E-Privacy - Privacy in the Electronic Society

Web page. http://www.zurich.ibm.com/~gka/ePrivacy/

Organization

Description
Privacy issues have been the subject of public debates since years. In particular, as new technologies are developed, they increasingly raise privacy concerns - the Web 2.0, wireless location-based services, and RFID chips are just a few examples. Thus, the need for privacy-aware policies, regulations, and techniques has been widely recognized by law makers, regulators, and the media. As a result, businesses are under pressure to draft privacy policies, chief privacy officers are becoming essential members of many organizations, and companies are taking pro-active steps to avoid the potential reputation damage of a privacy mistake. This course provides an in-depth look into privacy laws and regulations as well as into technologies for achieving privacy in an electronic world.

Prerequisites. Basic knowledge of cryptology is recommended to follow some of the topics of the course.

Tentative List of Topics

1. Laws and Regulations: Concepts of purpose, consent
2. Privacy Seals, Privacy Impact Analysis
3. Privacy Policies (P3P, DNT, ...)
4. Policy negotiation (APPEL)
5. Anonymity & Utility (k-anonymity, l-diversity, ...)
6. Privacy in RFID, Location-based Services, Social Networks
7. Anonymous Credentials
8. Encryption, Verifiable Encryption and Anonymous Communication

Announcements

• [Feb 22] Foils & exercise Lecture #1 uploaded.
• [Feb 29] Foils & exercise Lecture #2 uploaded.
• [Mar 4] Solution exercise #1 uploaded.
• [Mar 6] Foils Lecture #3 uploaded.
• [Mar 7] Exercise Lecture #3 uploaded.
• [Mar 13] Foils Lecture #4 uploaded.
• [Mar 15] Solution exercise #3 & exercise #4 uploaded.
• [Mar 20] Foils Lecture #5 uploaded.
• [Mar 26] See changed agenda.
• [Mar 27] Solution exercise #5 uploaded.
• [Apr 2] Foils Lecture A uploaded.
• [Apr 3] Foils Lecture B & exercise B uploaded.
• [Apr 4] Added paper on identity-mixer-schnorr.
• [Apr 17] Foils Lecture C uploaded.
• [May 22] Foils Lecture D uploaded.

Office consultation hours:

• by e-mail or before lecture

Course Material

Class Schedule

Cartoons

• Take Control of Your Personal Data EU Data protection brochure
• Doctor Fun
• Die neue schöne Welt der Überwachung
• An Interactive Map of Data Protection Laws Around the World

Interesting stuff

• Commission proposes new Data protection rules for the digital age
• Do not track - the key to online privacy Neelie Kroes, European Commisison, talks about proposals for a new "do-not-track" standard to put control in the hands of users and safeguard privacy when you're browsing online.
• Meglena Kuneva, Euopean Consumer Commissioner, Keynote Speech, Roundtable on Online Data Collection, Targeting and Profiling. Brussels, 31 March 2009

News from the Press

• Privacy Protections for Mobile App Users Pledged By Vendors By Serdar Yegulalp, Byte, February 22, 2012
• Researchers defeat video CAPTCHA antispam tests By Lucian Constantin, IDG News Service. February 21, 2012 09:20 AM ET
• Algorithm Uses Photo Networks to Reveal Your Hometown technology review, published by MIT. KFC 02/20/2012
• Mobile Apps Take Data Without Permission Nicole Perlroth and Nick Bilton, NYT, Feb 15, 2012
• EU to force social network sites to enhance privacy 'Right to be forgotten' would ensure users of Facebook and other sites could completely erase personal data. Leigh Phillips, guardian.co.uk, Wednesday 16 March 2011 17.38 GMT
• HIPAA Bares Its Teeth: $4.3m Fine For Privacy Violation by Paul Roberts, threatpost, February 23, 2011, 8:35AM
• "Dispute about the own picture" ("Streit um das eigene Bild" - in German) Swiss news 10vor10, 22.02.2011
• Facebook hebelt Schweizer Datenschutz-Bestimmungen aus Kassensturz, Dienstag, 27. April 2010, 17:37 Uhr, Aktualisiert 28.04.2010, 7:42 Uhr
• Opinion of the European Data Protection Supervisor on Promoting Trust in the Information Society by Fostering Data Protection and Privacy
• How Privacy Vanishes Online By Steve Lohr, The New York Times, March 16, 2010

