Privacy, theory

In individual pursuits of personalized service and other functionalities, people disclose personal and private information by trusting certain online sites and services. Scholars often assume that such trust is based on a careful assessment of the benefits and risks of disclosing information online. This project departs from such an assumption and investigates the possibility that decision-making about online information disclosure is not systematic, but rather based on cognitive heuristics (or mental shortcuts) triggered by cues in the interaction context.

This project is developing new foundational cryptographic techniques for outsourcing data and computations on it, which fully preserve data privacy. The focus is on real-world settings involving multiple users where privacy with respect to all other users is required, as well as privacy from the service provider. The project will aim to minimize the interaction between users in the system, making the computational complexity for each client independent of the total number of users.

One of the most serious threats in the world today to the security of cyberspace is "social engineering" - the process by which people with access to critical information regarding information systems security are tricked or manipulated into surrendering such information to unauthorized persons, thereby allowing them access to otherwise secure systems. To date, little systematic research has been conducted on social engineering.

Information about individuals is collected by a variety of organizations including government agencies, banks, hospitals, research institutions, and private companies. In many cases, sharing this data among organizations can bring benefits in social, scientific, business, and security domains, as the collected information is of similar nature, of about similar populations. However, much of this collected data is sensitive as it contains personal information, or information that could damage an organization's reputation or competitiveness.

This project takes a new approach to problems involving sensitive data, by focusing on rigorous mathematical modeling and characterization of the value of private information. By focusing on quantifying the loss incurred by affected individuals when their information is used -- and quantifying the attendant benefits of such use -- the approaches advanced by this work enable concrete reasoning about the relative risks and rewards of a wide variety of potential computations on sensitive data.