PryMe, a Universal Framework to Measure the Strength of Privacy-enhancing Technologies
Lead Research Organisation:
De Montfort University
Department Name: Faculty of Technology
Abstract
Privacy is a universal value and an important matter of human rights, security, and freedom of expression. However, in the digital era privacy is increasingly becoming eroded, and existing protections in terms of laws and privacy policies turn out to be insufficient because they do not prevent privacy violations from happening. In contrast, privacy protections on a technical level, so-called privacy-enhancing technologies, can prevent privacy violations and are thus a topic of much current research.
One way to show how effective new privacy-enhancing technologies are, i.e. to what extent they are able to protect privacy, is to use privacy metrics to measure the amount of privacy the technologies provide. Even though many privacy metrics have been proposed, there are many studies showing their shortcomings in terms of consistency, reproducibility, and applicability in different application domains. This is an important issue because use of a weak privacy metric can lead to real-world privacy violations if the privacy metric overestimates the amount of privacy provided by a technology.
The proposed research addresses this issue by evaluating the quality of existing privacy metrics, identifying their strengths and weaknesses, and building on this evidence to propose new, much stronger privacy metrics. Our aim is to create novel privacy metrics that measure the effectiveness of privacy-enhancing technologies consistently, reproducibly, and across application domains. To achieve this aim, we will (i) create the modular framework PryMe for the systematic evaluation of privacy metrics, (ii) apply the PryMe framework to evaluate privacy metrics across application domains, and (iii) propose strong new privacy metrics that work in each application domain.
By proposing a single framework to evaluate privacy metrics in many application domains, we allow research ideas on privacy metrics from different domains to complement each other, which will transform how privacy is measured. To further this transformation, we will release open source code for the PryMe framework to enable other researchers to study different application domains and new privacy metrics. In the long term, this will be relevant to improve privacy-enhancing technologies, and thereby improve privacy for end users.
Privacy measurement is important not only to improve privacy-enhancing technologies, but also to analyse trade-offs between privacy and data utility, or between privacy and security. Better privacy metrics therefore not only improve privacy for end users, but also improve the decision-making in situations when privacy needs to be weighed against utility or security. Better privacy metrics can also help improve the user acceptance of new technologies such as vehicular networks and smart homes by showing that privacy issues have been addressed on a technical level.
One way to show how effective new privacy-enhancing technologies are, i.e. to what extent they are able to protect privacy, is to use privacy metrics to measure the amount of privacy the technologies provide. Even though many privacy metrics have been proposed, there are many studies showing their shortcomings in terms of consistency, reproducibility, and applicability in different application domains. This is an important issue because use of a weak privacy metric can lead to real-world privacy violations if the privacy metric overestimates the amount of privacy provided by a technology.
The proposed research addresses this issue by evaluating the quality of existing privacy metrics, identifying their strengths and weaknesses, and building on this evidence to propose new, much stronger privacy metrics. Our aim is to create novel privacy metrics that measure the effectiveness of privacy-enhancing technologies consistently, reproducibly, and across application domains. To achieve this aim, we will (i) create the modular framework PryMe for the systematic evaluation of privacy metrics, (ii) apply the PryMe framework to evaluate privacy metrics across application domains, and (iii) propose strong new privacy metrics that work in each application domain.
By proposing a single framework to evaluate privacy metrics in many application domains, we allow research ideas on privacy metrics from different domains to complement each other, which will transform how privacy is measured. To further this transformation, we will release open source code for the PryMe framework to enable other researchers to study different application domains and new privacy metrics. In the long term, this will be relevant to improve privacy-enhancing technologies, and thereby improve privacy for end users.
Privacy measurement is important not only to improve privacy-enhancing technologies, but also to analyse trade-offs between privacy and data utility, or between privacy and security. Better privacy metrics therefore not only improve privacy for end users, but also improve the decision-making in situations when privacy needs to be weighed against utility or security. Better privacy metrics can also help improve the user acceptance of new technologies such as vehicular networks and smart homes by showing that privacy issues have been addressed on a technical level.
