Protecting Shared Data with Privacy Automatons

We share large quantities of personal data with online services and data brokers. Frequently, we upload everything from photos and home videos to shopping lists, tax reports, and health information. Using these data, businesses, governments, and other organizations can provide us with new and improved services, like Google Search and Amazon Prime, that many now depend on for their daily activities. As emerging technologies for self-monitoring, smart cities, and the Internet of Things advance, our digital footprint will only grow in the years to come. This project has developed technology for expressing and enforcing use-based privacy policies, enabling a stronger level of individual control over our digital footprint. Because use-based privacy focuses on how information may be used rather than limiting access or transmission, it enables online services and data brokers to make good use of our data while at the same time preventing them from violating national and international data-usage regulations and individual wishes for privacy. This project implements use-based privacy policies as privacy automatons, or privatons, which are small programs attached to data objects and control usage. Using modern security hardware, we can ensure that privatons protect data even in hostile environments. The privatons mechanism has been demonstrated with the Dataverse research data management and sharing tool used by research institutions all over the world.

The project devised three approaches for enforcing remote privacy policies using Intel SGX technologies for enforcement and realized in the Diggi framework. We implemented the TFHE-rs library, which combines SGX with homomorphic encryption for both integrity and confidentiality. Several real-world use cases were explored through collecting and analyzing various sensitive datasets, including in physiology, medicine, and commercial fishery. The project explored privacy aspects in the context of nutrition sciences, chronic disease intervention, and smartphone-based physiological assessments. The Kvasir-SEG and Njord datasets published as part of these activities are fueling AI/ML research and innovation in cancer diagnostics and fishery control, respectively. The project developed the Lohpi prototype for secure sharing of research data. Lohpi was well received by the international Dataverse open-data community. The prototype gives researchers more control of their data after it has been shared.

The increasing availability of big-data software and cloud services has resulted in a large ecosystem of networked data brokers that collect, share, and analyze large quantities of personal information. Using this data businesses, governments, and other organizations can provide new and improved services that many now depend on for their daily activities. As emerging technologies for self-monitoring, smart cities, and the Internet-of-Things advance, ever more data and insight on our lives will be captured and stored online. This mass-scale recording of our digital lives has not come forth without generating strong concerns regarding our privacy. The European Commission has already asserted that we do have the right to control our own data, including the right to be forgotten. The White House has recently also recommended new legislation, granting consumers greater control over their personal information. However, current big-data software stacks and cloud infrastructures does not readily support such rights. The individual, whose life is being recorded, has alarmingly little control and insight in what is being collected and how it is used. Existing computer systems lack effective means to express and enforce privacy policies on information after it has been shared or stored online. To provide that means, systems must support data policies that change depending on how data are manipulated, apply policies to all copies of data and to any derived data, and enforce policies wherever and whenever the original or derived data are used. This project will research and develop the concept of privacy automatons, an emerging technology that can capture and enforce complex privacy policies across multiple heterogeneous distributed cloud systems and client devices. To ensure relevancy, an use-case in medical epidemiological cohort studies will drive the research. Our goal is to empower the end users with greater control and insight into how their data is used and shared.