Skip to main content
SpringerLink
Log in
Book cover

International Conference on Financial Cryptography and Data Security

FC 2012: Financial Cryptography and Data Security pp 27–43Cite as

High Stakes: Designing a Privacy Preserving Registry

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7398))

Abstract

This paper details our experience designing a privacy preserving medical marijuana registry. In this paper, we make four key contributions. First, through direct and indirect interaction with multiple stakeholders like the ACLU of Washington, law enforcement, the Cannabis Defense Coalition, state legislators, lawyers, and many others, we describe a number of intersting technical and socially-imposed challenges for building medical registries. Second, we identify a new class of registries called unidirectional, non-identifying (UDNI) registries. Third, we use the UDNI concept to propose holistic design for a medical marijuana registry that leverages elements of a central database, but physically distributes proof-of-enrollment capability to persons enrolled in the registry. This design meets all of our goals and stands up in the face of a tough threat model. Finally, we detail our experience in transforming a technical design into an actual legislative bill.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   49.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. RCW 69.51A.010, Section 4, http://apps.leg.wa.gov/rcw/default.aspx?cite=69.51A.010

  2. The Tor Browser Bundle, https://www.torproject.org/projects/torbrowser.html

  3. WA Senate Bill 5073, http://apps.leg.wa.gov/documents/billdocs/2011-12/Pdf/Bills/Session%20Law%202011/5073-S2.SL.pdf

  4. Hands off Washington Patients (2011), http://cdc.coop/registry

  5. ACLU of Washington. Medical marijuana patient records are private, court rules (2007), http://bit.ly/lPODeY

  6. Auckland Stuff.co.nz. Staff pry into files of celebrity patients (2009), http://www.stuff.co.nz/auckland/local-news/130205

  7. Ornstein, C.: Fawcett’s cancer file breached (2008), http://articles.latimes.com/2008/apr/03/local/me-farrah3

  8. Dingledine, R., Mathewson, N., Syverson, P.: Tor: The second-generation onion router. In: Proceedings of the 13th USENIX Security Symposium (August 2004)

    Google Scholar 

  9. Dwork, C.: Differential Privacy. In: Bugliesi, M., Preneel, B., Sassone, V., Wegener, I. (eds.) ICALP 2006. LNCS, vol. 4052, pp. 1–12. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  10. Dwork, C.: Differential Privacy: A Survey of Results. In: Agrawal, M., Du, D.-Z., Duan, Z., Li, A. (eds.) TAMC 2008. LNCS, vol. 4978, pp. 1–19. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  11. EFF. Aol’s data valdez violates users’ privacy, https://www.eff.org/deeplinks/2006/08/aols-data-valdez-violates-users-privacy

  12. Essig, C.: Illinois makes millions selling personal information (2010), http://www.thesouthern.com/news/article_0a5fd6a0-4b6b-11df-a353-001cc4c03286.html

  13. Estus, J., Monies, P., Off, G.: State profits from residents’ data (2010), http://www.tulsaworld.com/news/article.aspx?subjectid=11&articleid=20100404_11_A1_Thesta994848

  14. Halderman, J.A., Schoen, S., Heninger, N., Clarkson, W., Paul, W., Calandrino, J., Feldman, A., Appelbaum, J., Felten, E.: Lest we remember: Cold boot attacks on encryption keys. In: Van Oorschot, P. (ed.) Proceedings of the 17th USENIX Security Symposium, pp. 45–60. USENIX (July 2008)

    Google Scholar 

  15. Li, N., Li, T., Venkatasubramanian, S.: t-Closeness: Privacy Beyond k-Anonymity and l-Diversity. In: International Conference on Data Engineering (2007)

    Google Scholar 

  16. Marijuana Policy Project. Grid: A comparison of key aspects of state medical marijuana laws (2011), http://www.mpp.org/assets/pdfs/library/MMJGrid15StatesMarch2011.pdf

  17. National Cancer Institute. Marijuana Use in Supportive Care for Cancer Patients (2010), http://www.cancer.gov/cancertopics/factsheet/support/marijuana

  18. Percival, C.: Stronger key derivation via sequential memory-hard functions, http://www.tarsnap.com/scrypt.html

  19. Sweeney, L.: k-anonymity: a model for protecting privacy. Int. J. Uncertain. Fuzziness Knowl.-Based Syst. 10, 557–570 (2002)

    Article  MathSciNet  MATH  Google Scholar 

  20. Wilcox-O’Hearn, Z.: (2003), http://en.wikipedia.org/wiki/Zooko's_triangle

  21. WLWT News 5. IRS Worker Admits Snooping In Celebrities’ Files (2008), http://www.wlwt.com/news/17015370/detail.html

Download references

Author information

Authors and Affiliations

  1. University of Washington, Seattle, WA, USA

    Alexei Czeskis & Jacob Appelbaum

Authors
  1. Alexei Czeskis
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jacob Appelbaum
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. USC Information Sciences Institute, 4676 Admiralty Way, Suite 1001, 90292, Marina del Rey, CA, USA

    Jim Blyth

  2. Department of Computer Science, Stevens Institute of Technology, Castle Point on Hudson, 07030, Hoboken, NJ, USA

    Sven Dietrich

  3. Indiana University, 414 E First St, 47401, Bloomington, IN, USA

    L. Jean Camp

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Czeskis, A., Appelbaum, J. (2012). High Stakes: Designing a Privacy Preserving Registry. In: Blyth, J., Dietrich, S., Camp, L.J. (eds) Financial Cryptography and Data Security. FC 2012. Lecture Notes in Computer Science, vol 7398. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-34638-5_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-34638-5_3

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-34637-8

  • Online ISBN: 978-3-642-34638-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation