Privacy preservation by Czeskis and Appelbaum @USEC’12

High Stakes: Designing a Privacy Preserving Registry by Alexei Czeskis and Jacob Appelbaum, both from  University of Washington

This paper describes designing a privacy preserving medical marijuana registry. The authors describe some technical and social challenges in building medical registries, identify a new class of registries they call “unidirectional, non-identifiying”. They then proceed by suggesting a design for a marijuana registry based on these principles that in their view is more privacy preserving than current solutions.

Why marijuana? This sound illegal in most parts of the world. Here, marijuana is aimed to be used for medical purposes only – it gives some remedy or eases the pains of some patients, e.g. cancer patients. However, the medical treatment with marijuana is also illegal to the most. Prescribing and using marijuana for medical purposes is thus definitely a situation where privacy becomes an issue – big time.

The authors’ solution is, in a way, simple. Their proposed registry design does not store any personally identifiable information – either in digest or encrypted form. Instead, limited information is delegated out to proof-tokens, which are given to enrollees (people enrolled in the registry), in this case, for marijuana for medical treatment. Enrollees can use the proof-token to prove their enrollment in the registry. Additionally, because it is impossible to indentify enrollees by having access to the registry, enrollees can deny that they’re enrolled by hiding or destroying the proof-token.

For technical details and a detailed story, please go ahead and download the paper from the workshop website. Considering the paper from the perspective of usable security, it clearly targets an important question within this field: how to preserve the privacy of users of an otherwise illegal substance legally for medical purposes, but however where the usage could be falsely interpreted as illegal, and tarnish the reputation of the user and lead to serious consequences. Remaining anonymous and preserving one’s privacy clearly are usable security problems.

The paper was presented jointly by the two authors, Czeskis and Appelbaum, which worked well and ended up in a lively presentation. Little did I realise before googling that one of the authors is in fact quite a celebrity: Jacob Appelbaum is not only a security researcher at the University of Washington, but also a hacker and Tor developer, among other things. No wonder he’d met with some pretty high-profile people such as F-Secure’s Mikko Hyppönen, whom I can only still dream of meeting, though I’ve worked with F-Secure for years already! 🙂 (This came out when we were discussing their paper after their presentation and he learnt I’m from Finland.)