introduction to privacy technologies
play

Introduction to Privacy Technologies Claudia Diaz KU Leuven COSIC - PowerPoint PPT Presentation

Jan 01, 2023 •421 likes •794 views

Introduction to Privacy Technologies Claudia Diaz KU Leuven COSIC Summer School on real-world crypto and privacy June 2017 Claudia Diaz (KU Leuven) 1 Overview What is privacy? (non-technical definitions) What are the privacy

  1. Introduction to Privacy Technologies Claudia Diaz KU Leuven – COSIC Summer School on real-world crypto and privacy June 2017 Claudia Diaz (KU Leuven) 1

  2. Overview • What is privacy? (non-technical definitions) • What are the “privacy concerns” in the context of technology? • Which technical solutions exist to tackle those concerns? • Challenges and limitations of those solutions Claudia Diaz (KU Leuven) 2

  3. (Some) Definitions of Privacy Claudia Diaz (KU Leuven) 3

  4. What is privacy? • Abstract and subjective concept • Dependent on: – Study discipline – Stakeholder – Social norms and expectations – Context

  5. Warren & Brandeis (1890) • From a legal perspective • “The right to be let alone” – This citation was a response to technological developments (photography, and its use by the press) – Warren and Brandeis declared that information which was previously hidden and private could now be "shouted from the rooftops”

  6. Westin (1970) “The right of the individual to decide what • information about himself should be communicated to others and under what circumstances” • “Informational self-determination” ( German constitutional ruling, 1983) – “[...] in the context of modern data processing, the protection of the individual against unlimited collection, storage, use and disclosure of his/her personal data is encompassed by the general personal rights of the German Constitution. This basic right warrants in this respect the capacity of the individual to determine in principle the disclosure and use of his/her personal data .”

  7. Agre and Rotenberg (1998) • From a social psychology perspective • “The freedom from unreasonable constraints on the construction of one's own identity” – The construction of one's identity is always mediated by “gaze of the other” – Impression management, self-presentation • Construct an image of ourselves to claim personal identity • Social networks, profiling, search results

  8. Solove’s taxonomy of privacy (2006) • Information Collection • Information Dissemination – Surveillance – Breach of Confidentiality – Interrogation – Disclosure – Exposure – Increased Accessibility • Information Processing – Blackmail – Aggregation – Appropriation – Identification – Distortion – Insecurity – Secondary Use – Exclusion • Invasion – Intrusion – Decisional Interference June 27, 2011 8

  9. Nissembaum (2004) • From a moral philosophy perspective • Concept of privacy as “ contextual integrity ” – The protection for privacy is tied to norms of specific contexts. • Contextual integrity is maintained when both these types of norms are upheld: – Norms of appropriateness : what information about persons is appropriate to reveal in a particular context – Norms of flow or distribution : what can be done with that information (e.g., expectation of confidentiality) • These norms may be – Explicit and specific – Implicit, variable, and incomplete • Application to the evaluation of technical systems Claudia Diaz (KU Leuven) 9

  10. Data Protection • EU Data Protection Directive (1995) • Data Protection Regulation (2016) will be in effect from May 2018 • Applies to “Personal data”: any information relating to an individual Does not apply to national security activities or law enforcement – • “Regulation on the protection of natural persons with regard to the processing of personal data and on the free movement of such data ” • Principles: Transparency – Informed consent of the data subject, access rights • Necessity based on contractual, compliance, public interest, etc. • Legitimate purpose: – Personal data can only be processed for specified explicit and legitimate purposes, purpose • limitation Proportionality – • Data must be adequate, relevant and not excessive in relation to the purposes for which they are collected and processed (aka “data minimization”) Accountability of the data controller – Claudia Diaz (KU Leuven) 10

  11. ECHR Art 8 • Emerged as a response to the excesses of totalitarian states in the 30s and 40s (entered into force in 1953) – Spirit: protect citizens from an overbearing/intrusive state – During the cold war: ‘western’ states would distinguish themselves from the ‘eastern block’ in that the population was not subject to pervasive surveillance • European Convention on Human Rights Article 8 – Right to respect for private and family life – 1. Everyone has the right to respect for his private and family life, his home and his correspondence . – 2. There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in • the interests of national security , public safety or the economic well-being of the country , for the prevention of disorder or crime , for the protection of health or morals , or for the protection of the rights and freedoms of others. 11

  12. Related concepts • Intertwined with other concepts – Freedom: anonymous speech, freedom of association – Dignity: airport scanners – Autonomy: censorship, filter bubble – (Non-)discrimination: profiling and personalization – Personal safety: identity theft – Democracy: targeted political messaging exploiting psychological biases Claudia Diaz (KU Leuven) 12

  13. Privacy and Technology Claudia Diaz (KU Leuven) 13

  14. Offline world Online world Information is hard/costly to Information is easy/cheap to • • collect, store, search, and collect, store search, and access process – Conversation face-to-face – Skype, instant messaging – Letters in the post – Emails – Papers in an physical archive – Files in digital archive – Paying with cash – Paying with credit card – Following your movements – Location tracking – Knowing who your friends are – “Online” friends – Looking for info in encyclopedia – Searching in google, wikipedia • Information hard to copy/ • Easy to copy/disseminate, but disseminate, easy to destroy hard to destroy • Hard to aggregate, make • Easy to aggregate, make profiles and inferences profiles and inferences: unique identifiers Information forgotten after • some time Information never forgotten • … … • •

  15. Nothing to hide? Solove: “The problem with the ‘nothing to hide’ • argument is its underlying assumption that privacy is about hiding bad things.” “Part of what makes a society a good place in which • to live is the extent to which it allows people freedom from the intrusiveness of others. A society without privacy protection would be suffocation .” Difference between “secret” and “private” • – Your daily routine, your movements, who your friends are, what you said in a conversation, which books you read… – These may not be secret, but you may not be comfortable with making it public or having external entities knowing about it, analyzing it, and extracting conclusions from it

  16. Privacy and technology • Bottom line: our actions and interactions are increasingly mediated by technology – We leave digital traces everywhere – Traces are combined, aggregated, and analyzed to infer further information about ourselves and to make decisions that affect us – We have no control over our information, or the inferences derived from it (lack of transparency) • Information is never forgotten – But will perhaps be used out of context

  17. Privacy Technologies • Aim to address / mitigate certain privacy concerns – While allowing us to enjoy the benefits of modern ICTs • Three categories of technologies and discuss: – Privacy concerns that motivate the solutions – Goals of the solutions – Example technologies – Challenges and limitations Claudia Diaz (KU Leuven) 17

  18. “Social privacy”: Privacy concerns • Technology mediation of social interactions leads to problems in the immediate social context of the user – “My parents discovered I’m gay” – “My boss found out that I hate him” – “My friends saw my naked pictures OMG!” • Self-presentation and identity construction towards friends, family, colleagues – Particularly relevant in social media applications – Tension between privacy and publicity • Decision making: cognitive overload, bounded rationality, immediate gratification, hyperbolic discounting, behavioral biases • Who defines the privacy problem: – Users Claudia Diaz (KU Leuven) 18

  19. “Social privacy”: Goals • Meet privacy expectations : “don’t surprise the user!” • Make privacy controls (e.g., settings) visible and easy to use • Support users in privacy-relevant decision making : – users can better predict the outcomes of their actions, such that they do not regret their actions after the fact • Help users develop appropriate privacy practices – e.g., etiquette: use “Bcc:” instead of “Cc:” when sending email to a large number of people Claudia Diaz (KU Leuven) 19

  20. “Social privacy”: Examples • Appropriate defaults – “only friends” • Usability of privacy settings – automated grouping of friends • Contextual feedback mechanisms – “how others see my profile” • Privacy nudges Claudia Diaz (KU Leuven) 20

  21. Timer nudge (stop and think) 21

  22. Sentiment nudge (content feedback) 22

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

PRIVACY ENHANCING TECHNOLOGIES INTRODUCTION INTRODUCTION TO PRIVACY ENHANCING TECHNOLOGIES OUR

PRIVACY ENHANCING TECHNOLOGIES INTRODUCTION INTRODUCTION TO PRIVACY ENHANCING TECHNOLOGIES OUR

PRIVACY ENHANCING TECHNOLOGIES INTRODUCTION INTRODUCTION TO PRIVACY ENHANCING TECHNOLOGIES OUR MISSION Least Authoritys mission is to build and support ethical and usable technology solutions that advance digital security and privacy as

552 views • 13 slides
CS305 Topic Privacy Concept Evolution Rights to Privacy Privacy and Technologies

CS305 Topic Privacy Concept Evolution Rights to Privacy Privacy and Technologies

CS305 Topic Privacy Concept Evolution Rights to Privacy Privacy and Technologies US Privacy Laws Sources: Baase: A Gift of Fire and Quinn: Ethics for the Information Age Ethics Spring 2010 Privacy 1 Privacy The original

