PET Award! (almost)

The PET Award for Outstanding Research in Privacy Enhancing Technologies this year went to two really cool papers on differential privacy. Check out the papers by Cynthia Dwork and Frank McSherry and Kunal Talwar (Microsoft Research).

My coauthors and I feel honored to have two of our papers listed as runners-up for the award! BLAC and PEREA address the topic of accountable anonymity, where users can authenticate to services anonymously, and services can blacklist anonymous users without knowing who they are (there are no trusted parties who can identify users either). Services can  blacklist users for whatever reason, and users don’t care because their privacy is not affected, thus striking a balance between anonymity and accountability.

Phone Phishing

I was particularly tickled by the following User Friendly comic today:

http://ars.userfriendly.org/cartoons/?id=20080612

I have actually received such a call (purportedly) from Sprint, asking me to verify my social security number. When I told the caller that I had no way of knowing whether he worked for Sprint, he was quite dumbfounded. Perhaps he did work for Sprint, I’m not sure, but companies need to stop making such calls. Otherwise, they just train users to get phished. The same argument applies to emails with links that take you to a page with the ability to login.

Moral: Don’t trust the other end with personal information unless you make the phone call yourself.

Sergey Bratus, a colleague, has a nice discussion on this issue and how it translates to behavior in the online world: see the section on “Making the Call” in his recent article [1].

References

[1] Bratus, Sergey; Masone, Chris; Smith, Sean W., “Why Do Street-Smart People Do Stupid Things Online?,” Security & Privacy, IEEE , vol.6, no.3, pp.71-74, May-June 2008.