Share on Facebook Tweet on Twitter Share on LinkedIn Share by email
Data Collection With Self-Enforcing Privacy

Philippe Golle, Frank McSherry, and Ilya Mironov


Consider a pollster who wishes to collect private, sensitive data from a number of distrustful individuals. How might the pollster convince the respondents that it is trustworthy? Alternately, what mechanism could the respondents insist upon to ensure that mismanagement of their data is detectable and publicly demonstrable?

We detail this problem, and provide simple data submission protocols with the properties that a) leakage of private data by the pollster results in evidence of the transgression and b) the evidence cannot be fabricated without breaking cryptographic assumptions. With such guarantees, a responsible pollster could post a “privacy-bond”, forfeited to anyone who can provide evidence of leakage. The respondents are assured that appropriate penalties are applied to a leaky pollster, while the protection from spurious indictment ensures that any honest pollster has no disincentive to participate in such a scheme.


Publication typeInproceedings
Published inACM Conference on Computer and Communications Security (CCS 2006)

Newer versions

Philippe Golle, Frank McSherry, and Ilya Mironov. Data Collection with Self-Enforcing Privacy, ACM Trans. Inf. Syst. Secur., ACM, December 2008.

> Publications > Data Collection With Self-Enforcing Privacy