
     
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[c]
\frametitle{\Large We cannot exclude all Harm}

Supervising queries will also not work in general:

\begin{itemize}
\item denying a request can already disclose information

\item in general it is not decidable, whether a sequence
  of queries can identify a person
\end{itemize}

\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 
     
     
     
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\mode<presentation>{
\begin{frame}<2>[c]
\frametitle{Differential Privacy}

\begin{itemize}
\item Goal: Nothing about an individual should be learnable from the database that 
cannot be learned without access to the database.\pause\bigskip

\item Differential privacy is a ``protocol'' which you run on some dataset \bl{$X$} producing
some output \bl{$O(X)$}.\bigskip

\item You want to achieve \alert{\bf forward privacy}.
\end{itemize}

\end{frame}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[c]
\frametitle{Differential Privacy}

\begin{center}
User\;\;\;\;    
\begin{tabular}{c}
tell me \bl{$f(x)$} $\Rightarrow$\\
$\Leftarrow$ \bl{$f(x) + \text{noise}$}
\end{tabular}
\;\;\;\;\begin{tabular}{@{}c}
Database\\
\bl{$x_1, \ldots, x_n$}
\end{tabular}
\end{center}


\begin{itemize}
\item \bl{$f(x)$} can be released, if \bl{$f$} is insensitive to
individual entries  \bl{$x_1, \ldots, x_n$}\\
\item Intuition: whatever is learned from the dataset would be learned regardless of whether
\bl{$x_i$} participates\bigskip\pause 

\item Noise needed in order to prevent queries:\\ Christian's salary $=$ 
\begin{center}
\bl{\large$\Sigma$} all staff $-$  \bl{\large$\Sigma$} all staff $\backslash$ Christian
\end{center} 
\end{itemize}

\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%\begin{frame}[c]
%\frametitle{Example}
%
%\begin{center}
%\begin{tabular}{l|l}
%Name	 & Has the disease?\\\hline
%Alice          & yes\\ 
%Bob     	 & no\\
%Charlie	 & yes\\
%Eve	         & no\\
%Chandler	 & yes\\
%\end{tabular}
%\end{center}
%
%How many people have a disease?
%
%\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[c]
\frametitle{Adding Noise}

Adding noise is not as trivial as one would wish:

\begin{itemize}
\item If I ask how many of three have a disease and get a result
as follows 

\begin{center}
\begin{tabular}{l|c}
Alice & yes\\
Bob & no\\
Charlie & yes\\
\end{tabular}
\end{center}

then I have to add a noise of \bl{$1$}. So answers would be in the
range of \bl{$1$} to \bl{$3$}

\bigskip
\item But if I ask five questions for all the dataset (has the disease, is male, below 30, \ldots),
then one individual can change the dataset by \bl{$5$}
\end{itemize}

\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[c]
\frametitle{\Large Differential Privacy Problems}

\begin{itemize}
\item How to do differential privacy ``offline'' is still
an active research question?

\item What constitutes a single entry in the database?

\item Evolution of a database:
\end{itemize}

\begin{center}\small
\begin{tabular}{l|ll}
Name	 & Has the disease?\\\hline
Alice          & yes\\ 
Bob     	 & no\\
Charlie	 & yes\\
Eve	         & no\\
Chandler	 & yes\\
Marc       & yes & $\Leftarrow$ new entry\\
\end{tabular}
\end{center}

\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%\begin{frame}[c]
%\frametitle{Tor}
%
%\begin{center}
%??
%\end{center}
%\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 



     
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\begin{frame}[c]
\frametitle{Take Home Point}

According to Ross Anderson: \bigskip
\begin{itemize}
\item Creating large databases of sensitive personal information is intrinsically 
hazardous (NHS)\bigskip


\item Privacy in a big hospital is just about doable.\medskip
\item How do you enforce privacy  in something as big as Google
or complex as Facebook? Nobody knows.\bigskip

Similarly, big databases imposed by government.
\end{itemize}

\end{frame}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% 


\end{document}

%%% Local Variables:  
%%% mode: latex
%%% TeX-master: t
%%% End: