satisfy legal definitions of privacy
play

Satisfy Legal Definitions of Privacy? The Case of FERPA and - PowerPoint PPT Presentation

Oct 18, 2023 •232 likes •865 views

Do Computer Science Definitions of Privacy Satisfy Legal Definitions of Privacy? The Case of FERPA and Differential Privacy CS LAW Kobbi Nissim Ben-Gurion University Center for Research on Computation and Society

  1. Do Computer Science Definitions of Privacy Satisfy Legal Definitions of Privacy? The Case of FERPA and Differential Privacy CS LAW Kobbi Nissim Ben-Gurion University Center for Research on Computation and Society Harvard University Priv rivacy Enhancin ing Technolo logie ies for r Bio Biometric ic Data Haifa University, Jan 17, 2016

  2. This Work: a Collaboration CS LAW Product of a working group (meeting since Nov 2014) Contributing to this project: • Center for Research on Computation and Society (CRCS): • Kobbi Nissim, Aaron Bembenek, Mark Bun, Marco Gaboardi, Thomas Steinke, and Salil Vadhan • Berkman Center for Internet & Society: • David O ’ Brien, Alexandra Wood, and Urs Gasser

  4. Privacy Tools for Sharing Research Data • Goal: help social scientists share privacy-sensitive research data via a collection of technological and legal tools • A problem: privacy protection techniques repeatedly shown to fail to provide reasonable privacy

  5. Data Privacy • Studied (at least) from the 60s • Approaches: De-identification, redaction, auditing, noise addition, synthetic datasets … • Focus on how to provide privacy, not on what privacy protection is • May have been suitable for the pre-internet era • Re- identification [Sweeney ’00, …] • GIS data, health data, clinical trial data, DNA, Pharmacy data, text data, registry information, … • Blatant non- privacy [Dinur, Nissim ‘03], … • Auditors [Kenthapadi, Mishra, Nissim ’05] • AOL Debacle ‘06 • Genome- Wide association studies (GWAS) [Homer et al. ’08] • Netflix award [Narayanan, Shmatikov ‘09] • Netflix canceled second contest • Social networks [Backstrom , Dwork, Kleinberg ‘11] • Genetic research studies [Gymrek, McGuire, Golan, Halperin, Erlich ‘11] • Microtargeted advertising [Korolova 11] • Recommendation Systems [Calandrino, Kiltzer, Naryanan, Felten, Shmatikov 11] • Israeli CBS [Mukatren , Nissim, Salman, Tromer ’14] • Attack on statistical aggregates [Homer et al.’08] [Dwork, Smith, Steinke, Vadhan ‘15 ] • … Slide idea stolen shamelessly from Or Sheffet

  6. Privacy Tools for Sharing Research Data • Goal: help social scientists share privacy-sensitive research data via a collection of technological and legal tools • A problem: privacy protection techniques repeatedly shown to fail to provide reasonable privacy • Differential privacy [Dwork, McSherry, N, Smith 2006] • A formal mathematical privacy concept • Addresses weaknesses of traditional schemes (and more) • Has a rich theory, in first steps of implementation and testing

  7. The Protagonists Differential Privacy A mathematical definition of privacy 𝑁: 𝑌 𝑜 → 𝑈 satisfies 𝜗 -differential privacy if FERPA (the Family Educational Rights and ∀𝑦, 𝑦 ′ ∈ 𝑌 𝑜 s.t. 𝑒𝑗𝑡𝑢 𝐼 𝑦, 𝑦 ′ = 1 ∀𝑇 ⊆ 𝑈 , Privacy Act) M 𝑁 𝑦 ∈ 𝑇 ≤ 𝑓 𝜗 Pr M 𝑁 𝑦 ′ ∈ 𝑇 . A legal standard of privacy Pr

  8. A use case: The Privacy Tools for Sharing Research Data Project * http://privacytools.seas.harvard.edu/

  9. Contains Should I apply student info for access??? protected by FERPA Other IRB policies, terms of use … researchers may is it worth the trouble? find it useful … Alice Bob Dataverse Network Alice ’ s data please Restricted! Access to Alice ’ s data Alice ’ s cool w/differential privacy MOOC data Privacy Tools Does DP satisfy FERPA? * http://dataverse.org/ http://privacytools.seas.harvard.edu/

  10. Short digression: Motivating Differential Privacy

  11. Yay! Just before this talk … an interesting discussion … How many Justin Bieber fans attend the workshop? Highly sensitive personal info; how can this be done? Great! … I will only I will do publish the the survey… result Hooray! … and Trusted Party immediately forget the data! Yay!

  12. 3 #JustinBieber fans attend #Haifa-privacy-workshop

  13. A survey! How many JB A few minutes later - I come in … fans attend the wkshop? … publish the result I will do the survey … … and forget the Trusted Party data! What are you doing? Me too!

  14. 3 #JustinBieber fans attend #Haifa-privacy-workshop 4/100 chance Each Kobbi is a JB The tweet fan hides my info! Aha! (after @Kobbi joins): 4 #JustinBieber fans attend #Haifa-privacy-workshop

  15. Composition • Differencing attack: • How is my privacy affected when an attacker sees analysis before and after I join/leave? • More generally: Composition • Ho is my privacy affected when an attacker combines results from two or more privacy preserving analyses? • Fundamental law of information: the more information we extract from our data, the more is learned about individuals! • So, privacy will deteriorate as we use our data more and more • Best desiderata: • Deterioration is quantifiable and controllable • Not abrupt

  16. The Protagonists: Differential Privacy

  17. My Privacy Desiderata Real world: Kobbi ’ s data Analysis Outcome (Computation) Data same outcome My ideal world: Data Analysis Outcome w/my (Computation) info removed

  18. Things to Note • In this talk, we only consider the outcome of analyses • Security flaws, hacking, implementation errors, … • Very important but very different questions • My privacy desiderata would hide whether I ’ m a JB fan! • Resilient to differencing attacks • Does not mean I ’ m fully protected • I ’ m only protected to the extent I ’ m protected in my ideal world • Some harm could happen to me even in my ideal world • Bob smokes in public • Study teaches that smoking causes cancer • Bob ’ s health insurer raises his premium • Bob is harmed even if he does not participate in the study!

  19. Our Privacy Desiderata Should ignore Kobbi ’ s info Real world: Analysis Outcome (Computation) Data same outcome My ideal world: Data Analysis Outcome w/my (Computation) info removed

  20. Our Privacy Desiderata Should ignore Kobbi’s info and Gertrude’s! Real world: Analysis Outcome (Computation) Data same outcome Gert ’ s ideal world: Data Analysis Outcome w/Gert ’ s (Computation) info removed

  21. Our Privacy Desiderata Should ignore Kobbi ’ s info and Gertrude ’ s! and Mark’s! Real world: Analysis Outcome (Computation) Data same outcome Mark’s ideal world: Data Analysis Outcome w/ Mark ’s (Computation) info removed

  22. Our Privacy Desiderata Should ignore Kobbi ’ s info and Gertrude’s! and Mark’s! Real world: … and everybody ’ s! Analysis Outcome (Computation) Data same outcome  ’s ideal world: Data Analysis Outcome w/  ’s (Computation) info removed

  23. A Realistic Privacy Desiderata Real world: Analysis Outcome (Computation) Data same outcome ε - ” similar ”  ’ s ideal world: Data Analysis Outcome w/  ’ s (Computation) info removed

  24. Differential Privacy [Dwork McSherry N Smith 06] Real world: Analysis Outcome (Computation) Data ε - ”similar”  ’ s ideal world: Data Analysis Outcome w/  ’s (Computation) info removed *See also: Differential Privacy: An Introduction for Social Scientists.

  25. Why Differential Privacy? • DP: Strong, quantifiable, composable mathematical privacy guarantee • Provably resilient to known and unknown attack modes! • Natural interpretation: I am protected (almost) to the extent I’m protected in my privacy-ideal scenario • Theoretically, DP enables many computations with personal data while preserving personal privacy • Practicality in first stages of validation

  26. Differential Privacy [Dwork McSherry N Smith 06] 𝑁: 𝑌 𝑜 → 𝑈 satisfies 𝜗 -differential privacy if ∀𝑦, 𝑦 ′ ∈ 𝑌 𝑜 s.t. 𝑒𝑗𝑡𝑢 𝐼 𝑦, 𝑦 ′ = 1 ∀𝑇 ⊆ 𝑈 , M 𝑁 𝑦 ∈ 𝑇 ≤ 𝑓 𝜗 Pr M 𝑁 𝑦 ′ ∈ 𝑇 . Pr

  27. It ’ s Real!

  28. How is Differential Privacy Achieved? • Careful addition of random noise into the computation: • Randomized Response [W65], Framework of global sensitivity [DMNS05], Framework of smooth sensitivity [NRS07], Sample and aggregate [NRS07], Exponential mechanism [MT07], Propose test release [DL09], Sparse vector technique [DNRRV09], Private multiplicative weights [HR10], Matrix mechanism [LHRMM10], Choosing mechanism [BNS13], Large margin mechanism [CHS14], Dual query mechanism [GGHRW14 ], … • Differentially private algorithms exists for many tasks: • Statistics, machine learning, private data release, …

  33. Some Other Efforts to Bring DP to Practice • Microsoft Research “ PINQ ” • CMU-Cornell-PennState “ Integrating Statistical and Computational Approaches to Privacy ” (See http://onthemap.ces.census.gov/) • UCSD “ Integrating Data for Analysis, Anonymization, and Sharing ” (iDash) • UT Austin “ Airavat: Security & Privacy for MapReduce ” • UPenn “ Putting Differential Privacy to Work ” • Stanford-Berkeley-Microsoft “ Towards Practicing Privacy ” • Duke-NISSS “ Triangle Census Research Network ” • MIT/CSAIL/ALFA "MoocDB Privacy tools for Sharing MOOC data" • …

  34. The Protagonists: FERPA

Recommend

PRIVACY IN UBIQUITOUS PRIVACY IN UBIQUITOUS Understanding Privacy Technical Approaches

PRIVACY IN UBIQUITOUS PRIVACY IN UBIQUITOUS Understanding Privacy Technical Approaches

Marc Langheinrich: Privacy in Ubiquitous Computing 5/29/2010 Todays Menu PRIVACY IN UBIQUITOUS PRIVACY IN UBIQUITOUS Understanding Privacy Technical Approaches COMPUTING Definitions Challenges 1. History and legal aspects 1.

264 views • 13 slides
Bridging Privacy Definitions: Differential Privacy and Concepts from Privacy Law & Policy

Bridging Privacy Definitions: Differential Privacy and Concepts from Privacy Law & Policy

Bridging Privacy Definitions: Differential Privacy and Concepts from Privacy Law & Policy Alexandra Wood Berkman Klein Center for Internet & Society at Harvard University DIMACS/Northeast Big Data Hub Workshop on Overcoming Barriers to

964 views • 54 slides
DIFFERENTIAL PRIVACY and some of its relatives BETTER DEFINITIONS or: Why you should I answer

DIFFERENTIAL PRIVACY and some of its relatives BETTER DEFINITIONS or: Why you should I answer

DIFFERENTIAL PRIVACY and some of its relatives BETTER DEFINITIONS or: Why you should I answer your survey? THE PROBLEM Statistical databases provide some utility, ...often at odds with privacy concerns. Utility for who? - Government,

808 views • 42 slides
Privacy Overview WMU Cooley Journal Of Practical and Clinical Law Legal Conference January 30,

Privacy Overview WMU Cooley Journal Of Practical and Clinical Law Legal Conference January 30,

Privacy Overview WMU Cooley Journal Of Practical and Clinical Law Legal Conference January 30, 2015 Robert L. Rothman Principal, Privacy Associates International LLC Purpose What is Privacy? Historical Development What is privacy? 3

712 views • 25 slides
Privacy by Design Deirdre K. Mulligan Privacy by design, why now? Legal Drivers E- Government

Privacy by Design Deirdre K. Mulligan Privacy by design, why now? Legal Drivers E- Government

Privacy by Design Deirdre K. Mulligan Privacy by design, why now? Legal Drivers E- Government Act of 2002 and OMB Guidance for Implementing the Privacy Provisions of the E-Government Act of 2002 Resolution on Privacy by Design, Data Protection

556 views • 41 slides
Current Privacy Law Topics WMU Cooley Journal Of Practical and Clinical Law Legal Conference

Current Privacy Law Topics WMU Cooley Journal Of Practical and Clinical Law Legal Conference

Current Privacy Law Topics WMU Cooley Journal Of Practical and Clinical Law Legal Conference January 30, 2015 Keith A. Cheresko Principal, Privacy Associates International LLC Purpose Privacy is a complex, multifaceted topic. The purpose