Tools to play

• REB Wizard - A Tool for Assessing Re-identification Risk

• The Transparent Society, Brin, Perseus Books, 1998.
• In Pursuit of Privacy: Law, Ethics, and the Rise of Technology, DeCew, Cornell University Press, 1997.
• The Right to Privacy, Alderman and Kennedy, Random House, 1995.
• Anonymity, (Unlinkability,) Unobservability, Pseudonymity, and Identity Management - A (Consolidated) Proposal for Terminology

• Googling Security: How Much Does Google Know About You? Greg Conti, 2008.
• Privacy in Context: Technology, Policy, and the Integrity of Social Life Helen Nissenbaum, Stanford University Press, 2009
• The Privacy Payoff: How Successful Businesses Build Customer Trust. Cavoukian and Hamilton, McGraw-Hill Ryerson, 2002.
• Privacy by Design ... Take the Challenge Ann Cavoukian, 2009 (download the book)
• Web Privacy with P3P, L. Cranor, O'Reilly, 2002.
• Harmonizing Security and Privacy IBM Journal of Research and Development, Volume 53, Number 2, 2009.

[Camenisch, 2008]

J. Camenisch: The Camenisch-Lysyanskaya Private Credential System Explained, Work in Progress.

[BeCaLy0]

A. Bengerter, J. Camenisch and A. Lysyanskaya: A Cryptographic Framework for the Controlled Release Of Certified Data. In Twelfth International Workshop on Security Protocols 2004.

[Barth&Mitchell, 2005]

A. Barth and J.C. Mitchell: Enterprise pricavy Promises and Enforcement. WITS'05, 2005.

[Moores, 2005]

T. Moores: Do consumers understand the role of privacy seals in e-commerce? CACM 48(3) 86-91, 2005

[Hochheiser, 2004]

H. Hochheiser: The Platform for Privacy Preferences as a Social Protocol: An Examination Within the U.S. Policy Context. ACM Trans. on Internet Technology 2(4) 276-306, Nov. 2002.

[Molnar&Wagner, 2004]

D. Molnar and D. Wagner. Privacy and Security in Library RFID: Issues, Practices, and Architectures. In 11th ACM Conference on Computer and Communications Security (CCS), pages 210V219. ACM Press, 2004

[Juels et al, 2005]

A. Juels, D. Molnar, and D. Wagner: Security and Privacy Issues in E-passports. Cryptology ePrint Archive, Report 2005/095

[Agrawal et al, 2004]

R. Agrawal, R. Bayardo, C. Faloutsos, J. Kiernan, R. Rantzau, R. Srikant: Auditing Compliance with a Hippocratic Database, VDLB 2004

[Agrawal et al, 2002]

R. Agrawal, J. Kiernan, R. Srikant, Y. Xu: Hippocratic Databases, VDLB 2002

[LeFevere et al, 2004]

K. LeFevre, R. Agrawal, V. Ercegovac, R. Ramakrishnan, Y. Xu, D. DeWitt: Limiting Disclosure in Hippocratic Databases, VLDB 2004

[Asonov&Freytag, 2002]

D. Asonov, J.-C. Freytag: Almost Optimal Private Information Retrieval, PET 2002

[Agrawal&Srikant, 2000]

R. Agrawal, R. Srikant: Privacy-preserving Data Mining, SIGMOD 2000

[Samarati, 2001]

P. Samarati, Protecting Respondent's Privacy in Microdata Release, IEEE Transactions on Knowledge and Data Engineering, 13(6), 2001; 1010-1027.