Privacy as plausible deniability?

As I was flying to the NSDI PC meeting this week I was catching up on reading and came across an article on privacy in the Atlantic that (to my surprise) pushed nearly the same perspective on privacy that we studied in a paper a year or so ago… Privacy as plausable deniability.

The idea is that hacks, breaches, monitoring behavior, etc. are so common and hard to avoid that relying on tools from crypto or differential privacy isn’t really enough.  Instead, if someone really cares about privacy they probably need to take that into account in their actions.  For example, you can assume that google/facebook/etc. are observing your behavior online and that this is impacting prices, advertisements, etc. Tools from privacy, encryption, etc. can’t really help with this.  However, tools that add “fake” traffic can.  If an observer knows that you are using such a tool then you always have plausible deniability about any observed behavior, and if these are chosen carefully, then they can counter the impact of personalized ads, pricing, etc.  There are now companies such as “Plausible Deniability LLC” that do exactly this!

On the research front, we looked at this in the context of the following question: If a consumer knows that their behavior is being observed and cares about privacy, can the observer infer the true preferences of the consumer?  Our work gives a resounding “no”.  Using tools from revealed preference theory, we show that the observer not only cannot learn, but that every set of observed choices can be “explained” as consistent with any underlying utility function from the consumer.  Thus, the consumer can always maintain plausible deniability.

If you want to see the details, check it out here!   And, note that the lead author (Rachel Cummings) is on the job market this year!

P.S. The NSDI PC meeting was really stimulating!  It’s been a while since I had the pleasure of being on a “pure systems” PC, and it was great to see quite a few rigorous/mathematical papers be discussed and valued.  Also, it was quite impressive to see how fair and thorough the discussions were.  Congrats to Aditya and Jon on running a great meeting!

A report from NSDI

Last week, I attended NSDI for the first time in quite a few years… I only managed to be at the conference for a day-and-a-half, but there was a lot of interesting stuff going on even in just that short time.

For me, it’s always stimulating to attend pure systems conferences like NSDI, given the contrast in research style with my own.  For example, there were more than a few papers where somewhere in the implementation, a quite challenging resource allocation problem came up, and the authors just applied a simple heuristic and moved past it without a second thought.  For me, I’d be distracted for months trying to figure out optimality guarantees, etc.  That’s, of course, a lot of fun to do and sometimes pays off, but it’s always good to see a reminder that often simple heuristics are good enough…

If you only look at four papers, which should they be?

Well, of course, you should start with the best paper award winner:

The topic of this paper highlights that, despite the fact that NSDI is a true systems conference, there were a definitely a few papers that took a theoretical/rigorous approach to design.  (Of course our paper did, but there were others too!)

Continue reading

Missed the trifecta

In an earlier post I wrote about an unusual submission trifecta I had this fall:  I submitted to each of NSDI, STOC, and Sigmetrics (a pure systems conference, a pure theory conference, and hybrid conference) within the span of a couple months.

As far as I know, no one has managed to complete this triple crown of acceptances in a given year (even when the list is broadened to STOC/FOCS, Sigcomm/NSDI, and Sigmetrics/Performance), though there is at least one person who has come quite close: Brighten Godfrey, who managed to have an NSDI and Sigmetrics paper within 12 months of each other, with a SODA paper in between…

Well, we now have heard back from all three and, unfortunately, we didn’t succeed with the triple crown.  We got an accept from NSDI and two accepts from Sigmetrics, but didn’t make it into STOC.  Drat, so close! So, the triple crown remains elusive for another year…

Continue reading