,
The continuous evolution and pervasive application of communication technology, network technology, and computing technology have boosted interconnection of everything and ubiquitous sharing of information. With the continuous emergence of new information services, user data is frequently exchanged across systems, ecologies, and countries. User data contains a large amount of personal privacy information, which is retained intentionally or unintentionally in different information systems. At the same time, the data protection capabilities and protection strategies of each information system are very different, which leads to cask principle and a dramatic increase in the risk of privacy leakage. Protection of personal information and the governance of privacy abuse have become a worldwide problem.
Privacy preservation has received more and more attention from the society and extensive academic research, privacy preservation technologies for different scenarios are also emerging in spurts, and there are still many misunderstandings and confusion about the concept of privacy preservation. In particular, data security and privacy preservation are easily confused. This chapter will explain the connection and difference between user data, personal information, and privacy information, clarify the difference between data protection, privacy protection, and privacy desensitization, and point out the threats and technical challenges faced by privacy preservation.
F. Li (✉) · B. Niu
Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China e-mail: lifenghua@iie.ac.cn; niuben@iie.ac.cn
H. Li
School of Cyber Engineering, Xidian University, Xian, Shaanxi, China e-mail: lihui@mail.xidian.edu.cn
© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2024 F. Li et al., Privacy Computing, https://doi.org/10.1007/978-981-99-4943-4_1
1.1 User Data, Personal Information, and Privacy Information
Privacy preservation should cover the full life cycle protection of privacy information. If we want the whole society to pay high attention to privacy preservation and put it into practice, the connotation of personal information and privacy information should be clarified, as well as the connection and difference between user data, personal information, and privacy information.
1.1.1 User Data
Data usually refers to a sequence of one or more symbols. Data can be observed, collected, processed, and analyzed, and through interpretation and analysis, data becomes information. From the perspective of information theory, data is the carrier of information. Data can be organized into many different types or data structures, such as lists, graphs, and objects. Data also has multiple modalities, such as numbers, text, images, video, and speech. Multimodal data can be exchanged across borders, systems, and ecosystems in a ubiquitous network environment.
User data can be data related to individuals, as well as related to businesses, organizations, objects, environments, and the like. In the era of the intelligent interconnection of everything and ubiquitous sharing of information, data has become a strategic resource, which is crucial to the interests and security of individuals, enterprises, society, and even the country.
1.1.2 Personal Information
As defined in the “Civil Code of the People’s Republic” of China, personal information is all kinds of information recorded electronically or in other ways that can identify a speci fic natural person alone or in combination with other information, including the natural person’s name, date of birth, identification (ID) number, biometric information, address, phone number, email, health information, whereabouts information, etc.
In Europe and North America, personal information mostly refers to personal data or Personally Identifiable Information (PII). Personal data is defined in the European Union’s General Data Protection Regulation (GDPR) [1] as any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors speci fic to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
Table 1.1 Classification of personal information by the US Federal Trade Commission
Data elements
Identification data
Sensitive identification data
Demographic data
Court and public record data
Social media and technology data
Home and neighborhood data
General interest data
Financial data
Vehicle data
Travel data
Purchase behavior data
Health data
Data segments
Name, address(including latitude and longitude information), etc. 15 items
Social security number, driver ’s license number, etc. 5 items
Age, height, gender, religion, language etc. 29 items
Bankruptcy information, criminal information, judgments, etc. 7 items
Electronics purchases, friend connections, internet connection type, internet provider, social media and internet accounts, etc. 18 items
Census tract data, dwelling type, heating and cooling, home equity, move date, etc.24 items
Apparel preferences, preferred sports, favorite stars, political inclinations, etc. 43 items
Purchasing power, credit history, loan information, disposable income, etc. 21 items
Brand preference, vehicle identification code, preferred model, etc. 14 items
Last travel time, preferred destination, preferred airline, etc. 9 items
Purchase types, purchase channels, holiday gifts, and clothing sizes purchased, etc. 29 items
Search tendency for illnesses and medicines, smoking status, allergy information, etc. 15 items
The term PII is generally adopted by the United States. The U.S. Federal Trade Commission categorizes data related to natural persons, and divides personal information into 12 categories and 221 attribute fields. See Table 1.1 for speci fic categories [2].
Data records of personal information contain different fields, which can be divided into explicit identifiers, quasi-identifiers, sensitive attributes, and non-sensitive attributes. Explicit identifiers are sets of attributes that can clearly identify the identity of the record subject, including names, social security numbers, phone numbers, ID numbers, and other information. A quasi-identi fier is a collection of attributes that, when combined, can potentially identify the subject of a record, including information such as age, gender, zip code, and more. Sensitive attributes contain sensitive individual-specific information such as illness and salary. Note that the non-sensitive properties are all other properties that are not in the above three categories and the sets of these four types of fields are disjoint.
In the process of information service, personal information may exist explicitly in structured records, such as medical records in hospitals, student registration information in schools, household registration information in government departments, and vehicle and driver information in traf fic management departments. It may also exist in unstructured data such as Twitter, Moments, and pictures shared by many social networks. Identifying, measuring, and protecting users’ privacy information for different types of data records is an extremely complex and challenging problem.
1.1.3 Privacy Information
The “Civil Code of the People’s Republic of China” defines privacy as the tranquility of the private life of a natural person and the private space, private activities and private information that no one else should know about. Privacy information refers to sensitive information in personal information, which is a collection of identifiers, quasi-identi fiers, and sensitive attributes in personal information records. Privacy reflects the relationship between identifiers, quasi-identifiers, and sensitive attributes.
