Daily headlines bemoan the lack of secure systems and this past year witnessed numerous breaches leading to the disclosure of private information. The failure of these commercial systems has dominated much of the discourse around security and privacy. However, the secure collection and transmission of information and the judicious use of private data is fundamental to the core of our society beyond commerce. It underlies the basic processes of governance and civic participation.
Almost a decade ago, computing researchers developed a mathematical theory called differential privacy, which protects information about individuals when analyzing groups of people. Differential privacy is now deployed in the commercial space and used by US federal agencies such as the U.S. Census Bureau. Simson L. Garfinkel, from the US Census Bureau, gave this example and others at the most recent Computing Community Consortium (CCC) Symposium and described how the 2020 Census will use differential privacy to protect the privacy of individual survey responses.
The CCC Symposium was held on October 23-24, 2017 in Washington, DC. We have been highlighting a different panel on the CCC Blog each week since the event. This week we are focusing on the Security and Privacy for Democracy Panel.
Computing research enables new technology to help society cope with information security and privacy risks. The five panelists on this panel talked about how technologies and processes interact to protect our society.
- Roger Dingledine (Tor Project)- The Tor Project is on online community around the world that helps strives to keep the Internet safer through enabling anonymous communication. Dingledine commented that transparency for Tor is key, so it is open-sourced and free. The design documents, specifications, and developers are all publically available.
- Simson L. Garfinkel (U.S. Census Bureau)- The U.S. Census Bureau is also building a disclosure avoidance system for the 2020 Census. The plan is for this to be a public system and that the Bureau will publish the source code. It will rely on infusing formally private noise. There will be a privacy/utility tradeoff for some queries, while other queries (such as the number of people in each state) will be exact.
- Phillipa Gill (UMass-Amherst)- Measuring and tracking censorship is challenging due to the decentralized design of the Internet itself. Researchers are creating tools that can flag different forms of censorship across a variety of content.
- Daniela Oliveira (University of Florida)- People are very susceptible to risk and psychological principles of influence, such as authority, reciprocation, commitment, liking, scarcity, and social proof. For example, once a person takes a stand (commitment) they want to behave (e.g., click on a related link) in ways that are consistent with their commitment. This bias is particularly true for older adults. As a person ages their cognition and sensitivity decrease, therefore they are more susceptible to phishing risks.
- Dan Wallach (Rice University)- Electronic voting is a security and privacy risk. Better voting machines that use cryptographic and other verification techniques including paper records can combat these risks. Online voter registration databases are also very vulnerable to attacks. Cyber attacks are hard to attribute to their source, such as the possible Russian involvement in the 2016 presidential election.
At the beginning of the Q&A session, CCC Council member and chair of this panel, Kevin Fu (University of Michigan) asked each panel member to “give him hope.” Dingledine stated that a growing number of companies are feeling positive about protecting individual’s security and privacy. There is also a fine balance between making the public aware of these security issues and not alarming them. Oliveira and Dingledine both said that the computing research community is beginning to leverage tools that can maintain that balance.
Significant work on security and privacy is underway, but progress will require continued collaboration and informed communication between academic researchers, industry, government, and the broader public.
Stay tuned to the blog next week as we continue to highlight the other session panels from the symposium. See the video from the panel here.