Team Adept

Overall Objectives
Scientific Foundations
Application Domains
New Results
Other Grants and Activities

Section: Scientific Foundations

Preservation of Privacy

In forthcoming years, the protection of privacy is one of the greatest challenge that lies ahead and also an important condition for the development of the "Society of Information". In the ubiquitous world where we live, each individual constantly leaves "numerical traces" related to his activities and interests which can be linked to his identity. For example, when a person surfs the Internet and accesses a website, his IP address can be linked at the same time to his localization, his centers of interests and his identity. Sometimes it may even happen that someone disseminates information without being aware of it, such as when a RFID chip is inserted in its pull-over and diffuses information in a passive manner without even its holder being aware of it. If all these numerical traces are collected by an unauthorized entity, this can lead to a privacy breach and may be used against the individual itself. A company might for instance use this information to send targeted spam or a malicious person could perpetrate an identity theft for fraudulent purposes. Moreover, due to legality and confidentiality issues, problematics linked to privacy emerge naturally for applications working on sensitive data, such as medical records of patients or proprietary datasets of enterprises.

Privacy Enhancing Technologies [11] (PETs) are generally designed to respect both the principles of data minimization and data sovereignty . The data minimization principle states that only the information necessary to complete a particular application should be disclosed (and no more). This principle is a direct application of the legitimacy criteria defined by the European data protection directive (Article 7, [45] ). The data sovereignty principle states that the data related to an individual belongs to him and that he should stay in control of how this data is used and for which purpose. This principle can be seen as an extension of many national legislations on medical data that consider that a patient record belongs to the patient, and not to the doctors that create or update it, nor to the hospital that stores it.

In our works, we investigate PETs that are generally based on a mix of different foundations such as cryptographic techniques, security policies and access control mechanisms just to name a few. Examples of domains that we are investigating and where privacy and utility aspects collide include: identity and privacy, geo-privacy, distributed computing and privacy, privacy-preserving data mining and privacy issues in social networks.


Logo Inria