Transcript Getting a grip on anonymity

Anonymity - Background

Prof. Newman, instructor

CSE-E346

352-505-1579 (don’t leave message)

Office Hours (tentative): 10-noon TR

[email protected] - subject: Anon ...
Topics

Defining anonymity

Defining privacy

Need for anonymity

Threats to anonymity and privacy

Mechanisms to provide anonymity

Applications of anonymity technology
Reading

Read Pfitzman & Waidner

Read Chaum Mix paper

Start discussion of these Friday

Reading list (approximate) on web page
Anonymity - Beginnings




Early (pre-computer) uses for social reasons
(ability to act more freely, have work accepted
without prejudice, etc.)
Traffic analysis an issue prior to computers
(e.g., Bodyguard of Lies)
Computer TAP solvable with cryptography
With public-key cryptography, theoretical
possibility for anonymity and pseudonymity
Exercise

Take 2 minutes to think about anonymity.

Answer these questions in writing:

What is anonymity?

How is it related to privacy?



Give examples of need for anonymity (aiming at
volume here)
Get into groups of 2-3 and share your answers

Try to arrive at a joint definition or agree to disagree

Add to your list of examples
Share your responses with the class
What is Anonymity

Literally, lacking a name (a + onyma)

Unidentifiability

Inability to attribute artifact or actions

Related to privacy - how?
Topics

Defining anonymity

Defining privacy

Need for anonymity

Threats to anonymity and privacy

Mechanisms to provide anonymity

Applications of anonymity technology
Exercise

Take a minute or two to define privacy

Share with your neighbor(s)

Share with the class
What is Privacy?

Ability of an entity to control its own space

Physical space

Bodily space

Data space

Communication space

What else?
Exercise


What are examples of privacy in these spaces?

Physical space

Bodily space

Data space

Communication space
What other spaces can you think of?
Privacy Spaces

Physical space:


Bodily space:


identity, activity, status, records
Communication space:


medical consent, battery
Data space:


invasion, paparazzi, location (GPS)
email, Internet privacy, correspondents, phone #,
address, stalking, harassment
Overlap in spaces (e.g., location)
Topics

Defining anonymity

Defining privacy

Need for anonymity

Threats to anonymity and privacy

Mechanisms to provide anonymity

Applications of anonymity technology
Need for Privacy/Anonymity

Planning/execution in competition

Fundamental right – voting, celebrities

Philosophical necessity (free will)

Restarting when past can cripple

Statutory requirements (HIPAA, FISMA)

Liability issues – data release

Freedom/survival in repressive environments

Increasing pressure from technologies
Privacy/Anonymity Threats

Available surveillance technology

Identification technology

Increasing use of databases

Data mining

Identity theft

Increasing requirements for I&A

Increasing governmental desire for surveillance
Surveillance Facts




1.5 million CCTV cameras installed in UK post
911 – Londoner on camera ~300 times a day
http://epic.org/privacy/surveillance/
Face recognition software used in Tampa for
Superbowl
5000 public surveillance cameras known in DC
Home and work zipcodes give identity in 5% of
cases in US http://33bits.org/tag/anonymity/
Homework

Count number of video cameras you encounter
all day for one day.

Record locations, submit when Canvas up.

Tally total, share total with class Friday.
Data Reidentification





Even ”scrubbed” data can be re-identified
Characteristics within the data (e.g., word
usage in documents)
Intersection attacks on k-anonymized database
set releases
Use of known outside data in combination with
released data
Data mining – higher dimensional space gives
greater specificity!
Exercise

What are legitmate limitations on anonymity?

Write down 1-2 of these

Share with neighbor

Share with class
Limitations on Anonymity

Accountability

Legal/criminal issues

Social expectations

Competing need for trust

Others?
Forms of Anonymity

Traffic Analysis Prevention

Sender, Recipient, Message Anonymity

Voter Anonymity

Pseudonymity

Revokable anonymity

Data anonymity
Anonymity Mechanisms

Cryptography

Steganography

Traffic Analysis Prevention (TAP)

Mixes, crowds

Data sanitization/scrubbing

k-anonymity