Beyond Secrecy

National Science Foundation
Cybertrust PI meeting

29-30 January 2007
Atlanta, Georgia

Daniel J. Weitzner
Decentralized Information Group
MIT Computer Science and Artificial Intelligence Laboratory

These slides:


1. The advancing privacy challenge

2. Assuming state-of-the art research succeeds, then what...

3. Aligning technology research agenda with privacy's progress

Privacy Challenges in the Web's first decade

AT&T TSD 3600 gmail

Characteristics of Today's Privacy Challenge

  1. Lots of personal information data
  2. held by lots of parties
  3. huge increase in analytic capacity and data integration techniques
  4. little time and attention to manage uses
  5. unclear rules when data crosses boundaries

Privacy Sensitive Data Mining

Goal: construct data base protocol that limits information access according to a formal definition of privacy

Privacy Definition: indistinguishability of the individual from the community

Method: measures epsilon-indistinguishability of a database query transcript

Differential Privacy, Cynthia Dwork, 33rd International Colloquium on Automata, Languages and Programming, ICALP 2006, Part II, pp. 1–12, 2006.

k-anonymity work

Questions upon the Success of Privacy Sensitive Data Mining

A privacy-safe zone: Privacy sensitive data mining establishes a boundary, which, if respected, assures no privacy risk to the individual.

  1. how do you know that data usage remains within the privacy-safe zone:
    • over time?
    • across an institution?
  2. what legal rules outside the privacy-safe zone?

question 1 - requires new system design

question 2 - requires new policy making in response to technical change

4th Amendment Perspective on Technology Change

Historical foundation:

"Ways may some day be developed by which the Government, without removing papers from secret drawers, can reproduce them in court, and by which it will be enabled to expose to a jury the most intimate occurrences of the home.... Can it be that the Constitution affords no protection against such invasions of individual security?"
Olmstead v. United States, 277 U.S. 438, 467 (1928) (Brandeis, J., dissenting)

Modern response:

It would be foolish to contend that the degree of privacy secured to citizens by the Fourth Amendment has been entirely unaffected by the advance of technology.... Where, as here, the Government uses a device that is not in general public use, to explore details of the home that would previously have been unknowable without physical intrusion, the surveillance is a “search” and is presumptively unreasonable without a warrant. "
Kyllo v. United States. 533 U.S. 27 (2001) (Scalia, J.)
"[T]he law must advance with the technology to ensure the continued vitality of the Fourth Amendment
Electronic Communications Privacy Act legislative history, Senate Report, p.5

Historical Evolution of Surveillance Technology and Legal Regulation

Expansion of Technological Capabilities & 4th Amendment Protection

Communications Technology


4A trigger

4A protection
1928 Early telephone Prohibition Castle: Physical -- property/trespass (Olmstead) none b/c no trespass
1968 Mass market phones Gambling/Organized Crime People not places (Katz) Congress enacts guidance of Katz: Probable cause, limited class of crimes, after the fact inventory
1984/6 Store & forward/email [pre-emptive strike by technophiles] Activity not medium ECPA: email gets status of 1st class mail vs. 3rd party business records
1994 Transactional records Global, digital communications Power to reveal personal information vs. owner judicial supervision for transactional records access
World Wide Web and data mining Terrorism People not information ??

Conclusion - Future Research Directions

Beyond the thinking of privacy as a mechanism for limiting access to certain information ...


  1. mechanisms (algorithmic and UI-oriented) to help manage the flow and use of data according to its complex sensitively characteristics
  2. guidance for policy makers about ways that large scale systems generate sensitive information

... design Accountable Systems responsive to evolving rules

Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 2.5 License.