End-to-End Designs for Data Privacy
As increasing quantities of sensitive data are collected to gain valuable insights, the need to natively integrate privacy controls in data frameworks is growing in importance. Today, existing data protection systems are focused on ensuring that access to data is limited to authorized services, using security controls such as access control and encryption. However, once such a service is authorized to access the data, they have an unrestricted view of the data, which accounts for much of the data misuse today. We ultimately need to ensure that users' privacy preferences are respected even by authorized services. Privacy solutions that control the extent of what can be inferred (i.e., data minimization and purpose limitation) from data and protect individuals' privacy (i.e., differential privacy) are crucial if we are to continue to extract utility from data safely.In this project, we work towards a system design that simultaneously ensures the confidentiality of data from unauthorized parties and provides strong privacy guarantees for data accessed by authorized parties.
• Privacy Management: The need for a privacy management layer in today's systems started to manifest in what we now see as the advent of new privacy-preserving and privacy-compliance systems. As a result, we started to see many independent efforts emerge that try to provide system support for privacy. These include systems that help track data and data accesses or maintain a global state of privacy resources across applications. As the adoption of and requirements for data privacy solutions increase, there is a need for a system architecture that simplifies and accelerates privacy management in large-scale systems. Building such a system entails working on new abstractions and mechanisms for efficient execution of privacy functions, state sharing, optimal allocation of scarce and non-replenishable resources (i.e., privacy budget), matching and composing privacy-compliant views, and more.
• Cryptographic Enforcement of Privacy Controls: Turning to cryptography for privacy enforcement may be intrinsic to allowing the benefits of data while confining data misuse. We are working on investigating cryptographic tools that can enable the enforcement of a richer set of privacy policies.