Privacy of personal data in online and physical environments

People have a fundamental right to maintain their personal privacy while using all kinds of technologies in their daily lives. Violations of this right can have extremely negative consequences for an individual, including trauma, depression, loss of dignity, loss of jobs, and in extreme cases loss of life. While people generally have some awareness that their personal data are being collected through their online social networks, mobile devices, and IoT sensors, they are often unaware of the extent and nature of the data collected through these technologies and express surprise and discomfort when they find out. For example, multiple users recently reported surprise when they found out that their flashlight app was continuously tracking their location information. Our group has been studying how the newer technologies are creating newer privacy challenges as well as opportunities for mitigation. Some recent projects include:

Uniqueness of personal spending data – Identifying the limits of anonymity in the emerging big data. For example, in a recent Science paper, we reported that it takes only 4 pieces of spatio-temporal information to uniquely identify a customer’s credit card data amongst millions of other anonymized data records. This brings to the fore an urgent need to re-define how we measure privacy, understand it, and ultimately what drives our privacy needs in an information rich eco-system.

Predicting privacy attitudes using phone metadata – We recently found that a combination of phone use metadata can provide vital insights into a person’s privacy attitudes. This can be used to automatically recommend privacy settings to individuals.

Nudging privacy behavior – We took inspiration from “second-hand” smoking cessation campaigns to create interfaces that made users realize that each time they leak information about themselves, by proxy, they also leak information about their peers. We found that individuals thought longer and were twice less likely to give away personal information when made aware of such social consequences of their actions.