Day 3

Here’s a few summaries of papers I read for tonight’s homework:

k-anonymity: A model for protecting privacy

In this paper, the author presents a k-anonymity protection model and explored related attacks. In addition, he provided ways in which these attacks can be thwarted. He introduces his paper by stating that as society is experiencing exponentially large growth in the number of data collections containing specific, personally information in computer technology, that network connectivity and disk storage space has become increasingly affordable. Data holders, who hold this large collection of private data, often have a difficult task of releasing information that is too person-specific and that does not compromise privacy. The author introduces a model in which data holders with limited knowledge can release their data without the fear of subjects being later re-identified. This formal protection model called k-anonymity also includes a set of policies when data is deployed, which grants protection if the information for each person contained in the release cannot be distinguished from at least k-1 individuals. This model is important because it forms the basis on which similar real-world systems provide guarantees of privacy protection.

Uniqueness and How it Impacts Privacy in Health Related Social Science Datasets

The goal of the author’s work was to create an understanding of what uniqueness means and how it can lead to an increase of vulnerability in highly sensitive datasets such as those in the Kinsey Institute. As social scientists collect highly sensitive data from surveys done at the Kinsey Institute for Research in Sex, Gender, and Reproduction. Unlike medical data that features nothing but pure medical-related data, these datasets present an opportunity to take data and characterize participants in unique ways. These unique characteristics can allow individuals who have taken part in the study to be linked to other sets of external data and ultimately be identified. Therefore, when dealing with such sensitive data, traditional approaches to anonymizing data may not be enough to prevent the re-identification of participants in these datasets. Privacy is key to social science researchers because they depend on participants to provide truthful, accurate, and highly personal answers regarding their own behaviors. In this paper, the author evaluates two datasets to enhance the understanding of behavioral and psychosocial factors related to the risk for HIV and other sexually transmitted infections and risks to the individual’s well-being. Because the data focuses on sexuality, it is considered to be sensitive data that requires both the protection of confidentiality and privacy.In this paper, the author evaluates the statistical characteristics of these datasets in order to understand just how these “unique characteristics” of individuals in the data impacts their privacy in studies. They do this by using statistical attacks in an attempt to achieve the re-identification of participants. They analyzed the dataset from a sexual health survey, and characterized uniqueness and the sparsity of records. They also introduced a uniqueness similarity measure that helped to add further characteristics. The results of their data showed that uniquification rates for the data was extremely high – for example when considering combinations of 3 attributes, the percentage of unique records approaches 100%. Also, they discovered that participants with similar backgrounds provide similar answers to questions referring to sexual behavior and psychological state. (Dataset 1). Results in Dataset 2 were taken from participants with different backgrounds, therefore they had answers that were predictably more unique and less similar. They concluded that participants in a sample drawn from a more diverse population are exposed to greater privacy risks.

Common Pitfalls in Writing about Security and Privacy: Human Subject Experiments, and How to Avoid Them

As this paper was more a list of things to be careful of when writing an academic paper that deals with human subject experiments and their security/privacy, I made a summary in a list-like approach.

