Privacy Firewall: Mitigating Data Overaccess in Commonly-used Applications

Lead Student Presenter(s)

David Hwang

Abstract or Description

When a user gives access to their data from another service, a major concern is data over-access. Developers of services likely do not need all of the data being transferred from providers like Google or Microsoft. I am presenting a first-of-its-kind privacy firewall that minimizes users' personal data egress. In contrast to a conventional network firewall, which allows or denies a traffic request, our privacy firewall pre-processes users' data to prevent unnecessary privacy risks. For example, meeting scheduling tools (e.g., Doodle) interested in learning whether a user is available, only need to request the time availability blocks. Here, a privacy firewall can remove unnecessary details, such as the title, description, and participants of calendar events.

These privacy firewalls are implemented as a locally-hosted OAuth server. Privacy advocates (e.g., Consumer Reports) and tech-savvy users can create many data pre-processing policies for different services and contribute them to a public repository. Users can load these policies onto their local servers for use, which then apply the policies in a data preprocessing step before sending it to third-party services.

Mentor

Swarun Kumar