New technologies give rise to new privacy concerns. Warren and Brandeis's 1890 seminal paper, ''The Right to Privacy,'' was written after photographic and printing technologies made it easier to share and spread images and text in public. Skipping ahead a century, with the explosion of and rapid use of information and communication technologies, privacy is getting heightened attention by policymakers and the public. More and more personal information about us is available online. It is by our choice that we give our credit card numbers to online retailers for the convenience of online shopping. Companies like Google, Yahoo! and Microsoft track our search queries to personalize the ads we see alongside the response to a query. With cloud computing, we further entrust in third parties the storage and management of private information in places unknown to us. With increasing pervasiveness of sensors monitoring our public spaces, physical infrastructure, energy usage, and health, we trade privacy off for security, safety, sustainability, and well being. With mobile phones, humans are merely mobile nodes in dynamic, active sensor nets. We are making it easier for others to find out about our personal habits, tastes, and history. In some cases it is deliberate. The rise of social networks like Facebook, online community sites like Flickr, and communication tools like Twitter raises new questions about privacy, as people willingly give up some privacy to enhance social relationships or to share information easily with friends.
At the same time, cyberattacks have increased in number and sophistication, making it more likely that, unintentionally or not, personal information will fall into the wrong hands. Current, ad-hoc methods of preserving privacy have led to well-publicized failures, e.g., discovering personally identifiable information from Netflix data, query logs, medical records, voter registration data, and census data. The ease with which attackers can combine disparate information sources, some publicly available, exacerbate the weaknesses in these methods.
A growing number of national studies and reports (many published in 2010 alone), authored by the National Academies (NRC03, NRC07, NRC08, NRC10), the Federal Trade Commission (FTC10), the Department of Commerce (IPTF10), and the President's Council of Advisors on Science and Technology (PCAST10), and one of the 14 National Academy of Engineering's 2008 Grand Challenges on Secure Cyberspace (NAE08), call for the science and engineering community and policy experts to work together on privacy, especially as new technology raises new privacy concerns. I believe it is high time for the computer science community to answer this call.
It is our responsibility as scientists and engineers to understand what can or cannot be done from a technical point of view on privacy: what is provably possible or impossible and what is practically possible or impossible. Otherwise, society may end up in a situation where the privacy regulations put into place are technically infeasible to meet. In some cases, a policy decision is needed because there is no technical solution, or none that is practical or scalable. More positively, sometimes the right policy can make a specific technology more effective.
New privacy concerns also raise new exciting opportunities for technology to help. Differential privacy is a theoretical starting point for privacy for statistical databases. Fully homomorphic encryption is a theoretical starting point for privacy in the cloud. We need more of these kinds of theoretical advances to lay the foundations of a science and engineering for privacy. And then we need to build practical and usable systems based on these foundations.
I would like to thank my graduate student, Michael Tschantz, who co-authored a paper from which much of this text derives, and my colleagues at Carnegie Mellon for further refining my thinking about this call to arms.