Abstract
We describe the design and implementation of a system for conducting surveys while hiding the
information provided by the respondents. We use the CRA Taulbee Survey of faculty salaries in computer
science departments as a concrete example in which there are real privacy concerns but in which
participation is too large and uncoordinated for direct application of known secure multiparty function
evaluation protocols. Our system extends earlier work considering privacy in auctions. We adopt
the approach of designating a small number of parties to do the main secure computation, but we go
farther in addressing the reality of haphazard input arrival, and possible non-arrival, so that “the function,”
in the usual sense, is not known until it is decided at some point to cease collecting inputs, at
which point the participants at large—humans and machines—cannot be expected to be available for
any interaction.
A major impediment to acceptance of secure-function-evaluation technology in practice is the fundamental
incompatibility of privacy preservation without trusted parties with “sanity checking” of
inputs. For the CRA Taulbee Survey, we show that a reasonable partial remedy is possible.
Original language | American English |
---|---|
Title of host publication | EU Workshop on Secure Multiparty Protocols |
State | Published - 2004 |
Bibliographical note
HP Labs;
Place of conference:Amsterdam, The Netherlands