Computational Privacy: Towards Privacy-Conscientious Uses of Metadata by Yves-Alexandre de Montjoye M.Sc. Ing´enieur civil en math´ematiques appliqu´ees, Universit´e catholique de Louvain M.Sc. Wiskundige Ingenieurstechnieken, Katholieke Universiteit Leuven Ing´enieur des Arts et Manufactures (M.Sc.), Ecole Centrale Paris B.Sc. Ing´enieur Civil, Universit´e catholique de Louvain Submitted to the Program in Media Arts and Sciences, School of Architecture and Planning in partial fulfillment of the requirements for the degree of Doctor of Philosophy at the MASSACHUSETTS INSTITUTE OF TECHNOLOGY September 2015 (cid:13)c Massachusetts Institute of Technology 2015. All rights reserved. Author .............................................................. Program in Media Arts and Sciences, School of Architecture and Planning August 07, 2015 Certified by.......................................................... Prof. Alex “Sandy” Pentland Toshiba Professor of Media Arts and Sciences Thesis Supervisor Accepted by......................................................... Prof. Pattie Maes Academic Head Program in Media Arts and Sciences 2 Computational Privacy: Towards Privacy-Conscientious Uses of Metadata by Yves-Alexandre de Montjoye Submitted to the Program in Media Arts and Sciences, School of Architecture and Planning on August 07, 2015, in partial fulfillment of the requirements for the degree of Doctor of Philosophy Abstract The breadcrumbs left behind by our technologies have the power to fundamentally transform the health and development of societies. Metadata about our whereabouts, social lives, preferences, and finances can be used for good but can also be abused. In this thesis, I show that the richness of today’s datasets have rendered traditional data protections strategies outdated, requiring us to deeply rethink our approach. First, Ishowthattheconceptofanonymization, centraltolegalandtechnicaldata protection frameworks, does not scale. I introduce the concept of unicity to study the risks of re-identification of large-scale metadata datasets given p points. I then use unicity to show that four spatio-temporal points are enough to uniquely identify 95% of people in a mobile phone dataset and 90% of people in a credit card dataset. In both cases, I also show that traditional de-identification strategies such as data generalization are not sufficient to approach anonymity in modern high-dimensional datasets. Second, I argue that the second pillar of data protection, risk assessment, is simi- larly crumbling as data gets richer. I show, for instance, how standard mobile phone data–information on how and when somebody calls or texts–can be used to predict personality traits up to 1.7 times better than random. The risk of inference in big data will render comprehensive risks assessments increasingly difficult and, moving forward, potentially irrelevant as they will require evaluating what can be inferred now, and in the future, from rich data. However, this data has a great potential for good especially in developing coun- tries. While it is highly unlikely that we will ever find a magic bullet or even a one- size-fits-all approach to data protection, there are ways that exist to use metadata in privacy-conscientious ways. I finish this thesis by discussing technical solutions (incl. privacy-through-security ones) which, when combined with legal and regula- tory frameworks, provide a reasonable balance between the imperative of using this data and the legitimate concerns of the individual and society. Thesis Supervisor: Prof. Alex “Sandy” Pentland Title: Toshiba Professor of Media Arts and Sciences 3 4 Acknowledgments First and foremost, my advisor Alex “Sandy” Pentland for pushing me to think fur- ther, to focus on impact, all while always giving me his unconditional support. My committee Gary King and Alessandro Acquisti for their feedback, support, and en- couragements. It has been a fantastic journey and I am looking forward to continue ourcollaboration. C´esarHidalgo,CameronKerry,JakeKendall,LinusBengtsson,La- tanya Sweeney, Julien Hendrickx for everything they taught me about science, policy, and humanitarian affairs. Vincent Blondel, Nathan Eagle, Aaron Clauset, and Luis Bettencourt for giving me the love and deep appreciation for the beauty of research. Joost Bonsen and John Clippinger for always encouraging me to think out of the box. My fellow labbers and collaborators: Coco Krumme, Arek Stopczynski, Brian Sweatt, Laura Radaelli, Luc Rocher, Florent Robic, Erez Shmueli, Sune Lehmann, Iyad Rahwan, Gordon Wetzstein, Christoph Stadtfeld, Scott Greenwald, Eaman Ja- hani, Vivek Singh, Ben Waber, P˚al Sundsøy, Johannes Bjelland, Riley Crane, Jeff Schmitz, Emmanuel Letouz´e, Manuel Cebrian, Bruno Lepri, Oren Lederman, Dhaval Adjodah, Abdullah Almaatouq, Peter Krafft, Alejandro Noriega Campero, and, of course, the irreplaceable Nicole Freedman. Jean, Jean-Benoˆıt, and the Cambridge crew: Thomas, Daan, Joris, Michiel, Maxime, Phebe, Jordi, Martin, Pierre, Emilia, and Lisa. Final acknowledgments go to my family: my parents Yves and Carol, my sisters Laurence and St´ephanie, my brother-in-law Julien, and the little Rapha¨el. 5 6 Computational Privacy: Towards Privacy-Conscientious Uses of Metadata by Yves-Alexandre de Montjoye This doctoral thesis has been examined by a Committee as follows: Professor Alex “Sandy” Pentland .................................... Thesis Supervisor Toshiba Professor of Media Arts and Sciences Massachusetts Institute of Technology 8 Computational Privacy: Towards Privacy-Conscientious Uses of Metadata by Yves-Alexandre de Montjoye This doctoral thesis has been examined by a Committee as follows: Professor Gary King................................................. Member, Thesis Committee Albert J. Weatherhead III University Professor Harvard University 10