| Abstract (2008) | |||||||||||||||
Abstract | |||||||||||||||
| We describe the design and implementation of a system for conducting surveys while hiding the information provided by the respondents. We use the CRA Taulbee Survey of faculty salaries in computer science departments as a concrete example in which there are real privacy concerns but in which participation is too large and uncoordinated for direct application of known secure multiparty function evaluation protocols. Our system extends earlier work considering privacy in auctions. We adopt the approach of designating a small number of parties to do the main secure computation, but we go farther in addressing the reality of haphazard input arrival, and possible non-arrival, so that “the function,” in the usual sense, is not known until it is decided at some point to cease collecting inputs, at which point the participants at large—humans and machines—cannot be expected to be available for any interaction. A major impediment to acceptance of secure-function-evaluation technology in practice is the fundamental incompatibility of privacy preservation without trusted parties with “sanity checking ” of inputs. For the CRA Taulbee Survey, we show that a reasonable partial remedy is possible. 1 Surveys and Privacy The term survey can reasonably and usefully be taken to be quite general, subsuming referenda, elections | |||||||||||||||
Publication details | |||||||||||||||
| |||||||||||||||