Towards Modeling Singling Out
- Starts: 3:45 pm on Wednesday, October 3, 2018
- Ends: 5:00 pm on Wednesday, October 3, 2018
Data privacy laws—like HIPAA, FERPA, Title 13 in the US, and the GDPR in the EU—govern the use of sensitive personal information. They aim to delineate normative boundaries of appropriate use and impose steep penalties upon rule breakers. Conceptually, these laws are based on notions including personally-identifiable information, linkage, distinguishability, anonymization, and inference. Practically, adherence to these laws is often achieved using a variety of ad hoc privacy enhancing techniques, including $k$-anonymity, bucketing, rounding, pseudonymization, and swapping. It is becoming increasingly clear that these techniques are often inadequate for providing the privacy protection envisioned by these laws. New techniques for data privacy are being developed in industry, government, and the academy. But a significant conceptual gap still exists between legal and technical thinking around data privacy. This has resulted in uncertainty as to the which technical offerings are appropriate. MIT PhD candidate Aloni Cohen's research aims to address this uncertainty by translating between the legal and the technical.
In this Cyber Alliance discussion, Mr. Cohen will talk about his work with Prof. Kobbi Nissim, which suggests a formalization for the GDPR's notion of singling out. More specifically, they examine what it means for a data anonymization mechanism to ensure security against singling out in a data release. Ultimately, their goal is to be able to reason about whether certain classes of techniques (e.g., k-anonymity, differential privacy, pseudonymization) effectively prevent singling out attacks and to understand the strengths and weaknesses of the GDPR's protection against singling out more generally. As motivation for this work, Mr. Cohen will describe their successful attack as part of the world's first bug bounty challenge for anonymized data re-identification.
There will be time for casual conversation and light refreshments before and after the presentation. Please RSVP to tgabs@bu.edu.
In this Cyber Alliance discussion, Mr. Cohen will talk about his work with Prof. Kobbi Nissim, which suggests a formalization for the GDPR's notion of singling out. More specifically, they examine what it means for a data anonymization mechanism to ensure security against singling out in a data release. Ultimately, their goal is to be able to reason about whether certain classes of techniques (e.g., k-anonymity, differential privacy, pseudonymization) effectively prevent singling out attacks and to understand the strengths and weaknesses of the GDPR's protection against singling out more generally. As motivation for this work, Mr. Cohen will describe their successful attack as part of the world's first bug bounty challenge for anonymized data re-identification.
There will be time for casual conversation and light refreshments before and after the presentation. Please RSVP to tgabs@bu.edu.
- Location:
- Seminar Room, Hariri Institute for Computing, 111 Cummington Mall
- Link:
- http://www.bu.edu/law/faculty-and-staff/colloquia-workshops/cyber-alliance-speaker-series/