Planned Impact
This project aims to improve the strength of privacy metrics and thus contributes to the foundations and methods used in privacy research. As such, the research will mainly impact academic beneficiaries, especially in the short term. Academic privacy researchers will benefit from this project because they will be able to apply better privacy metrics to show the effectiveness of new privacy-enhancing technologies and use strong metrics to analyse privacy trade-offs. In addition, privacy researchers will benefit from the open source releases of our PryMe framework because they will be able to study other privacy metrics and application domains.
Because this project analyses privacy metrics in four different domains - vehicular networks, smart metering, social networks, and data publishing - a critical component of this project's impact plan is to ensure that academics working in each of the domains can benefit from the research. These researchers will benefit from the availability of strong privacy metrics that have been shown to work well in their domain. To disseminate our research, our academic publishing strategy includes publication venues in each of the domains, and we will organise tutorials at conferences in each of the domains. In addition, we will publish privacy scorecards that summarise the strongest privacy metrics for each domain.
At present, most privacy-enhancing technologies are developed within academia, and only some of them are implemented by companies or in commercial products. We will use two impact activities (workshops with UK and international researchers) to discuss how privacy measurement, and in particular our privacy scorecard, may contribute to a wider commercial uptake of privacy-enhancing technologies.
Beyond academia, the proposed research has the potential for a much wider impact when improved privacy metrics lead to improved privacy-enhancing technologies, and thus improved privacy for users. In the long term, our research will thus benefit the wider public. We will raise awareness of the benefits of our research through public talks and newspaper articles.
In commercial private sector organisations, the current state of privacy measurement focuses on compliance and return-on-investment metrics. We believe that in the long term, these organisations will benefit from including our strong metrics in their privacy assessments. This use of evidence-based privacy metrics may add a unique selling point for any product with privacy implications because the metrics will demonstrate to customers that privacy issues have been addressed on a technical level. In the long term, our privacy metrics can also become part of a Privacy Risks Management Framework, and thus benefit both public and private sector organisations that apply privacy risk management, for example because they handle personal data. Specifically, we will explore how these benefits may be realized with the organisations in the Cyber Security Centre's advisory board (Airbus Group, BT, Deloitte and Rolls Royce), with a view to applying for joint funding from funders with a more applied remit such as Innovate UK, to support our work towards embedding privacy metrics into privacy risks management frameworks.
Because this project analyses privacy metrics in four different domains - vehicular networks, smart metering, social networks, and data publishing - a critical component of this project's impact plan is to ensure that academics working in each of the domains can benefit from the research. These researchers will benefit from the availability of strong privacy metrics that have been shown to work well in their domain. To disseminate our research, our academic publishing strategy includes publication venues in each of the domains, and we will organise tutorials at conferences in each of the domains. In addition, we will publish privacy scorecards that summarise the strongest privacy metrics for each domain.
At present, most privacy-enhancing technologies are developed within academia, and only some of them are implemented by companies or in commercial products. We will use two impact activities (workshops with UK and international researchers) to discuss how privacy measurement, and in particular our privacy scorecard, may contribute to a wider commercial uptake of privacy-enhancing technologies.
Beyond academia, the proposed research has the potential for a much wider impact when improved privacy metrics lead to improved privacy-enhancing technologies, and thus improved privacy for users. In the long term, our research will thus benefit the wider public. We will raise awareness of the benefits of our research through public talks and newspaper articles.
In commercial private sector organisations, the current state of privacy measurement focuses on compliance and return-on-investment metrics. We believe that in the long term, these organisations will benefit from including our strong metrics in their privacy assessments. This use of evidence-based privacy metrics may add a unique selling point for any product with privacy implications because the metrics will demonstrate to customers that privacy issues have been addressed on a technical level. In the long term, our privacy metrics can also become part of a Privacy Risks Management Framework, and thus benefit both public and private sector organisations that apply privacy risk management, for example because they handle personal data. Specifically, we will explore how these benefits may be realized with the organisations in the Cyber Security Centre's advisory board (Airbus Group, BT, Deloitte and Rolls Royce), with a view to applying for joint funding from funders with a more applied remit such as Innovate UK, to support our work towards embedding privacy metrics into privacy risks management frameworks.
