Minimising Collateral Damage

Abstract

Investigators often define invasion of privacy as collateral damage. Inquiries that require gathering data from third parties, such as banks, Internet Service Providers (ISPs) or employers are likely to impact the relationship between the data subject and the data controller. In this research a novel privacy-preserving approach to mitigate collateral damage during the acquisition process is presented. This approach is based on existing Private Information Retrieval (PIR) protocols, which cannot be employed in an investigative context. This paper provides analysis of the investigative data acquisition process and proposes three modifications that can enable existing PIR protocols to perform investigative enquiries on large databases, including communication traffic databases maintained by ISPs. IDAP is an efficient Symmetric PIR (SPIR) protocol optimised for the purpose of facilitating public authorities’ enquiries for evidence. It introduces a semi-trusted proxy into the PIR process in order to gain the acceptance of the general public. In addition, the dilution factor is defined as the level of anonymity required in a given investigation. This factor allows investigators to restrict the number of records processed, and therefore, minimise the processing time, while maintaining an appropriate level of privacy.