281 views • 27 slides
DATA PRIVACY FROM THE LEGAL TO THE ETHICAL ? ERIC SALAMA, SENIOR FELLOW HARVARD KENNEDY SCHOOL

DATA PRIVACY FROM THE LEGAL TO THE ETHICAL ? ERIC SALAMA, SENIOR FELLOW HARVARD KENNEDY SCHOOL

DATA PRIVACY FROM THE LEGAL TO THE ETHICAL ? ERIC SALAMA, SENIOR FELLOW HARVARD KENNEDY SCHOOL M-RCBG 29 TH OCTOBER 2020 HOUSE REPORT SEES POOR STANDARDS OF DATA PRIVACY AS EVIDENCE OF MONOPOLY POWER In the absence of adequate privacy

523 views • 29 slides
CAs Privacy Legal Framework Reasonable Security Minimum standard of reasonable

CAs Privacy Legal Framework Reasonable Security Minimum standard of reasonable

CAs Privacy Legal Framework Reasonable Security Minimum standard of reasonable security Consumer NoBce California Online Privacy ProtecBon Act 1 Civil Code 1798.81.5 A business that owns, licenses, or maintains

545 views • 16 slides
AI in Healthcare: Privacy & Ethics considerations Ivana Bartoletti Head of Privacy, Data

AI in Healthcare: Privacy & Ethics considerations Ivana Bartoletti Head of Privacy, Data

AI in Healthcare: Privacy & Ethics considerations Ivana Bartoletti Head of Privacy, Data Protection and Ethics Contents Privacy in the Digital age: main issues Ethics: definitions and background Privacy challenges in Health

713 views • 23 slides
Session 5b Privacy, Data Security and Legal Considerations in Software as a Service and Cloud

Session 5b Privacy, Data Security and Legal Considerations in Software as a Service and Cloud

Session 5b Privacy, Data Security and Legal Considerations in Software as a Service and Cloud Computing Services for Educational Institutions Presented by: Cristina Blanton Erin Fonte Associate Systemwide Compliance and Member, Privacy

310 views • 28 slides
Security and Privacy-Aware Cyber-Physical Systems: Legal Considerations Christopher S. Yoo

Security and Privacy-Aware Cyber-Physical Systems: Legal Considerations Christopher S. Yoo

Security and Privacy-Aware Cyber-Physical Systems: Legal Considerations Christopher S. Yoo University of Pennsylvania July 12, 2018 Overview of Research Tort and products liability for CPS Privacy and cybersecurity regulation NHTSA

472 views • 25 slides
The Changing Nature of the FTCs Alexis Goltra, Vice President, Legal & Chief Privacy and

The Changing Nature of the FTCs Alexis Goltra, Vice President, Legal & Chief Privacy and

October 15, 2019 The Changing Nature of the FTCs Alexis Goltra, Vice President, Legal & Chief Privacy and Data Security Orders, Privacy Officer the Rising Specter of Individual Oracle Liability, and the Future of FTC Authority and

260 views • 15 slides
Worksheets are Dynamic , Active Forms Academic Programsheets Legal Worksheets Privacy and

Worksheets are Dynamic , Active Forms Academic Programsheets Legal Worksheets Privacy and

Worksheets are Dynamic , Active Forms Academic Programsheets Legal Worksheets Privacy and Security Labor Law Intellectual Property E-commerce Permits and Licenses Health Care Legal Worksheets Creating Worksheets Our Approach Do It

533 views • 16 slides
Privacy in the Big Data Era SDS2015 ZHAW , June 12, 2015 O LIVIER H EUBERGER -G TSCH Legal

Privacy in the Big Data Era SDS2015 ZHAW , June 12, 2015 O LIVIER H EUBERGER -G TSCH Legal

Privacy in the Big Data Era SDS2015 ZHAW , June 12, 2015 O LIVIER H EUBERGER -G TSCH Legal Counsel | Attorney at Law Introduction Big Data Profiling Aspects re Privacy and Data Protection Quo Vadis Privacy? Introduction

326 views • 19 slides
Privacy and your data Christopher Scholefield Commercial Partner Lara Zambon Legal

Privacy and your data Christopher Scholefield Commercial Partner Lara Zambon Legal

