analysis technique that has found applications in various areas. In this paper, we study some multivariate statistical analysis methods in Secure 2-party Computation (S2C) framework illustrated by the following scenario: two parties, each having a secret data set, want to conduct the statistical analysis on their joint data, but neither party is willing to disclose its private data to the other party or any third party. The current statistical analysis techniques cannot be used directly to support this kind of computation because they require all parties to send the necessary data to a central place. In this paper, We define two Secure 2-party multivariate statistical analysis problems: Secure 2-party Multivariate Linear Regression problem and Secure 2-party Multivariate Classification problem. We have developed a practical security model, based on which we have developed a number of building blocks for solving these two problems.

Abstract. Consumer studies demonstrate that online users value personalized content. At the same time, providing personalization on websites seems quite profitable for web vendors. This win-win situation is however marred by privacy concerns since personalizing people's interaction entails gathering considerable amounts of data about them. As numerous recent surveys have consistently demonstrated, computer users are very concerned about their privacy on the Internet. Moreover, the collection of personal data is also subject to legal regulations in many countries and states. Both user concerns and privacy regulations impact frequently used personalization methods. This article analyzes the tension between personalization and privacy, and presents approaches to reconcile the both. It has been tacitly acknowledged for many years that personalized interaction and user modeling have significant privacy implications, due to the fact that large amounts of personal information about users needs to be collected to perform personalization. For

To appear in Constantinos Mourlas and Panagiotis Germanakos, eds.: Intelligent User Interfaces:

Collaborative Filtering (CF) is a powerful technique for generating personalized predictions. CF systems are typically based on a central storage of user profiles used for generating the recommendations. However, such centralized storage introduces a severe privacy breach, since the profiles may be accessed for purposes, possibly malicious, not related to the recommendation process. Recent researches proposed to protect the privacy of CF by distributing the profiles between multiple repositories and exchange only a subset of the profile data, which is useful for the recommendation. This work investigates how a decentralized distributed storage of user profiles combined with data modification techniques may mitigate some privacy issues. Results of experimental evaluation show that parts of the user profiles can be modified without hampering the accuracy of CF predictions. The experiments also indicate which parts of the user profiles are most useful for generating accurate CF predictions, while their exposure still keeps the essential privacy of the users.

Abstract. Collaborative filtering (CF) systems are receiving increasing attention. Data collected from users is needed for CF; however, many users do not feel comfortable to disclose data due to privacy risks. They sometimes refuse to provide information or might decide to give false data. By introducing privacy measures, it is more likely to increase users’ confidence to contribute their data and to provide more truthful data. In this paper, we investigate achieving referrals using item-based algorithms on binary ratings without greatly exposing users ’ privacy. We propose to use randomized response techniques (RRT) to perturb users ’ data. We conduct experiments to evaluate the accuracy of our scheme and to show how different parameters affect our results using real data sets. 1

With the evolution of the Internet and e-commerce, collaborative filtering (CF) and privacy-preserving collaborative filtering (PPCF) have become popular. The goal in CF is to generate predictions with decent accuracy, efficiently. The main issue in PPCF, however, is achieving such a goal while preserving users’ privacy. Many implementations of CF and PPCF techniques proposed so far are centralized. In centralized systems, data is collected and stored by a central server for CF purposes. Centralized storage poses several hazards to users because the central server controls users ’ data. In this work, we investigate how to produce naïve Bayesian classifier (NBC)-based recommendations while preserving users ’ privacy without using a central server. In a community of people, users might create a peer-to-peer (P2P) network. Through P2P network, users can communicate with each other and exchange data to produce predictions. We share the workload of prediction process and offer referrals efficiently using P2P network. We propose privacy-preserving schemes and analyze them in terms of accuracy, privacy, and efficiency. Our real data-based results show that our schemes offer accurate NBC-based predictions with privacy eliminating central server.

Collaborative Filtering (CF) is an attractive and reliable recommendation technique. CF is typically implemented using a centralized storage of user profiles and this is a severe privacy danger, since an attack to this central repository can endanger the quality of the recommendations and result in a leak of personal data. This work investigates how a decentralized distributed storage of user profiles combined with data obfuscation techniques can mitigate the above dangers. In an experimental evaluation we initially show that relatively large parts of the profiles can be obfuscated with a minimal increase of Mean Average Error (MAE). This contradictory result motivates further experiments where we measured the increase in prediction error in two cases: a) when a more complex prediction task is considered, i.e., a data set containing more diverse (extreme) rating values; b) when only ratings with specific values are obfuscated. The results of these experiments clarify the roles of various rating values and will help to better implement an effective obfuscation policy.

www.isr.uci.edu/tech-reports.html Making Decisions about Privacy:

Recommender systems increasingly use contextual and demographical data as a basis for recommendations. Users however often feel uncomfortable providing such information. In a privacy-minded design of recommenders, users are free to decide for themselves what data they want to disclose about themselves. However, this decision is often complex and burdensome, because the consequences of disclosing personal information are uncertain or even unknown. Although a number of researchers have tried to analyze and facilitate such information disclosure decisions, their research results are fragmented and often do not hold up well across studies. This paper describes a unified approach to privacy decision research that describes the cognitive processes involved in users ’ “privacy calculus ” in terms of system-related perceptions and experiences that act as mediating factors to information disclosure. The approach is applied in an online experiment with 493 participants using a mock-up of a context-aware recommender system. Analyzing the results with a structural linear model, we demonstrate that personal privacy concerns and disclosure justification messages affect the perception of and experience with a system, which in turn drive information disclosure decisions. Overall, disclosure justification messages do not increase disclosure. Although they are perceived to be valuable, they decrease users ’ trust and satisfaction. Another result is that manipulating the order of the requests increases the disclosure of items requested early, but decreases the disclosure of items requested later.