Saturday, April 01, 2017

Techniques for Protecting Comey's Twitter: A Taxonomy

Person in the know calling me out.
After my post about how the Comey Twitter leak was the most exciting thing ever for information flow security researchers, I had some conversations with people wanting to know how to tell between information that is directly leaked and information that is deduced. Someone also pointed out that I didn't mention differential privacy, a kind of statistical privacy that talks about how much information an observer can infer. It's true: there are many mechanisms for protecting sensitive information, and I focused on a particular one, both because it was the relevant one and because it's what I work on. :)

Since this Comey Twitter leak is such a nice example, I'm going to provide more context by revisiting a taxonomy I used in my spring software security course, adding statistical privacy to the list. (Last time I had to use a much less exciting example, about my mother spying on my browser cookies.)

  • Access control mechanisms resolve permissions on individual pieces of data, independently of a program that uses the data. An access control policy could say, for instance, that only Comey's followers could see who he is following. You can use access control policies to check data as it's leaving a database, or anywhere in the code. Things people care about with respect to access control is that the access control language can express the desired policies while providing provable guarantees that policies won't accidentally grant access, and can be checked reasonably efficiently.
  • Information flow mechanisms check the interaction of sensitive data with the rest of the program. In the case of this Comey leak, access control policies were in place some of the time. For example, if you went to Comey's profile page, you couldn't see who he was following. How the journalist ended up finding his page was by looking at the other users suggested by the recommendation algorithm after requesting to follow hypothesized-Comey. (This was aided by the fact that Comey is following few people, and  In this case, it seems that Instagram was feeding secret follow information into the recommendation algorithm and not realizing that the results could leak follow information. An information flow mechanism would make sure that any computation based on secret follow information could not make its way into the output from a recommendation algorithm. If the follow list is secret, then so is the length of that list, people followed by people on the follow list, photos of people from the list, etc.
  • Statistical privacy mechanisms protect prevent aggregate computations from revealing too much information about individual sensitive values. For instance, you might want to develop a machine learning algorithm that uses medical patient record information to do automated diagnosis given symptoms. It's clear that individual patient record information needs to be kept secret--in fact, there are laws that require people to keep this secret. But there can be a lot of good if we can use sensitive patient information to help other patients. What we want, then, is to allow algorithms to use this data, but with a guarantee that an observer has a very low probability of tracing diagnoses back to individual patients. The most popular formulation of statistical privacy is differential privacy, a property over computations that allows computations only if observers can tell the original data apart from slightly different data with very low probability. Differential privacy is very hot right now: you may have read that Apple is starting to use this. It's also not a solved problem: my collaborator and co-instructor Matt Fredrikson has an interesting paper about the tension between differential privacy and social good, calling for a reformulation of statistical privacy to address the current flaws.
For those wondering why I didn't talk about encryption: encryption focuses on the orthogonal problem of putting a lock on an individual piece of data, where locks can have varying cost and varying strength. Encryption involves a different kind of math--and we also don't cover encryption in my spring course for this reason.

Another discussion I had on Twitter.
Discussion. Some people may wonder if the Comey Twitter leak is an information flow leak, or some other kind of leak. It is true that in many cases, this Instagram bug may not be so obvious because someone is following many people, and the recommendation algorithm has more to work with. I would argue that it squarely is in the purview of information flow mechanisms. If follow information is secret, then recommendation algorithms should not be able to compute using this data. (Here, it seems like what one means by "deducible" is "computed from," and that's an information flow property.) We're not in a situation where these recommendation engines are taking information from thousands of users and doing something important. It's very easy for information to leak here, and it's simply not worth the loss to privacy!

Poor, and in violation of our privacy settings.
Takeaways. We should stand up for ourselves when it comes to our data. Companies like Facebook are making recommendations based on private information all the time, and not only is it creepy, but it violates our privacy policies, and they can definitely do something about it. My student Scott recently made $1000 from Facebook's bug bounty program reporting that photos from protected accounts were showing up in keep-in-touch emails from Instagram. If principles alone don't provide enough motivation, maybe the $$ will incentivize you to call tech companies out when you encounter sloppy data privacy practices.

20 comments:

Blogger said...

BlueHost is ultimately one of the best web-hosting company with plans for any hosting needs.

Blogger said...

Ever wanted to get free Twitter Re-tweets?
Did you know that you can get these ON AUTOPILOT & TOTALLY FOR FREE by registering on Like 4 Like?

Blogger said...

