RESEARCH

Privacy/Accuracy Trade-offs in Mobile Local Search

Local search can tolerate large amounts of location noise without affecting the result.

Mobile search queries are estimated to produce 27.8 billion more queries than desktop-search by the year 2016. A vast majority of the users performing mobile search seek access to information pertinent in the locality of the query. In general, a local search application provides information on local businesses, events, and/or friends, weighted by the location of the query issuer. Therefore, location and service accuracy trade-offs are clearly present in a local search application. Through an extensive empirical study spanning the continental United States, we demonstrated that local search could tolerate a high degree of imprecision in location coordinates while generating accurate search results (see privacylessons.org/mobilesearch). Motivated by this study, our ongoing research is attempting to build a platform where applications will have a clear understanding of the similarity in local search results across geographic areas, and exploit it to enforce the location privacy requirements of the user. We are also pushing for a re-assessment of the algorithmic developments possible in this area, especially since current generation mobile devices can now easily participate in the computational requirements of a privacy-preserving solution.

Privacy-Preserving Record Linkage for Regional Data Sharing

Privacy-preserving record linkage in the medical domain is the task of identifying a patient's record in multiple health databases without using any identifying information about the patient (owing to HIPAA regulations). We are collaborating with medical researchers in the Denver metropolitan area to help them design a secure, internet-based privacy-preserving record linkage service that could be used by any collection of organizations seeking to perform clinical research with data where patient overlap is a significant problem. As a first step in this cross-disciplinary effort, we explored the current techniques (for record linkage) adopted by the medical community, and showed that they are not even secure against naive forms of attacks. We are working towards a method with stronger privacy guarantees. The strength of this project lies in the ties that we have formed with the medical community, which will not only help validate our techniques on real data, but will also help disseminate the results to the appropriate community.

Privacy in Telematics Data Collection

Auto insurance companies use non-tracking devices for driving habits data collection.

A recent endeavor of our research group is in the issue of privacy in vehicular telematics applications that collect driving habits data (time of driving, speed, mileage, etc.). While few applications disclose that their data collection devices track the driver, most do not (or at least claim not to) track GPS locations, and imply an expectation of privacy that the customer's destinations are not tracked. To the contrary, our research has confirmed that driving habits data is in fact sufficient to infer the destinations of certain driving trips. We expect this work to bring forth a major change in the privacy guarantees set forth by almost all major auto-insurance agencies (Progressive, State Farm, Allstate, Travelers, etc.) in the United States. We also see this research as the groundwork for a much broader research program, namely that of developing formal techniques to facilitate the privacy-preserving collection of driving habits data.

Delivering Security/Privacy Status to the Non-Expert

Our group is conducting projects to help the common man understand the security/privacy status of one's personal computing devices. We expect this research to generate a set of tools that will make a lay user aware of the security and privacy related risks directly resulting from the current configuration of a system's hardware and software. Having this rudimentary piece of information is the first step in making an informed decision in the security/privacy and utility trade-off.