Privacy & your data Privacy and your data Christopher Scholefield Commercial Partner Lara Zambon Legal Assistant Privacy & your data Data protection What are we talking about? What is personal data? Rights of the data

486 views • 19 slides
Legal Compliance: ADA Best Practices and Privacy Rights Erika Geetter, Esq. Boston University

Legal Compliance: ADA Best Practices and Privacy Rights Erika Geetter, Esq. Boston University

Legal Compliance: ADA Best Practices and Privacy Rights Erika Geetter, Esq. Boston University November 4, 2011 ADA Best Practices and Privacy Rights 4/24/2013 Laws that Relate to Students with Disabilities Section 504 of the

497 views • 39 slides
Privacy in Ubiquitous Computing Systems Marc Langheinrich ETH Zurich, Switzerland

Privacy in Ubiquitous Computing Systems Marc Langheinrich ETH Zurich, Switzerland

Privacy in Ubiquitous Computing Systems Marc Langheinrich ETH Zurich, Switzerland http://www.inf.ethz.ch/~langhein/ TU Eindhoven Whats Up? TU Eindhoven What is privacy, anyway? Privacy definitions Privacy motivation How

1.07k views • 38 slides
Personal Privacy in Ubiquitous Computing Marc Langheinrich ETH Zurich

Personal Privacy in Ubiquitous Computing Marc Langheinrich ETH Zurich

Personal Privacy in Ubiquitous Computing Marc Langheinrich ETH Zurich http://www.inf.ethz.ch/~langhein/ Univ. of Lancaster Visit Whats Up? Univ. of Lancaster Visit ! What Is Privacy, Anyway? Privacy Definitions Privacy Motivation

1.01k views • 52 slides
Privacy Definitions: Beyond Anonymity CompSci 590.03 Instructor: Ashwin Machanavajjhala Lecture

Privacy Definitions: Beyond Anonymity CompSci 590.03 Instructor: Ashwin Machanavajjhala Lecture

Privacy Definitions: Beyond Anonymity CompSci 590.03 Instructor: Ashwin Machanavajjhala Lecture 5 : 590.03 Fall 12 1 Announcements Some new project ideas added Please meet with me at least once before you finalize your project

725 views • 53 slides
Legal Perspective on Technology and Privacy in the United States Marek Dolgos CS 305 May 19,

Legal Perspective on Technology and Privacy in the United States Marek Dolgos CS 305 May 19,

Legal Perspective on Technology and Privacy in the United States Marek Dolgos CS 305 May 19, 2010 First Amendment Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the

399 views • 11 slides
Access Control is an Inadequate Framework for Privacy Protection Lalana Kagal & Hal Abelson

Access Control is an Inadequate Framework for Privacy Protection Lalana Kagal & Hal Abelson

Access Control is an Inadequate Framework for Privacy Protection Lalana Kagal & Hal Abelson DIG @ CSAIL Monday 12 July 2010 Alternate Definitions of Privacy In 1890, Brandeis and Warren defined privacy as the right to be let alone

541 views • 11 slides
Privacy at Uber June 2019 Privacy is not a blocker of innovation. Its essential to it.

Privacy at Uber June 2019 Privacy is not a blocker of innovation. Its essential to it.

Privacy at Uber June 2019 Privacy is not a blocker of innovation. Its essential to it. Required Product Review Process Product/Engineering/Legal Review Privacy/Security Review Does it collect or use personal information? What is the

158 views • 14 slides
Vote-Independence: A Powerful Privacy Notion for Voting Protocols Jannik Dreier, Pascal

Vote-Independence: A Powerful Privacy Notion for Voting Protocols Jannik Dreier, Pascal

Introduction Intuitive Definitions Formal Definitions Analysis and Case Studies Conclusion Vote-Independence: A Powerful Privacy Notion for Voting Protocols Jannik Dreier, Pascal Lafourcade, Yassine Lakhnech Universit Grenoble 1, CNRS,

1.12k views • 58 slides
How to capture, model, and verify the knowledge of legal, security, and privacy experts: a

How to capture, model, and verify the knowledge of legal, security, and privacy experts: a

Universit degli Studi di Trento How to capture, model, and verify the knowledge of legal, security, and privacy experts: a pattern-based approach L. Compagna, P. El Khoury F. Massacci , N. Zannone R. Thomas Security Research Dept.

357 views • 14 slides

More recommend