Organisations
People |
ORCID iD |
| Isabel Wagner (Principal Investigator) |
Publications
Ferra F
(2019)
Challenges in assessing privacy impact: Tales from the front lines
in Security and Privacy
Wagner I
(2017)
Measuring Privacy in Vehicular Networks
Zhao Y
(2018)
POSTER
Zhao Y
(2022)
Using Metrics Suites to Improve the Measurement of Privacy in Graphs
in IEEE Transactions on Dependable and Secure Computing
Zhao Y
(2019)
On the Strength of Privacy Metrics for Vehicular Communication
in IEEE Transactions on Mobile Computing
| Description | - Monotonicity, evenness, extent, and shared value range are key criteria to evaluate the strength of privacy metrics (Zhao and Wagner, TMC, 2019). - No single metric dominates across all criteria for vehicular privacy (Zhao and Wagner, TMC, 2019). - Many privacy metrics for graph privacy are not monotonic, i.e. they do not indicate decreasing privacy with increasing adversary strength (Zhao and Wagner, TDSC, 2020). - When privacy metrics are combined into metrics suites using methods from decision support, the monotonicity of privacy measurement increases (Zhao and Wagner, TDSC, 2020). - Privacy professionals' views on data protection impact assessments show gaps in quantification of and communication about privacy risks (Ferra et al., SPY, 2020). |
| Exploitation Route | Research outcomes are relevant for academics working on privacy and privacy-enhancing technologies: they can apply the project's new findings on strong privacy metrics for different application domains. |
| Sectors | Digital/Communication/Information Technologies (including Software) |
| URL | http://research.isabel-wagner.net/research.shtml#pryme |
| Description | The project sparked a very successful series of workshops with privacy professionals (including data protection officers, privacy consultants, and privacy activists). The first workshop (January 2018) was held during the project's runtime. The following workshops (June 2019 and November 2019) were possible through support from De Montfort University. Each workshop was attended by approx. 20 participants. According to participants, the workshop series provides a valuable platform for exchange with other privacy professionals and academics that informs and enhances their professional practice. |
| First Year Of Impact | 2018 |
| Sector | Digital/Communication/Information Technologies (including Software) |
| Impact Types | Societal,Economic,Policy & public services |
| Title | Privacy metrics for graph anonymization and de-anonymization |
| Description | Framework for systematic evaluation of privacy metrics for graph anonymization and de-anonymization. |
| Type Of Technology | Software |
| Year Produced | 2018 |
| Open Source License? | Yes |
| Impact | No usage data available. |
| Description | Cyber Security guest lecture: "Measuring privacy in vehicular networks" |
| Form Of Engagement Activity | A talk or presentation |
| Part Of Official Scheme? | No |
| Geographic Reach | Local |
| Primary Audience | Undergraduate students |
| Results and Impact | 25 undergraduate and postgraduate students studying on cyber security and cyber technology programmes attended a guest lecture on "Measuring privacy in vehicular networks". The lecture closed with a lively Q&A session and students asked for further information on the research. |
| Year(s) Of Engagement Activity | 2018 |
| Description | DMU CyberWednesdays evening lecture |
| Form Of Engagement Activity | A talk or presentation |
| Part Of Official Scheme? | No |
| Geographic Reach | Regional |
| Primary Audience | Public/other audiences |
| Results and Impact | 20 members of the general public attended an evening lecture on privacy self-defense. The audience was very engaged during and after the talk and curious to learn more about the topic. |
| Year(s) Of Engagement Activity | 2017 |
| Description | Talk at Dagstuhl Seminar 18202 Inter-Vehicular Communication Towards Cooperative Driving on "Measuring Privacy in Vehicular Networks" |
| Form Of Engagement Activity | A talk or presentation |
| Part Of Official Scheme? | No |
| Geographic Reach | International |
| Primary Audience | Other audiences |
| Results and Impact | The research on privacy metrics for vehicular communications led to an invitation to the prestigious Dagstuhl seminar with ~30 participants. |
| Year(s) Of Engagement Activity | 2018 |
| URL | http://drops.dagstuhl.de/opus/volltexte/2018/9892/ |