Dependable Public Ledger for Policy Compliance, a Blockchain Based Approach

The ever increasing amount of personal data accumulated by companies offering innovative services through the cloud, Internet of Things devices and, more recently, social robots has started to alert consumers and legislative authorities. In the advent of the first modern laws trying to protect user privacy, such as the European Union General Data Protection Regulation, it is still unclear what are the tools and techniques that the industry should employ to comply with regulations in a transparent and cost effective manner. We propose an architecture for a public blockchain based ledger that can provide strong evidence of policy compliance. To address scalability concerns, we define a new type of off-chain channel that is based on general state channels and offers verification for information external to the blockchain. We also create a model of the business relationships in a smart home setup that includes a social robot and suggest a sticky policy mechanism to monitor cross-boundary policy compliance

Dependable and Scalable Public Ledger for Policy Compliance, a Blockchain Based Approach

Policies and regulations, such as the European Union General Data Protection Regulation (EU GDPR), have been enforced to protect personal data from abuse during storage and processing. We design and implement a prototype scheme that could 1) provide a public ledger of policy compliance to help the public make informative decisions when choosing data services; 2) provide support to the organizations for identifying violations and improve their ability of compliance. Honest organizations could then benefit from their positive records on the public ledger. To address the scalability problem inherent in the Blockchain-based systems, we develop algorithms and leverage state channels to implement an on-chain-hash-off-chain data structure. We identify the verification of the information from the external world as a critical problem when using Blockchains as public ledgers, and address this problem by the incentive-based trust model implied by state channels. We propose the Verifiable Off-Chain Message Channel as the integrated solution for leveraging blockchain technology as a general-purpose recording mechanism and support our thesis with performance experiments. Finally, we suggest a sticky policy mechanism as the evidence source for the public ledger to monitor cross-boundary policy compliance

A Roadmap for Greater Public Use of Privacy-Sensitive Government Data: Workshop Report

Government agencies collect and manage a wide range of ever-growing datasets. While such data has the potential to support research and evidence-based policy making, there are concerns that the dissemination of such data could infringe upon the privacy of the individuals (or organizations) from whom such data was collected. To appraise the current state of data sharing, as well as learn about opportunities for stimulating such sharing at a faster pace, a virtual workshop was held on May 21st and 26th, 2021, sponsored by the National Science Foundation and National Institute of Standards and Technologies, where a multinational collection of researchers and practitioners were brought together to discuss their experiences and learn about recently developed technologies for managing privacy while sharing data. The workshop specifically focused on challenges and successes in government data sharing at various levels. The first day focused on successful examples of new technology applied to sharing of public data, including formal privacy techniques, synthetic data, and cryptographic approaches. Day two emphasized brainstorming sessions on some of the challenges and directions to address them.Comment: 23 page

A Game-Theoretic Study on Non-Monetary Incentives in Data Analytics Projects with Privacy Implications

The amount of personal information contributed by individuals to digital repositories such as social network sites has grown substantially. The existence of this data offers unprecedented opportunities for data analytics research in various domains of societal importance including medicine and public policy. The results of these analyses can be considered a public good which benefits data contributors as well as individuals who are not making their data available. At the same time, the release of personal information carries perceived and actual privacy risks to the contributors. Our research addresses this problem area. In our work, we study a game-theoretic model in which individuals take control over participation in data analytics projects in two ways: 1) individuals can contribute data at a self-chosen level of precision, and 2) individuals can decide whether they want to contribute at all (or not). From the analyst's perspective, we investigate to which degree the research analyst has flexibility to set requirements for data precision, so that individuals are still willing to contribute to the project, and the quality of the estimation improves. We study this tradeoff scenario for populations of homogeneous and heterogeneous individuals, and determine Nash equilibria that reflect the optimal level of participation and precision of contributions. We further prove that the analyst can substantially increase the accuracy of the analysis by imposing a lower bound on the precision of the data that users can reveal