FIND OUT How You Can Master Your Habits And Reprogram The Subconscious Mind To Get Any Result You Want In Your Personal Growing and Fulfillment!

Introducing... Procrastinating Your Procrastination!

RocketPaper said...

A resource that will help in writing immigration argumentative essay

Anonymous said...

Hey, Wow all the posts are very informative for the people who visit this site. Good work! We also have a Website. Please feel free to visit our site. Thank you for sharing.Well written article Thank You Sharing with Us pmp training Chennai | pmp training centers in Chennai | pmp training institutes in Chennai | pmp training and certification in Chennai | pmp training in velachery

katetech said...

Nice blog..! I really loved reading through this article. Thanks for sharing such a amazing post with us and keep blogging...
free internship programs
computer science internships
engineering internships in hyderabad

Anonymous said...

Nice blog..! I really loved reading through this article. Thanks for sharing such a
amazing post with us and keep blogging... AngularJS Training in Chennai | Best AngularJS Training Institute in Chennai | AngularJS Training in Velachery |
Angular4 Training Institute in Chennai

IT Tutorials said...



Get the most advanced Hadoop Course by Professional expert. Just attend a FREE Demo session.
call us @ 9884412301 | 9600112302
Hadoop training in chennai | Hadoop training in velachery

TechLovrz said...

Status4Everyone
Status4Everyone.com
gaana.site

Alexa said...

Thank you for sharing us education, please kindly visit mine :D

SITUS JUDI ONLINE RESMI
SITUS POKER ONLINE RESMI
BANDAR POKER ONLINE TERBAIK

hrroman said...

If you are stuck with your online management assignment then in this case you can opt for our Management

Assignment help
. we provide the best assignment online assignment help.
We also provide Supply chain Management help. for students across the globe.
for more information contact us +16692714848

Judi online said...

Thanks for sharing the best and informative article.
Research chemical crystal supplier, HEP Research Chemical Supplier , Stimulant Crystal Eutylone USA, Buy 5faeb2201 Cannabinoid Powder

Meds Blogger said...

BUY PILLS ONLINE

Buy Pain Pills online
Buy Roxicodone online
Buy Xanax online
Buy Oxycodone online
Buy Research Chemicals online
Buy Adderall online
Buy LSD online
Buy steroids online
Buy Sex Pills online
Buy Methadone online
Buy viagra online

BUY COUNTERFEIT MONEY ONLINE

Fake money for sale
Buy Counterfeit online
Buy Counterfeit Money online
Buy Quality counterfeit bank Notes online

BUY BULLDOGS, POMERANIAN AND MALTESE PUPPIES ONLINE
Buy French bulldog online
Buy English bulldog online
Buy Maltese online
Buy Pomeranian Puppy
Buy Maltese online
Buy Pomeranian online
Buy Pain Maltese online

BUY HANDGUNS ONLINE DISCRETELY

Buy GLOCK 19 9mm online
Buy GLOCK 42 online
Buy Barretta Pistol online
Buy Ruger Pistol online
Buy Desert Eagle pistol online
Buy CZ Pistol online
Buy SIG Sauer Pistol online

Rankerz said...

One of the best I noticed that many things are becoming digital and it's a great opportunity for taking professional SEO services online for getting ranked on the websites with good high-quality keywords.

Prestige Movers said...

At Prestige Movers we cater for all business' and private individuals, our European and UK nationwide- by road transport solutions are unique. We offer a very personal service to our customers by ensuring goods are handled with the utmost care and diligence. Our relocations division will deliver seamless home relocations and office moves. Our team also deliver to the exact location, we would not leave your goods kirbside! So, visit our website for more details.

Joan Samuels said...

Thanks for sharing excellent informations. Your site is very cool. I’m impressed by the details that you have on this web site. It reveals how nicely you perceive this subject. Bookmarked this web page, will come back for extra articles. You, my friend, ROCK! I found just the info I already searched everywhere and just could not come across. What an ideal site.

sexy365
ทางเข้า slotxo

House of Faiza said...

Hello,
Very informative post, keep it up good work!

https://pg-slot.net/ said...

slot joker
slot1234
joker gaming
joker slot

Firmware File said...

The firmware file is used to resolve different issues in your smartphone like application stopped working, boot loop issue, dead issue, and IMEI issues. It contains the operating system of your device in its unique form. lyf ls 4503 flash file

Unknown said...

The firmware file is used to resolve different issues in your smartphone like applicatio superslot