[PPT] - Privacy Issues and Data Protection in Technology Enhanced Learning PowerPoint Presentation

SLIDE 1

Privacy Issues and Data Protection in Technology Enhanced Learning

Seda Gürses COSIC, K.U. Leuven dataTEL 2011 Alpines Rendez-vous

1 Thursday, March 31, 2011

SLIDE 2

mendeley:
group: privacy and dataTEL
slides:
after talk:
http://www.esat.kuleuven.be/~sguerses/

talks.html

2

2 Thursday, March 31, 2011

SLIDE 3

utline
introduction to privacy notions
building systems that address privacy

concerns

privacy solutions
privacy and ethics
conclusion

3

3 Thursday, March 31, 2011

SLIDE 4

privacy?

what is privacy?
what are privacy requirements?
in security engineering: confidentiality

4

4 Thursday, March 31, 2011

SLIDE 5

nline social networks (SNS)

5

5 Thursday, March 31, 2011

SLIDE 6

nline social networks

6

6 Thursday, March 31, 2011

SLIDE 7

privacy data protection

non-absolute relational contextual

pacity of the individual

procedural safeguards

accountability

transparency personal data

7

7 Thursday, March 31, 2011

SLIDE 8

sousveillance

surveillance

dataveillance

covaillance

cumulative disadvantage

8 Thursday, March 31, 2011

SLIDE 9

data protection

notice and consent

purpose and proportionality

subject acces rights data disclosure

9

9 Thursday, March 31, 2011

SLIDE 10

how do we deal with these issues when

developing systems?

specifically: during requirements engineering

10

10 Thursday, March 31, 2011

SLIDE 11

multilateral privacy requirements engineering

reconcile:
privacy notions (legal & surveillance studies)
privacy solutions (computer science)
in a social context (dataTEL contexts)
multilaterally
during requirements engineering

11

11 Thursday, March 31, 2011

SLIDE 12

privacy requirements definition

12

lack of universality lack of satisfiability subjectivity legal compliance contrivability environmental factors counter - factuality temporality agonism negotiability

12 Thursday, March 31, 2011

SLIDE 13

multilateral privacy requirements engineering

reconcile:
privacy notions (legal & surveillance studies)
privacy solutions (computer science)
in a social context (dataTEL contexts)
multilaterally
during requirements engineering

13

13 Thursday, March 31, 2011

SLIDE 14

solutions from privacy research

14

data confidentiality anonymous communications PPDM/PPDP IDMS Differential Privacy Privacy Policy Languages Feedback and Awareness Systems

14 Thursday, March 31, 2011

SLIDE 15

privacy research paradigms

15

privacy as confidentiality the right to be let alone.

Warren & Brandeis (1890) hiding information and identity

15 Thursday, March 31, 2011

SLIDE 16

privacy research paradigms

16

privacy as confidentiality the right to be let alone.

Warren & Brandeis (1890) hiding information and identity

privacy as control

separation of identities, data protection principles right of the individual to decide what information about himself should be communicated to

thers and under what
circumstances. (Westin 1970)

16 Thursday, March 31, 2011

SLIDE 17

privacy research paradigms

17

privacy as confidentiality the right to be let alone.

Warren & Brandeis (1890) hiding information and identity

privacy as control

separation of identities, data protection principles right of the individual to decide what information about himself should be communicated to

thers and under what
circumstances. (Westin 1970)

privacy as practice

the freedom from unreasonable constraints on the construction of

ne’s own identity (Agre, 1999)

transparency and feedback

17 Thursday, March 31, 2011

SLIDE 18

privacy research paradigms

18

privacy as confidentiality

hiding information and identity

privacy as control

separation of identities, data protection principles

privacy as practice

transparency and feedback

18 Thursday, March 31, 2011

SLIDE 19

privacy as confidentiality

19

19 Thursday, March 31, 2011

SLIDE 20

main concerns

centralized databases
do not provide identifiable information
provide as little information as possible
minimize collection of any data
minimize data used for processing
control
hard security
nly communication partner receives information
if at all: trust and risks are minimized

20

20 Thursday, March 31, 2011

SLIDE 21

21

Anonymizers

(main concept)

21 Thursday, March 31, 2011

SLIDE 22

22

Anonymizers

(the model)

observer (adversary)
does not know who is communicating with whom
probabilistic models
varying degrees of anonymity:
entropy base metrics
users traces delinked from identity

22 Thursday, March 31, 2011

SLIDE 23

DB ANONYMIZATION

PPDP - PPDM
basic idea:
in the database individuals no longer

uniquely identifiable

keep the utility of the data
economic / dp approach
k-anonymity

23

23 Thursday, March 31, 2011

SLIDE 24

24

24 Thursday, March 31, 2011

SLIDE 25

privacy as confidentiality

25

25 Thursday, March 31, 2011

SLIDE 26

anonymization fail!

Narayanan and Shmatikov (2010) show that:
you can always link disparate information

sources and identify individuals

so, what’s with personal data?
and with data protection?
differential privacy...
very theoretical interactive privacy preserving

querying system

26

26 Thursday, March 31, 2011

SLIDE 27

dataTEL and confidentiality

if you want anonymous access to your

systems

anonymous communications
future research: usability issues
if you want anonymization
check out anonymization methods
interesting for dp compliance (only)

27

27 Thursday, March 31, 2011

SLIDE 28

dataTEL and confidentiality

if you want controlled access to your

dataset

future research: differential privacy model
e.g., Dwork 2009
secure multi party computation
e.g., Erkin et al. (2011)
encrypt user ratings
process them under encryption

28

28 Thursday, March 31, 2011

SLIDE 29

privacy as practice?

29

29 Thursday, March 31, 2011

SLIDE 30

make data practices transparent
allow users to individually and collectively

affect the flows of information

privacy is a social decision
trade off model misleading
including your user models?
research methods?

30

30 Thursday, March 31, 2011

SLIDE 31

feedback and awareness
social translucence
Erickson and Kellogg 2003
identity mirror, privacy mirror
individual transparency not enough
what can we say about the observed

population/groups?

31

31 Thursday, March 31, 2011

SLIDE 32

attacks on machine learning algorithms
Barreno et al. 2008
Dutrisac and Skillicorn 2008

32

32 Thursday, March 31, 2011

SLIDE 33

privacy as practice?

33

33 Thursday, March 31, 2011

SLIDE 34

users may want to be open to negotiating

data collection, processing, distribution

but how about dataTEL researchers?
who defines the process of negotiation?
what are good practices?

34

34 Thursday, March 31, 2011

SLIDE 35

privacy or ethics

Carusi, 2008
anonymization is not a panacea

35

information

representation

35 Thursday, March 31, 2011

SLIDE 36

privacy or ethics

36

isomorphism

naturalism

constructionism interactionism

36 Thursday, March 31, 2011

SLIDE 37

privacy or ethics

37

isomorphism

naturalism

constructionism interactionism

data subjects concerns researcher concerns

37 Thursday, March 31, 2011

SLIDE 38

privacy or politics

reflect on cumulative disadvantage
prediction becomes self-fulfilling prophecy
who are you observing?
disadvantaged groups
groups unlikely to articulate their rights
who wants your data?
university, law enforcement, employers

38

38 Thursday, March 31, 2011

SLIDE 39

lessons for dataTEL

privacy is not just confidentiality or compliance
compliance is “easy” and boring
future research
develop privacy practices
you can define the field
effects for used methodologies
the dataTEL privacy challenge may change the

way you do research

39

39 Thursday, March 31, 2011