725 views • 45 slides
An Introduction to Privacy Technologies Prof. George Danezis, UCL 28/11/2016 The Alan Turing

An Introduction to Privacy Technologies Prof. George Danezis, UCL 28/11/2016 The Alan Turing

An Introduction to Privacy Technologies Prof. George Danezis, UCL 28/11/2016 The Alan Turing Institute 1 Privacy Technologies Who am I? George Danezis Short bio: October 2013 Today Professor, University College London

496 views • 34 slides
Privacy Enhancing Technologies Spring 2006 Outline Privacy Overview Course Topics

Privacy Enhancing Technologies Spring 2006 Outline Privacy Overview Course Topics

ECE598NB Privacy Enhancing Technologies Spring 2006 Outline Privacy Overview Course Topics Course Structure Privacy Define privacy Privacy History Privacy has always existed Cities / large populations have made

173 views • 14 slides
Data privacy. Introduction Vicen c Torra February, 2018 Introduction Outline Introduction

Data privacy. Introduction Vicen c Torra February, 2018 Introduction Outline Introduction

Data privacy. Introduction Vicen c Torra February, 2018 Introduction Outline Introduction Goals: / Topics Privacy from three different perspectives: anonymous communications/privacy enhancing technologies, privacy preserving data

197 views • 6 slides
Consumer Privacy Protection Principles: Privacy Principles for Vehicle Technologies and Service

Consumer Privacy Protection Principles: Privacy Principles for Vehicle Technologies and Service

Consumer Privacy Protection Principles: Privacy Principles for Vehicle Technologies and Service Automotive Industry Privacy Principles Nov. 12, 2014 Auto Alliance and Global Automakers come together to create a set of privacy principles

419 views • 20 slides
Introduction to Blockchain Technologies Sarah Azouvi (University College London) Privacy

Introduction to Blockchain Technologies Sarah Azouvi (University College London) Privacy

Introduction to Blockchain Technologies Sarah Azouvi (University College London) Privacy International Forum - 19/10/2017 1 Outline Outline How it works Outline How it works Privacy? Outline How it works Privacy? New applications

641 views • 62 slides
Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy -

Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy -

CISPA Center for IT Security, Privacy and Accountabiltiy Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals, groups, or institutions to determine for themselves when,

573 views • 26 slides
Meanings of "Privacy" in Privacy Enhancing Technologies

Meanings of "Privacy" in Privacy Enhancing Technologies

Meanings of "Privacy" in Privacy Enhancing Technologies Claudia Diaz KU Leuven COSIC Digital IdenBty Management (DIM) November 8, 2013 Claudia

565 views • 19 slides
Quantifying Privacy Loss of Human Mobility Graph Topology The 18th Privacy Enhancing Technologies

Quantifying Privacy Loss of Human Mobility Graph Topology The 18th Privacy Enhancing Technologies

Quantifying Privacy Loss of Human Mobility Graph Topology The 18th Privacy Enhancing Technologies Symposium July 2427, 2018 Dionysis Manousakas , Cecilia Mascolo , , Alastair R. Beresford , Dennis Chan , Nikhil Sharma

758 views • 45 slides
Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in

Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in

Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in many ways over the years. Usually privacy is concerned with the individual human being. We may talk about privacy as the control over your own

230 views • 21 slides
How Communication Technologies Introduce Privacy Turbulence in Families During Late Adolescence

How Communication Technologies Introduce Privacy Turbulence in Families During Late Adolescence

How Communication Technologies Introduce Privacy Turbulence in Families During Late Adolescence Jessica Vitak, Yuting Liao, and Priya Kumar College of Information Studies, University of Maryland Privacy and Education Research Lab (PEARL) |

352 views • 17 slides
Privacy Enhancing Technologies for the Internet, Parts I and II Ian Goldberg, David Wagner, Eric

Privacy Enhancing Technologies for the Internet, Parts I and II Ian Goldberg, David Wagner, Eric

Privacy Enhancing Technologies for the Internet, Parts I and II Ian Goldberg, David Wagner, Eric Brewer presented by Nikita Borisov ECE598NB - Spring 2006 Motivation Threats to privacy Online actions monitored Information

776 views • 26 slides
Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals,

Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals,

Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is

1.01k views • 76 slides
Basic Privacy Principles Introduction to Privacy and the GDPR Simone Fischer-Hbner CC-BY-4.0

