Interdisciplinary Privacy Course

Summer semester 2011

K.U.Leuven


 http://www.cs.kuleuven.be/~berendt/teaching/Privacy11/


This interdisciplinary course is part of the thematic training of the Leuven Arenberg Doctoral School Training Programme and supported by IAP BCRYPT and LICT. The course is mainly aimed at Ph.D. students from all disciplines (either from the K.U.Leuven or from other universities), but also open to undergraduate students, post-docs, people working in industry, or anyone else interested on the topic.

The course will provide an overview of various aspects of privacy from the technical, legal, and social science perspectives. While the broad focus of the course is on privacy in electronic services, this year’s edition of the course will have a special focus on location privacy.

When

•    Monday, June 27, from 09:30 to 17:30
•    Tuesday, June 28, from 09:00 to 18:00

Where

BETH 00.08
Huis Bethlehem, Schapenstraat 34
3000 Leuven

Speakers

The course will last two days and consist of eight lectures. The lecturers include five speakers from different departments and faculties in K.U.Leuven and two invited speakers :

•    Prof. Bettina Berendt, Computer Science (K.U.Leuven)
•    Prof. Claudia Diaz, Electrical Engineering (K.U.Leuven)
•    Dr. David Geerts, Faculty of Social Sciences (K.U.Leuven)
•    Dr. Seda Gürses, Electrical Engineering (K.U.Leuven)
•    Prof. Mireille Hildebrandt (Radboud University Nijmegen, NL)
•    Dr. Markulf Kohlweiss (Microsoft Research, Cambridge, UK)
•    Dr. Eleni Kosta, Faculty of Law (K.U.Leuven)

Registration

•    The course is free of charge, but attendees are required to register by sending an email to claudia.diaz@esat.kuleuven.be
•    The registration deadline is: Tuesday, June 15
 

If you have any questions or would like to know more information please send an email to claudia.diaz@esat.kuleuven.be.
 

Programme

Monday, June 27

09:30 Introduction (Claudia Diaz)
10:30 Coffee break
11:00 Privacy Enhancing Cryptographic Protocols (Invited Talk)   (Markulf Kohlweiss)
12:30 Lunch break
14:00 Recent insights in HCI and user research on location based privacy (David Geerts)
15:30 Coffee break
16:00 Technical Aspects of Location Privacy (Claudia Diaz)
17:30 End

Tuesday, June 28

09:00 Web data mining and privacy: foes or friends? (Bettina Berendt)
10:30 Coffee break
11:00 The surge of data analytics and the right to know how one is being profiled (Invited Talk) (Mireille Hildebrandt)
12:30 Lunch break
14:00 Location privacy in the European data protection legal framework: when your smartphone is getting "too" smart (Eleni Kosta)
15:30 Coffee break
16:00 The challenge of privacy and requirements engineering in information systems (Seda Gürses)
17:30 Discussion speakers and participants
18:00 end


Abstracts

Introduction (by Claudia Diaz) (PDF)

This lecture will motivate the need for privacy protection, introduce the arguments in the privacy debate, and review the main approaches to privacy. Some of the questions that we will address in this talk include: Why is privacy important? Why is it so complex? What are the different meanings of "privacy"? How does "privacy" translate to technical properties and how do these relate to classical security properties? What are the problems of the current legal-policy approach to addressing privacy problems?


Privacy Enhancing Cryptographic Protocols (by Markulf Kohlweiss) (PPTX)

I will present the cryptographic ideas behind several privacy enhancing protocols that reduce the reliance of online services on the release of personal data while at the same time improving security. I will looks at two families of such protocols: The first are protocols for the anonymous release of certified data. Example protocols in this family are anonymous credentials, anonymous electronic cash, and group signatures. These protocols all support anonymity by hiding the relation between the released data and the identity of the user. The second protocol family covers protocols for the private access of data. Example protocols in this family are private information retrieval, oblivious transfer, and oblivious and private searching. These protocols hide the usage patterns of the user.


Recent insights in HCI and user research on location based privacy (by David Geerts) (PPTX)

Many opinions are being formed about location based privacy, from different perspectives such as the legal, technical, or policy domains. But what do users think about it, and how can systems and applications be designed in order to address these user needs? David Geerts will present the most recent results on the topic of location based privacy from a user point of view, mainly drawing from the recently held CHI2011 conference on Human Computer Interaction.


Location privacy risks and technical solutions (by Claudia Diaz) (PDF)

An increasing number of people own mobile devices with positioning capabilities, and use various location-based services (LBSs) to obtain all kinds of information about their surroundings. Privacy concerns have emerged because many of such services enable, by design, service providers to collect detailed location information about their users. In this talk we will review location privacy risks and provide an overview of location privacy technologies that have been proposed for a variety of applications, such as location-based services for mobile phones and vehicular applications.


Web data mining and privacy: foes or friends? (by Bettina Berendt) (PPT)

This lecture will give an overview of Web mining (i.e., data mining applied to Web content, link, or usage data) and its implications for privacy. Bettina Berendt will present examples of techniques that allow various actors to analyse user-related data in order to gain more knowledge about users, and she will discuss how these techniques may endanger unobservability, unlinkability, and/or anonymity. She will show the tradeoff between "threats to privacy" and "opportunities for transparency" that is inherent in the use of data-mining techniques. Based on this, she will investigate the question of whose privacy gets threatened, and give an overview of whose privacy can be protected by methods from fields such as "privacy-preserving data mining" or "privacy-preserving data publishing", with examples having implications on location privacy and other types of Web data.


The surge of data analytics and the right to know how one is being profiled (by Mireille Hildebrandt) (PPTX)

Data analytics is big business. Its promises and perils relate to finding the difference that makes a difference (Bateson). This presentation will discuss the legal framework of privacy and data protection with respect to the making and application of profiles. It will focus on art. 12 and 15 of the Data Protection Directive and argue that we need a right to know how we are being profiled, as well as intuitive interfaces to turn the right into an effective remedy.


Location privacy in the European data protection legal framework: when your smartphone is getting "too" smart (by Eleni Kosta) (PDF)
 
The proliferation of location based services and the processing of location data in general have raised questions relating to the protection of the privacy of the individuals. The recent iPhone location tracking scandal was only the tip of the iceberg that brought location privacy in the spotlight. Numerous studies and experiments have been carried out in order to demonstrate the abundance of information that can be collected about an individual from the processing of his location information. This presentation is going to present the European legal framework for the regulation of location based services and the processing of location data and is going to critically examine whether it manages to adequately protect the privacy of the individuals. Finally, some suggestions for the enhancement of the privacy of individuals are going to be presented.


The challenge of privacy and requirements engineering in information systems (by Seda Gürses) (PDF)

Privacy is a debated notion with various definitions that are also often vague. While this increases the resilience of the privacy concept in social and legal context, it poses a considerable challenge to defining the privacy problem and the appropriate solutions to address those problems in a system-to-be. When engineering systems, the stakeholders of the system ideally step through a process of reconciling the relevant privacy definitions and the (technical)privacy solutions in the given social context. During the talk, we will discuss how this reconciliation can be approached during requirements engineering. Requirements engineering is a sub-phase of software engineering during which the desired behavior of the system-to-be is defined. We will explore methods to define and elicit privacy concerns based on different privacy notions; summarize the results of a multilateral privacy requirements analysis of social networks, and focus on some of the privacy concerns raised in this application domain, including concerns with respect to mobile social networks and location privacy.




last updated on 2011-07-22 by Bettina Berendt; URL of this page: http://www.cs.kuleuven.be/~berendt/teaching/Privacy11/