Security and Privacy Applied Research Lab

Inferring Sensitive Information from Public Data

Alessandro Acquisti
Carnegie Mellon, H. John Heinz III School of Public Policy and Management


I will present results from a study of privacy risks associated with information sharing in online social networks. Online social networks such as Friendster, MySpace, or the Facebook have experienced exponential growth in membership in recent years. They are no longer niche phenomena: millions use them for communicating, networking, or dating. These networks are successful examples of computer-mediated social interaction. However, they also raise novel privacy concerns, which our research aims at quantifying. In this study, we evaluate the risks that information publicly provided may be used to gather additional and potentially more sensitive data about an individual, exploiting the online profile as a 'breeding' document. Specifically, we consider ways in which knowledge of an individual's personal information (PI) can lead to the estimation of sensitive and unavailable personal identifying information (PII); and ways in which identified or identifiable data can lead to the re-identification of otherwise pseudonymous data.

Joint with Ralph Gross.


Alessandro Acquisti is an Assistant Professor of Information Technology and Public Policy at the H. John Heinz III School of Public Policy and Management at Carnegie Mellon University. He is also a member of the CMU Usable Privacy and Security Laboratory, a member of CMU Privacy Technology Center, and a member of CMU Cylab. Prior to joining CMU Faculty, he researched with the Internet Ecologies group at the Xerox PARC labs in Palo Alto (as intern); with the Human-Centered Computing group at RIACS, NASA Ames Research Center (as visiting student); and at SIMS, UC Berkeley, where he received a Master and a Ph.D. in Information Systems in 2001 and 2003. He received a Master in Economics from Trinity College, Dublin, in 1999; and a Master in Econometrics and Mathematical Economics from the London School of Economics also in 1999. Alessandro received the PET Award for Outstanding Research in Privacy Enhancing Technologies and the IBM Best Academic Privacy Faculty Award in 2005, and chaired the DIMACS Workshop on Information Security Economics and the WEIS Workshop on the Economics of Information Security in 2007. He has co-edited the book: "Digital Privacy: Theory, Technologies, and Practices" (2008, Auerbach).