Information privacy

Information privacy is the relationship between the collection and dissemination of data, technology, the public expectation of privacy, contextual information norms, and the legal and political issues surrounding them. It is also known as data privacy or data protection. Data privacy is challenging since attempts to use data while protecting an individual's privacy preferences and personally identifiable information. The fields of computer security, data security, and information security all design and use software, hardware, and human resources to address this issue. Authorities Laws Authorities by country Information types Various types of personal information often come under privacy concerns. Cable television This describes the ability to control what information one reveals about oneself over cable television, and who can access that information. For example, third parties can track IP TV programs someone has watched at any g

About this result

This page is automatically generated and may contain information that is not correct, complete, up-to-date, or relevant to your search query. The same applies to every other page on this website. Please make sure to verify the information with EPFL's official sources.

Related publications

Related people

Related units

Related concepts

Related courses

Related lectures

Summary

Official source

About this result

Related publications (99)

Related publications

Related people (19)

Related people

Related units (7)

Related units

Related concepts (47)

Related concepts

Related courses (27)

Related courses

Related lectures (62)

Related lectures

CS-523: Advanced topics on privacy enhancing technologies

This advanced course will provide students with the knowledge to tackle the design of privacy-preserving ICT systems. Students will learn about existing technologies to prect privacy, and how to evaluate the protection they provide.

COM-405: Mobile networks

This course provides a detailed description of the organization and operating principles of mobile and wireless communication networks.

COM-402: Information security and privacy

This course provides an overview of information security and privacy topics. It introduces students to the knowledge and tools they will need to deal with the security/privacy challenges they are likely to encounter in today's Big Data world. The tools are illustrated with relevant applications.

General Data Protection Regulation

The General Data Protection Regulation (Regulation (EU) 2016/679, abbreviated GDPR) is a European Union

Privacy law

Privacy law is the body of law that deals with the regulating, storing, and using of personally identifiable information, personal healthcare information, and financial information of individuals, whi

Privacy

Privacy (UK, US) is the ability of an individual or group to seclude themselves or information about themselves, and thereby express themselves selectively. The domain of privacy partially overlaps

Location Privacy-Preserving Mechanisms (LPPMs) in the literature largely consider that users' data available for training wholly characterizes their mobility patterns. Thus, they hardwire this information in their designs and evaluate their privacy properties with these same data. In this paper, we aim to understand the impact of this decision on the level of privacy these LPPMs may offer in real life when the users' mobility data may be different from the data used in the design phase. Our results show that, in many cases, training data does not capture users' behavior accurately and, thus, the level of privacy provided by the LPPM is often overestimated. To address this gap between theory and practice, we propose to use blank-slate models for LPPM design. Contrary to the hardwired approach, that assumes known users' behavior, blank-slate models learn the users' behavior from the queries to the service provider. We leverage this blank-slate approach to develop a new family of LPPMs, that we call Profile Estimation-Based LPPMs. Using real data, we empirically show that our proposal outperforms optimal state-of-the-art mechanisms designed on sporadic hardwired models. On non-sporadic location privacy scenarios, our method is only better if the usage of the location privacy service is not continuous. It is our hope that eliminating the need to bootstrap the mechanisms with training data and ensuring that the mechanisms are lightweight and easy to compute help fostering the integration of location privacy protections in deployed systems.

IEEE COMPUTER SOC2019

Logistic regression over encrypted data from fully homomorphic encryption

Hao Chen, Zhicong Huang

Background: One of the tasks in the 2017 iDASH secure genome analysis competition was to enable training of logistic regression models over encrypted genomic data. More precisely, given a list of approximately 1500 patient records, each with 18 binary features containing information on specific mutations, the idea was for the data holder to encrypt the records using homomorphic encryption, and send them to an untrusted cloud for storage. The cloud could then homomorphically apply a training algorithm on the encrypted data to obtain an encrypted logistic regression model, which can be sent to the data holder for decryption. In this way, the data holder could successfully outsource the training process without revealing either her sensitive data, or the trained model, to the cloud. Methods: Our solution to this problem has several novelties: we use a multi-bit plaintext space in fully homomorphic encryption together with fixed point number encoding; we combine bootstrapping in fully homomorphic encryption with a scaling operation in fixed point arithmetic; we use a minimax polynomial approximation to the sigmoid function and the 1-bit gradient descent method to reduce the plaintext growth in the training process. Results: Our algorithm for training over encrypted data takes 0.4-3.2 hours per iteration of gradient descent. Conclusions: We demonstrate the feasibility but high computational cost of training over encrypted data. On the other hand, our method can guarantee the highest level of data privacy in critical applications.

BMC2018

Privacy-Enhancing Technologies for Mobile Applications and Services

Thi Van Anh Pham

Over a third of the world's population owns a smartphone. As generic computing devices that support a large and heterogeneous collection of mobile applications (apps), smartphones provide a plethora of functionalities and services to billions of users. But the use of these mobile apps and services often introduces privacy risks for users. First, app developers often fail to take into account the fact that as smartphones are generic computing devices, they do not provide adequate privacy and security guarantees for certain types of apps (e.g., those that collect and process sensitive data). As a result, new security and privacy threats are introduced by such apps. Second, due to the lack of privacy by design, apps often over-collect information about users, and can misuse the collected data. Our goal in this thesis is to identify privacy risks in mobile apps and services, and to design privacy-enhancing technologies to mitigate the identified threats. To broaden the impact of our research efforts, we focus on popular apps and services that are currently used by millions of users, and potentially by billions in the future. These include three use-cases: (mobile-health) mHealth apps, ride-hailing services, and activity-tracking services. First, in the case of mHealth apps, we find that the Android operating system allows apps to easily fingerprint and identify other apps installed on the same phone. This causes privacy problems for mHealth apps, because the presence of an mHealth app can already reveal the medical conditions of its users. We investigate the apps' ability to fingerprint other apps and present HideMyApp, a practical system for hiding the presence of sensitive apps on Android. HideMyApp works on stock Android, and no firmware modification or root privilege is required. Second, in ride-hailing services (e.g., Uber), to use the services, riders have to share their pick-up and drop-off locations with service providers. Consequently, the service providers can infer sensitive information about riders' activities (e.g., their visits to health clinics). Therefore, we propose ORide, a privacy-preserving ride-hailing service that efficiently supports the anonymous matching of riders and drivers. Also, ORide still supports functionalities that are often considered as important as privacy, including accountability, payment and reputation-rating operations. Third, in activity-tracking services (e.g., RunKeeper), users report their location-based activities to service providers and obtain rewards based on their performance. However, from the location traces, the service providers can infer sensitive information about the users, e.g., their home/work addresses. Also, to obtain better rewards, the users might try to falsely report their activities to the service providers. Therefore, we propose SecureRun, a solution that enables service providers to compute accurate activity summaries of the users, while guaranteeing the users' location privacy vis-a-vis the service providers. In short, in this thesis, we identify privacy risks in popular mobile apps and services. We show that it is possible to provide them with added privacy, while preserving their rich functionality and usability. We are confident that the contributions presented in this thesis will inspire more future work on protecting users' privacy, not only in the context of mobile apps and services, but also in many other contexts brought about by new technological advances.

EPFL2019