Introduction to BiometricsOutlineSome Privacy concernsData Mining as a Threat to PrivacySome Privacy Problems and Potential SolutionsPrivacy Preserving Data MiningPrivacy ControllerSemantic Model for Privacy ControlPlatform for Privacy Preferences (P3P): What is it?Platform for Privacy Preferences (P3P): Key PointsPlatform for Privacy Preferences (P3P): OrganizationsPlatform for Privacy Preferences (P3P): SpecificationsPlatform for Privacy Preferences (P3P): Specifications (Concluded)P3P and Legal IssuesChallenges and DiscussionBiometrics and PrivacyRelationship: Biometrics and PrivacyHIPPA and BiometricsPrivacy Concerns Associated with Biometric DeploymentsInformational PrivacyPersonal PrivacyPrivacy Sympathetic Qualities of Biometric SystemsApplication Specific Privacy RisksBioPrivacy FrameworkBioPrivacy Framework (Concluded)Risk RatingsBiometrics for Private Data Sharing?Introduction to BiometricsDr. Bhavani ThuraisinghamThe University of Texas at DallasLecture #19Biometrics and Privacy - IOctober 31, 2005OutlineOverview of PrivacyBiometrics and PrivacySome Privacy concernsMedical and Healthcare-Employers, marketers, or others knowing of private medical concernsSecurity-Allowing access to individual’s travel and spending data-Allowing access to web surfing behaviorMarketing, Sales, and Finance-Allowing access to individual’s purchasesBiometrics-Biometric technologies used to violate privacyData Mining as a Threat to PrivacyData mining gives us “facts” that are not obvious to human analysts of the dataCan general trends across individuals be determined without revealing information about individuals?Possible threats:-Combine collections of data and infer information that is private Disease information from prescription dataMilitary Action from Pizza delivery to pentagonNeed to protect the associations and correlations between the data that are sensitive or privateSome Privacy Problems and Potential SolutionsProblem: Privacy violations that result due to data mining-Potential solution: Privacy-preserving data miningProblem: Privacy violations that result due to the Inference-Inference is the process of deducing sensitive information from the legitimate responses received to user queries-Potential solution: Privacy Constraint ProcessingProblem: Privacy violations due to un-encrypted data-Potential solution: Encryption at different levelsProblem: Privacy violation due to poor system design-Potential solution: Develop methodology for designing privacy-enhanced systemsProblem: Privacy violation due to Biometrics systems-Privacy sympathetic BiometricsPrivacy Preserving Data MiningPrevent useful results from mining -Introduce “cover stories” to give “false” results -Only make a sample of data available so that an adversary is unable to come up with useful rules and predictive functionsRandomization-Introduce random values into the data and/or results-Challenge is to introduce random values without significantly affecting the data mining results-Give range of values for results instead of exact valuesSecure Multi-party Computation-Each party knows its own inputs; encryption techniques used to compute final resultsPrivacy ControllerUser Interface ManagerConstraintManagerPrivacy ConstraintsQuery Processor:Constraints during query and release operationsUpdate Processor:Constraints during update operationDatabase Design ToolConstraints during database design operationDatabaseDBMSSemantic Model for Privacy ControlPatient JohnCancerInfluenzaHas diseaseTravels frequentlyEnglandaddressJohn’s addressDark lines/boxes containprivate informationPlatform for Privacy Preferences (P3P): What is it?P3P is an emerging industry standard that enables web sites to express their privacy practices in a standard formatThe format of the policies can be automatically retrieved and understood by user agentsIt is a product of W3C; World wide web consortiumwww.w3c.orgMain difference between privacy and security-User is informed of the privacy policies- User is not informed of the security policiesPlatform for Privacy Preferences (P3P): Key PointsWhen a user enters a web site, the privacy policies of the web site is conveyed to the userIf the privacy policies are different from user preferences, the user is notifiedUser can then decide how to proceedUser/Client maintains the privacy controller-That is, Privacy controller determines whether an untrusted web site can give out public information to a third party so that the third party infers private informationPlatform for Privacy Preferences (P3P): OrganizationsSeveral major corporations are working on P3P standards including:-Microsoft-IBM-HP-NEC-Nokia-NCRWeb sites have also implemented P3PSemantic web group has adopted P3PPlatform for Privacy Preferences (P3P): SpecificationsInitial version of P3P used RDF to specify policiesRecent version has migrated to XMLP3P Policies use XML with namespaces for encoding policiesExample: Catalog shopping-Your name will not be given to a third party but your purchases will be given to a third party-<POLICIES xmlns = http://www.w3.org/2002/01/P3Pv1><POLICY name = - - - -</POLICY></POLICIES>Platform for Privacy Preferences (P3P): Specifications (Concluded)P3P has its own statements a d data types expressed in XMLP3P schemas utilize XML schemasXML is a prerequisite to understanding P3PP3P specification released in January 2005 uses catalog shopping example to explain conceptsP3P is an International standard and is an ongoing projectP3P and Legal IssuesP3P does not replace lawsP3P work together with the lawWhat happens if the web sites do no honor their P3P policies-Then appropriate legal actions will have to be takenXML is the technology to specify P3P policiesPolicy experts will have to specify the policiesTechnologies will have to develop the specificationsLegal experts will have to take actions if the policies are violatedChallenges and DiscussionTechnology alone is not sufficient for privacyWe need technologists, Policy expert, Legal experts and Social scientists to work on PrivacySome well known people have said ‘Forget about privacy”Should we pursue working on Privacy?-Interesting research problems-Interdisciplinary research-Something is better than nothing-Try to prevent privacy violations-If violations occur then prosecutePrivacy is a major
View Full Document
Unlocking...