Basic Privacy Principles Introduction to Privacy and the GDPR Simone Fischer-Hbner CC-BY-4.0

Basic Privacy Principles Introduction to Privacy and the GDPR Simone Fischer-Hbner CC-BY-4.0 Basic Privacy Principles (part of OECD Privacy Guidelines & most Privacy/Data Protection Law s) Lawfullness of processing , e.g. by

296 views • 4 slides
Countering Terrorism through Information and Privacy Protection Technologies Robert Popp, John

Countering Terrorism through Information and Privacy Protection Technologies Robert Popp, John

Terrorism Information Technology Privacy Countering Terrorism through Information and Privacy Protection Technologies Robert Popp, John Poindexter IEEE Security & Privacy, vol. 4, no. 6, Nov.-Dec. 2006 1 / 10 Terrorism Information

376 views • 14 slides
Protecting patient confidentiality in research: the Scottish landscape Janet Murray Caldicott

Protecting patient confidentiality in research: the Scottish landscape Janet Murray Caldicott

Protecting patient confidentiality in research: the Scottish landscape Janet Murray Caldicott Guardian ISD Outline National data and SHIP Information governance The Scottish structures Legal NHS Scotland policy

327 views • 17 slides
The EU is coming to get you New risks for US businesses targeting Europe and exploding some EU

The EU is coming to get you New risks for US businesses targeting Europe and exploding some EU

The EU is coming to get you New risks for US businesses targeting Europe and exploding some EU data privacy myths Stephen Groom BAA Chicago 7 November 2014 osborneclarke.com What is this deck about? Exploding four myths around US

321 views • 17 slides
General Data Protec-on Regula-on Based on the Pinsent Mason Paper New Features of the GDPR

General Data Protec-on Regula-on Based on the Pinsent Mason Paper New Features of the GDPR

General Data Protec-on Regula-on Based on the Pinsent Mason Paper New Features of the GDPR Accountability measures: GDPR requires compliance and evidence of compliance: documented policies and procedures, records of consents etc.

355 views • 9 slides
Privacy Policy This privacy policy sets out how the Talking Slides Ltd websites use and protect

Privacy Policy This privacy policy sets out how the Talking Slides Ltd websites use and protect

Privacy Policy This privacy policy sets out how the Talking Slides Ltd websites use and protect any information that you provide when you use this website. Talking Slides Ltd is committed to ensuring that your privacy is protected. Should we ask

164 views • 4 slides
Supporting Better Care Fund resubmissions Risk Stratification and information governance Webinar

Supporting Better Care Fund resubmissions Risk Stratification and information governance Webinar

Supporting Better Care Fund resubmissions Risk Stratification and information governance Webinar 28 August 2014 CONFIDENTIAL AND PROPRIETARY Overview of webinars Several webinars will be held across 3 topics over the next 3 weeks; Todays

905 views • 43 slides
Privacy & Data Protection Laws Overview and History Introduction to Privacy and the GDPR

Privacy & Data Protection Laws Overview and History Introduction to Privacy and the GDPR

Privacy & Data Protection Laws Overview and History Introduction to Privacy and the GDPR Simone Fischer-Hbner CC-BY-4.0 Privacy Legislation - History 1950 Art. 8 ECHR: Everyone has the right to respect for his private and family

413 views • 4 slides
GDPR Leyla Hannbeck MRPharmS, MBA, MSc, MA NPA Chief Pharmacist and Director of Pharmacy Why do

GDPR Leyla Hannbeck MRPharmS, MBA, MSc, MA NPA Chief Pharmacist and Director of Pharmacy Why do

Revalidation and GDPR Leyla Hannbeck MRPharmS, MBA, MSc, MA NPA Chief Pharmacist and Director of Pharmacy Why do we have a new revalidation framework? Public expectations Encourage reflection on learning and practice Increase the focus on

888 views • 65 slides
An Improved Data Stream Summary: The Count-Min Sketch and its Applications Graham Cormode,

An Improved Data Stream Summary: The Count-Min Sketch and its Applications Graham Cormode,

An Improved Data Stream Summary: The Count-Min Sketch and its Applications Graham Cormode, DIMACS graham@dimacs.rutgers.edu S. Muthukrishnan, Rutgers muthu@cs.rutgers.edu 1 Data Streams Data is growing fast faster than our ability

200 views • 17 slides

More recommend