  • AIM: to guide researchers in how to avoid the most common mistakes when submitting to the Symposium on Usable Privacy and Security and other conferences that accept papers on human subject studies revolving around security and privacy. Also, to help those with a general knowledge of how to write an academic paper to adapt their skills to writing up security and privacy human subjects studies and to provide an awareness of common mistake authors make when writing about such a topic.
  • Authors of security and privacy experiments that involve human subjects are often prone to a series of common mistakes when documenting their experiment.
  • Reviewers and program committees often reject papers with eye-catching methodologies not because they have a bad idea, but because of the lack of clarity and validity of the experimental results – however, many of these mistakes made by authors are easily avoidable.
  • IMPORTANT when writing an academic paper to present your contributions clearly by explaining the bigger picture of the problem you are trying to solve and the specific occurrence of the problem that laid the foundation for your work, along with the hypothesis you wanted to test, your methods, and your results
  • You have to be careful when writing your paper to not mislead the audience in any way – for example, no prior work should be belittled and your own work should not be over-exaggerated. Rather than selling your work to contribute, you should isolate the value of your contributions to the fullest extent and present it clearly.
  • If your paper includes exaggerations or undocumented issues you ran into while completing your project, the reader’s focus can shift from your contributions to the suspicious nature of your study.
  • To determine if you have conveyed your ideas clearly enough to be understood, ask colleagues not participating in the same research to take a look at a draft.
  • As experiments are designed in order to test hypotheses, it’s important to state the hypothesis you are testing and your experimental design in great detail – this can ensure that your experiment is documented well enough to possibly be replicated by another researcher
  • Describe your experimental design in a chronological fashion, and include the recruiting process and the demographic makeup of your participants. Studies that include deceiving participants need to explain why deception was used and when the participants were informed of what was actually happening.
  • Describe how you observed participants and how these observations were later translated into data points – also highlight the decision points that were encountered along the designing process of the experiment and explain the reasoning behind certain choices you made. If there was a mistake in your experiment, own up to them and offer suggestions on how your methodology could have improved.
  • As it is probably impossible to fit every detail of your experiment into the paper, make use of an appendix at the end of your paper by attaching additional study materials. However, this is not a replacement for detailing your experiment in the paper, as the paper should include an explanation of all essential details and the validity of your experimental goals, methods, and concluding analysis.
  • *Have a clear threat model. When testing security behavior in humans in response to an attack, explain the assumptions made about the information, along with the capabilities and resources that were available to the hacker. These assumptions = your threat model. This is a common area of failure in papers as some authors fail to justify or even document these assumptions.
  • When designing a threat model and testing security behavior that relates to a system you personally developed, beware of the potential (or appearance of) bias. Reviewers may think that the attacks you tested against could have been designed in a more effective way. You can easily remove this bias by identifying third parties with both the talent and incentive to develop the best possible attack against your personally built system.
  • Experient is ecologically valid if participants in the study behave as they would in the real-life situation that the experiment is trying to replicate.
  • Ecological validity is challenging when designing experiments of security and privacy behavior due to the interesting experiments of security and privacy because security or privacy would not be the primary goal of the individual. Also, not completing the primary task can result in risks and consequences. *important because stimulating the forces needed to ecologically is warranted as you design your experiment.
  • BE UP FRONT – disclosing all the limitations of your study, the design, participant information such as demographics, certain statistical tests, and other medological issues.
  • Writing about experimental limitations sounds challenging but really, reviewers may be less likely to critique if you were aware of them and fully disclosed the challenges you encountered.
  • If writing about these limitations, place them in its own subsection under methodology, results, or discussion.
  • When presenting results, remind the reader of the hypothesis, the data used to test the hypothesis, why you chose a particular statistical test, and the results you obtained from that test.
    • 1)Authors often describe a failure to disprove the null hypothesis as an indication that the null hypothesis is true.
    • 2)Use more than one data point per participant in a statistical test that assumes data points are independent.
  • In your results – be careful not to jump to conclusions beyond those supported by a hypothesis or test results. Implications for your future work however, should be explained.

Today was a change of pace, as instead of listening to a lecture back to back we got to explore and play around with paper circuits and soldering, 3D printing, and laser cutting. I was nervous about the paper circuits because it made me think about high school physics all over again, but really the concept is quite simple – the flow of electricity goes from positive to negative, and is able to light an LED light as it uses the copper tape as a conductor to flow from the positive side of the battery to the negative side. The homework was a bit more challenging as we had to create two more circuits. I chose to make a switch and a pull tab.

IMG_3130 IMG_3131

It was hard to hold down the battery and switch or battery and pull tab at the same time so I made use of this handy dandy coaster to hold down my battery, and waaalahhh! Paper circuit magic.

When we were introduced to the 3D printers, I pulled up a little object I drew on Tuesday night. My little brother Luke is 12 years old and has already 3D printed me an IU logo, so i decided to print him off something too.


It’s really tiny, but I’m proud of it.

Today’s lectures were really helpful – especially the one on Related Works. I liked getting feedback, although I think my issue is writing too much instead of too little. I just really like reading the papers and everything sounds so interesting and important to me!

Here I chose an article I read last week to work on citation trees, and added these forward and backward citations to my Mendeley to read when I have some down time:

“Providing Adaptive Health Updates Across the Personal Social Network”

Forward Citations:

Miller, A., Mishra, S. R., Kendall, L., Haldar, S., Pollack, A. H., & Pratt, W. (2016). Partners in Care: Design Considerations for Caregivers and Patients During a Hospital Stay. Computer Supported Cooperative Work.

Smith, K. (2014, February). Supporting carers through intelligent technology. In Proceedings of the companion publication of the 19th international conference on Intelligent User Interfaces (pp. 81-84). ACM.

Backwards Citations:

Agneessens, F., Waege, H., & Lievens, J. (2006). Diversity in social support by role relations: A typology. Social Networks, 28, 427–441.

Adar, E., Tan, D. S., & Teevan, J. (2013). Benevolent deception in human computer interaction.Proceedings of the CHI 2013 Conference on Human Factors in Computer Systems. New York: ACM