Security and Privacy: Are they

voltaireblingData Management

Nov 20, 2013 (3 years and 10 months ago)

103 views

Security and Privacy: Are they
Two Sides of the Same Coin?

Organizer: Lillie Coney, epic.org

Sherry Burs
-
Howard, The MITRE Corporation

Chris Clifton, Purdue University / CERIAS

David Farber, Professor Emeritus U. Penn.

I’m Chris Clifton, and

I Want Your Data!




Your Data is Valuable!


Health and Social Sciences Research


Market and Product Research


Personalization


Targeted marketing


Identity theft

Is it worth the risk to privacy?

Privacy


Security?

New Issues


Ownership of data


Often NOT the individual


But individual still has a say


Consent for use of data


By the
individual


For a specific purpose


Secondary use


May be “authorized user”


But only authorized for the right purpose

CPO ≠ CSO


Privacy shouldn’t be an add
-
on


We already have to fight this with Security


Compliance


Regulations vary by jurisdiction, type of data


HIPAA, FERPA, U.S. Persons, …


EC95/46


Enforcement happens


But without security, we don’t get privacy


Analysis of Private Data


Security technology
enables

safe analysis
of private data


I may want your data


But I only need analysis of the data

We need a vision for managing data about
individuals that recognizes this distinction


Privacy
-
Preserving Data Mining
Approaches (Outlier Detection)

Algorithm

Fasf


rewre


fdsdf = werewr


zxcv


dfs


sdfwe _ zxvc


qwe


xcv


sd = asdf


xcv


qwer

Sdffs


qwer

Xcv: wqer

Carl

3

6

2

Jessica

2

4

8

Chris

1

9

5

Dirk

4

8

2

Chris

8

4

Dirk

2

9

Carl

1

5

Jessica

3

4

. . .

Bank

Credit Card

Tom Terrorist:

4 2 5 6 8

Evaluate

Give the Algorithm

Get the Data

PPDM:


Randomization


Transformation


Anonymization


Secure Multiparty
Computation

2

Beneficial Use of Data


Dot
chart by Dr. James Snow showing deaths from
cholera in relation to the locations of public water pumps.


Observed that cholera occurred almost entirely among those
who lived near (and drank from) the Broad Street water
pump


Can we do this without risk to Privacy?


HIPAA Safe
-
Harbor
Anonymization

Anonymized Data


HIPAA Safe
-
Harbor De
-
Identified Data


Is it useful?

Name

Addr.

Birth

Sex

Diagnosis

479xx

56

F




479xx

67

M



479xx

78

M

Schizophrenic