120 likes | 275 Views
Report to the President Big Data and Privacy: A Technological Perspective. President’s Council of Advisors on Science and Technology May 2014. Part Two: Privacy. IS 376 October 16, 2014. message from to. message from to. message from to. Encryption.
E N D
Report to the President Big Data and Privacy: A Technological Perspective President’s Council of Advisors on Science and Technology May 2014 Part Two: Privacy IS 376 October 16, 2014
message from to message from to message from to Encryption Networks are set up to send messages right past stations that aren’t authorized to read them, but what’s to prevent such unauthorized viewing? The most common solution to this problem is encryption, where the message is coded in such a way that only the receiving station can decode it. IS 376 October 16, 2014 Page 2 Big Data: Privacy
Chucky amnsgfyddkd Dracula dbriugndlwg Freddy hgwdnchsgsh Jason hwbsgcydhzx Fire bad! Friend good! xsjb2dhdkWb$xzdund&hsnqabi?dsjsg% 1. Create Message 2. Look Up Recipient’s Public Key 3. Encrypt Message With Recipient’s Public Key 4. Transmit Encrypted Message Across Network Fire bad! Friend good! xsjb2dhdkWb$xzdund&hsnqabi?dsjsg% 5. Decrypt Message With Recipient’s Private Key Public-Key Encryption IS 376 October 16, 2014 Page 3 Big Data: Privacy
message fromto message from to Authentication How can a receiving station be sure that a received message came from the specified source? The most common solution to this problem is authentication, where the message is coded in a way that only the real sending station could have accomplished. IS 376 October 16, 2014 Page 4 Big Data: Privacy
Be careful when you remove those bandages, dude. They’ll rip the hair right off your skin! Ma3ndhvyr#bcjaqwpfQkguiorkfohskxi8vce%fpgkjfhikfvdamxxyemfideychssfhsgdhahdm$dlglyn7buchso 2. Encrypt Message With Sender’s Private Key 1. Create Message 3. Transmit Encrypted Message Be careful when you remove those bandages, dude. They’ll rip the hair right off your skin! Ma3ndhvyr#bcjaqwpfQkguiorkfohskxi8vce%fpgkjfhikfvdamxxyemfideychssfhsgdhahdm$dlglyn7buchso 4. Decrypt Message With Sender’s Public Key Key-Based Authentication IS 376 October 16, 2014 Page 5 Big Data: Privacy
&sadbs1kfbadaaaprfdgh9sijchzjzj%ndmsdnds4zzp Tsg#dfj4fudbszvdh?wgfdjed8sdkjfi Tsg#dfj4fudbszvdh?wgfdjed8sdkjfi I’m shopping for a doll for my younguns! 2. Encrypt Message With Sender’s Private Key 5. Decrypt Message With Recipient’s Private Key 1. Create Message 3. Encrypt Message With Recipient’s Public Key 4. Transmit Doubly Encrypted Message I’m shopping for a doll for my younguns! &sadbs1kfbadaaaprfdgh9sijchzjzj%ndmsdnds4zzp 6. Decrypt Message With Sender’s Public Key Symmetric Ciphers Ensure privacy and authentication via double encryption! IS 376 October 16, 2014 Page 6 Big Data: Privacy
Notice and Consent The most common approach to ensuring privacy on the Web, “Notice and Consent” gives users “notice” that what they are about to do (installing software, accessing data, etc.) constitutes their “consent” that their privacy be violated. IS 376 October 16, 2014 Page 7 Big Data: Privacy
Anonymization Efforts to anonymize data by excluding those data fields that are considered directly tied to an individual have met with questionable success. The Personal Genome Project (PGP) was designed to accumulate and publicly display DNA information, behavioral traits, medical conditions, physical characteristics, and environmental factors of thousands of volunteers in an effort to aid researchers in establishing correlations between certain traits and treatments in personalized medicine. PGP Data Voter Registration Data Name Medications Address Birth Date Birth Date Birth Date Party Affiliation Diagnoses Gender Gender Gender Date Registered Zip Code Zip Code Zip Code Procedures When cross-checked against voter registration records, anonymized PGP volunteers were correctly identified 84% of the time. IS 376 October 16, 2014 Page 8 Big Data: Privacy
Non-Retention One mechanism for ensuring privacy has been to delete data after a certain period of time, but such restrictions are increasingly difficult to enforce technologically. Snapchat is a photo messaging application designed to allow users to send photos that will only be available TO RECIPIENTS FOR A FEW SECONDS. Various new applications (such as Snap-Save) have become available that permit recipients to save snaps permanently without informing the sender. To help ensure privacy, Snapchat notifies the user when a recipient takes a screenshot of the received image. IS 376 October 16, 2014 Page 9 Big Data: Privacy
Context & Use The President’s Council of Advisors on Science and Technology advocate less emphasis on restricting the collection of data and more on restricting its use. Virtru allows users to send encrypted e-mail and attachments. Users may revoke messages, restrict forwarding, and add expirations. Administrative functions allow the sender to see how and where information has traveled. IS 376 October 16, 2014 Page 10 Big Data: Privacy
Accountability As an example of restricting data use rather than data collection, the Fair Credit Reporting Act is a federal law that regulates the use of consumer credit information. • Credit bureaus may provide information only to those with a legitimate need, such as when the consumer has made an application to a creditor, a landlord, or an insurer. • Credit bureaus are required to provide consumers with any information they have about the consumers and to verify the accuracy of information disputed by a consumer. • Credit bureaus may not retain negative information for an excessive period of time, seven years for late payments and ten years for bankruptcies. • Credit bureaus may not give out information to an employer or a potential employer without the consumer’s written consent. • Under an amendment to the FCRA, consumers are able to receive one free credit report per year. IS 376 October 16, 2014 Page 11 Big Data: Privacy
Consumer Privacy Bill of Rights The purpose of the Consumer Privacy Bill of Rights is to deter Internet companies from indiscriminate collection of personal information for targeted ads. In response, Internet companies such as Mozilla, Google, Microsoft, Yahoo!, and AOL promised to provide a "do not track" mechanism so that customers can choose whether they want to participate in online behavioral advertising. The Obama Administration encouraged Congress to grant the Federal Trade Commission the authority to enforce each element of the Consumer Privacy Bill of Rights. IS 376 October 16, 2014 Page 12 Big Data: Privacy