A Policy Based Infrastructurefor Social Data Access

with Privacy GuaranteesTim Finin (UMBC) for:

Palanivel Kodeswaran (UMBC) Evelyne Viegas (Microsoft Research)

POLICY 2010, Fairfax VA21 July 2010

http://ebiquity.umbc.edu/paper/html/id/493/

Connected Data• We “leave” our digital

footprints online in discussion forums, social networks, web searches

• Copying and sharing Data is easy

• Users have no control over how their data is used and inferences that can be made based on their data

Personalization

Garden Veggie with minimal

cheese

Personalization?

That’s not enough running!!

Sub: Insurance RenewalDear John,In reviewing your record, we have decided to increase your premium to better serve your needs and that of your family.

User Control over Private Data

There is a need for a framework in which users can specify their privacy preferences in terms of who can access their data and how it can be used

Sticky Policy

Phone Number

Phone number can be used for emergency contact

Phone number can’t be used for marketing

Data Sharing for Scientific Research

• Large amounts of Data behind closed walls – Medical data, search data, finance data

• Trend continues with user generated data as well– Facebook, Health Vault

• Researchers can benefit from access to this data– User trends, epidemiology models, search ranking– Most research can be performed with aggregate data

• But remember the AOL fiasco

Policy Based Infrastructure

We’ve describe a policy-based infrastructure that– Allows users to specify who can access what and

why – Adds additional access modes for releasing data

at different granularities– Extends the traditional binary semantics of

access control viz. allow/deny with emerging privacy preserving analysis techniques

Complete Access

Facebook FriendsHealth Vault Custodian & Invitee

Picture from [ars]

Access to the complete and detailed data

Abstract Access

Financial Websites like Covester allow sharing abstract portfolio information

Google Latitude for location information

Picture from [gpsobsessed]

Access to data encoded using more general,abstract concepts, e.g., in Baltimore asopposed to at given lat-lon coordinates

Statistical AccessUser trends in search data using differential privacy

The number of distinct users searching over the duration of a day at different epsilon levels

C. Dwork, Differential privacy, Int. Col. Automata, languages and programming, pp. 1-12, Springer, 2006.

Example Policies

Alice says ?Bob can readCompleteAccess /MyHealth

if ?Bob is PrimaryPhysician

Alice says ?Bob can readAbstractAccess /MyFinance

if ?Bob is InvestorFriend

MS says ?Bob can readStatisticalAccess /SearchData

if ?Bob is Researcher