Problem Statement: Given a need to report on client-level service utilization across disparate data holders, construct a method for learning individual utilization patterns while guaranteeing the anonymity of those served.
Description: Dr. Sweeney's PrivaMix algorithm offers a solution. PrivaMix is a real-time secure multiparty computation for knowing where people have been without knowing who they are. The traditional approach uses a trusted third party. PrivaMix allows the data holders to jointly perform longitudinal linking and de-duplication to produce a de-identified linked dataset without a trusted third party. A key characteristic of the PrivaMix approach is that made-up identifiers are generated inconsistently across data holders. A client has one made-up identifier at one data holder site and other made-up identifiers at other data holder sites. Inconsistently assigning made-up identifiers across data holders thwarts dictionary attacks. A key scientific contribution is the creation of a commutative one-way function that operates in the PrivaMix setting to relate these made-up identifiers. Literature in the theory community contained many references to the existence of such functions and some academic protocols in the data mining community used RSA, but RSA is not generally commutative. However, the cryptography involved is well-proven.
Scientific Influence and Impact: Even though PrivaMix work is very recent, the U.S. Department of Housing and Urban Development (HUD) had my functions evaluated by independent security and cryptographic experts, who confirmed their correctness and applicability. The PrivaMix system was built and worked flawlessly in real-world HUD experiments in Iowa. Dr. Sweeney's current work involves porting PrivaMix to healthcare, so that a group of hospitals can constructed linked patient records with patient anonymity. This may play an important role in privacy discussions for the new health information infrastructure.
Other Achievements: 12