Tell us about the PhD in efficient cryptographic protocols for privacy protection that you are pursuing.
Maria Dubovitskaya: The majority of electronic transactions involve querying databases such as when buying goods online, buying media content, or retrieving medical records. Strict access controls are required in order to perform secure operations on sensitive data. At the same time, more and more users want to minimize the amount of information the service provider can glean from a transaction. For example?
MD: Take the pharmaceutical industry. A pharma company's database search queries can divulge a lot of information about its research strategy and future product plans. Likewise, businesses have a strong interest in keeping their patent queries hidden because such records can easily reveal a company's sensitive business strategies.
You mentioned the healthcare sector. Tell us more about its need for data security.
MD: A hospital database contains patient medical records. Controls need to be in place that allow only relevant medical personnel access to a patient's record. Given the frequent changes in medical staff at hospitals, a role-based or attribute-based approach supporting revocation of users is an obvious solution.
What people may not realize is that the mere query pattern for a particular record may reveal considerable information about, say, the seriousness of a patient's condition or the phase of the treatment. Even the access control policy in itself can divulge sensitive information about a patient's illness, just by containing a list of his or her treating specialists.
What about trendy new mobile apps that reveal the user’s location?
MD: These are nothing but vast databases with records indexed by their location. So, for example, people looking for a nearby restaurant currently have no choice but to reveal their location to the service provider. More and more people find this an objectionable invasion of privacy.
What solution do cryptographers envision?
MD: We are addressing the need efficient protocols that provide oblivious and anonymous access to a database, while preserving expressive — and, possibly, hidden — access control, and supporting revocation of users and payments.
What motivated you personally to work in cryptography?
MD: It's an exciting application of mathematics because it solves timely problems. There are so many uses — including secure e-banking or e-payments, in fact any secure transaction over the Internet — that wouldn’t be feasible without cryptography.
And it’s more than that; it's a very powerful instrument. For example, let’s say you need to prove that you have a driver’s license in order to perform a certain Internet transaction. Cryptography allows you to do that, but without revealing your exact date of birth or other irrelevant personal data — at IBM, we're working on a solution called Identity Mixer that does this.
Maria Dubovitskaya's Change Agent Award acceptance speech.
As a female scientist, have you encountered any obstacles along the way?
MD: Not at IBM I haven’t. IBM really lives its diversity policy and I feel that I’m challenged just as much as my male colleagues. I’m neither coddled nor discriminated against. Unfortunately this isn’t the case everywhere.
At my university in Russia, there were only some six or seven women in my class of about 90 students. That’s why I am so active in student outreach programs, especially for young women.
How can we build well-balanced teams if so many girls drop out of technical career tracks either right after high school, or university, or even after working for a few years?
MD: My outreach activities and especially winning the Anita Borg Change Agent Award has given me additional incentive to mentor girls and support them from school age through senior career stages.
These programs encourage curiosity to pursue a career in technical fields and give girls an opportunity to make a fully informed choice of career prospects. This includes building up their confidence and fostering their ability to face up to the challenges. It's very rewarding, but also a lot of responsibility.
MD: At first I was a bit skeptical about a women-only conference. I’ve learned that many technical women in the US and India welcome this format, but Europeans have been less than enthusiastic. But it turned out to be an excellent and very useful event. More than 3,600 women and girls attended!
The tracks and workshops included career development and various technical tracks. In fact, security and social networks were two of the main technical topics. Talks were given by the best and most senior women in the field. It was a great opportunity for networking, and included an extensive job fair. All the top IT companies — including IBM, of course — were there evaluating resumes and conducting interviews. It really made a believer out of me.
What advice would you give to young women interested in pursing a career in research and technology?
MD: Let me emphasize that I would give the following advice not just to women, but to young people in general: Believe in yourself and pursue what you are curious and passionate about. Be professional and work hard. This will give you the confidence you need to succeed.
In addition, be persistent: Don't give up if something doesn't work out.