One of the major challenges imposed by the pervasiveness of cyberspace is to ensure ``trust'' and design trustworthy systems to support the critical infrastructure for official, commercial, and personal business. Millions of everyday users pass their personnel information over the Internet to their health-care providers, to their banks, to insurance companies and other service providers.
Once such personnel information is transferred, in many cases, it is outsourced to other parties (some of which may even reside in foreign countries) for storage and processing. It may be sold or resold for data mining.
The collection, processing and resale of private data is a multi-million dollar industry that has serious security and privacy breaches including inadvertently revealing or loosing the personal information of thousands or millions of people.
While there is a clear need for knowledge discovery for commercial (e.g., marketing, insurance design), scientific and even security reasons (e.g., identifying public health problem outbreaks such as epidemics, biological warfare instances), at present, ``data producers'' (i.e., users like all of us) have no control of who, how, and what exactly is done with such private and sensitive data.
This proposal considers the above fundamental problem by introducing a novel mechanism called secure and auditable privacy contracting (SAP-Contracting). An SAP-Contract can be used to define a tradeoff between level of privacy and amount of data mining. Such a tradeoff can be negotiated and customized between data sources and data miners. An SAP-Contract defines precisely the functions and permitions that can be performed in personnel records. It aims to bridge the need for privacy with the need for data collection, transfer, marketing and processing; thus, enable sensitive private data to be treated as a commodity.
SAP-Contracting is different from the current state of art such as privacy preserving data mining approaches since it does not rely on server based data hiding. It complements and benefits from the research on cryptographic databases.
The PIs propose to design, implement and test a prototype of this paradigm to establish a proof of a concept and show provable security properties of SAP-Contracts, including confidentiality, integrity, and auditability.
If successful this project will provide provable and auditable privacy. It will marry privacy and data mining research with different economical models and venture into new research areas.