Privacy information is not static, and they have two typical characteristics: relative stability in a certain period of time and space-time dynamics. The dynamism means that privacy information usually changes with the changes of subjective preferences of natural persons, time, and scene. For example, some people are willing to publish text, photos, and other information that reflect their personal preferences on social networks, thinking that these are not privacy information, so the dynamic nature of privacy information is also subjective. Spatiotemporal dynamics bring greater technical challenges to privacy preservation.
1.2 Privacy Protection and Privacy Desensitization
To promote theoretical and technical research on privacy preservation, it is necessary to clarify the connection and distinction between traditional data security and privacy protection. Data security refers to ensuring the confidentiality, integrity, non-repudiation, and availability of data, mostly using technologies such as cryptography and access control. Data security technology ensures that the protected data is recoverable, that is, the information is lossless. User data contains privacy information, so data security techniques can naturally be applied to privacy protection. This book classifies such techniques as privacy protection. On the other hand, privacy preservation should make privacy information partially available in a ubiquitous interconnected environment while being protected. It is essential to achieve a balance between the strength of desensitization and the usability of information, which is the core connotation of privacy preservation, and also the new theory and technology needed for privacy preservation.
This book divides privacy preservation technologies into two categories: privacy protection and privacy desensitization. The privacy information protected by privacy protection technology is undistorted and reversible; the privacy information protected by privacy desensitization technology is distorted and irreversible. The evolution process of privacy preservation technology is shown in Fig. 1.1.
In 1982, Yao first proposed the secure bipartite computing protocol; Subsequently, Goldreich proposed a secure multi-party computing protocol
In 1978, Rivest, Adleman and Dertouzos found that RSA has some homomorphic characteristics and proposed the concept of homomorphic encryption; In 2009, Gentry constructed the first fully homomorphic encryption scheme
In 1998, Samarati and Sweeney proposed k-anonymity
In 2006, Machanavaijhala proposed l-diversity
In 2002, Rakesh et al. proposed an access control model for privacy preservation
In 2007, Li et al. proposed t-closeness.
In 2016, Li Fenghua et al. proposed a Cyberspace-oriented access control model
In 2006, Cynthia et al. proposed differential privacy
In 2013, Miguel proposed GeoIndistinguishability
In 2013, John et al. proposed local differential privacy
In 2015, Li Fenghua et al.proposed the theory and technology system of privacy computing
1.2.1 Privacy Protection
Privacy protection technology refers to the use of encryption, secure computing, access control, and other technologies to protect privacy information from unauthorized access, and the protected privacy information is reversible.
1.2.1.1 Encryption
Encryption is the most commonly used privacy protection technology, where personal information is encrypted for transmission, storage, and sharing. The encrypted information can only be decrypted and accessed with the decryption key. Although encryption protects the security of data, the encrypted data cannot be directly counted, handled, and processed, which will increase the complexity of using data. For encrypted data processing, two technology routes that are currently receiving wide attention from academia and industry are homomorphic encryption and confidential computing based on trusted computing environments. Homomorphic encryption means to perform function computation f(E(x)) on the ciphertext, and the result of decryption is equivalent to performing the corresponding function computation f(x) on the plaintext x x, that is, the encryption function E(x) and the function computation f(x) can exchange the order, i.e., D( f(E(x))) = f(D(E(x))) = f(x) D( f(E(x))) = f(D(E(x))) = f(x). With the support of homomorphic encryption, the user can encrypt the data and then hand it over to cloud computing or other partners. After the partner performs corresponding operations on the ciphertext, the user decrypts the ciphertext to obtain the computation result of the plaintext. RSA [3] and Pailiar algorithm [4] have the properties of multiplication and addition homomorphism, respectively, but general computing needs to have
Fig. 1.1 Evolution process of privacy protection technology
homomorphic properties for addition and multiplication at the same time. In 2009, Gentry [5] proposed the first fully homomorphic algorithm, which attracted widespread attention and inspired a lot of follow-up research. However, the complexity of the current fully homomorphic algorithm is still very high, and there still exists a large gap from practical application.
Confidential computing based on a Trusted Execution Environment (TEE) focuses on data protection in the computing process. The system maintains a secure space, decrypts the encrypted data after importing it into the secure memory space, calculates the plaintext, and encrypts it when it is called out of the space. This secure memory space is inaccessible to other users, reducing the risk of data leaking from other parts of the system while maintaining transparency to users. Especially in multi-tenant public cloud environments, confidential computing keeps sensitive data isolated from other authorized parts of the system stack. Intel SGX (Software Guard Extension) is currently the main method for implementing confidential computing, which generates an isolated environment Enclave in memory. SGX uses strong encryption and hardware-level isolation to ensure the confidentiality of data and code against attacks, and can still protect applications and code even when the operating system and BIOS firmware are compromised.
1.2.1.2 Secure Multiparty Computation
Secure Multi-Party Computation (MPC) originated from the secure two-party computation protocol “Millionaire Problem” proposed by Yao [6]. Computational parties cooperate to complete a computing problem without revealing their own sensitive information. As research progresses, there are already several practical cases for secure multi-party computation. The Boston Women’s Workforce Council used MPC in 2017 to calculate compensation statistics for 166,705 employees at 114 companies [7]. The company does not provide its raw data due to privacy concerns, and calculations show that the gender gap in the Boston area is even wider than previously estimated by the U.S. Bureau of Labor Statistics. To calculate the exact conversion rate from an ad to an actual purchase, Google calculated the size of the intersection between the list of people who viewed an ad for an item online and the list of people who actually bought the item. To calculate this value without exposing the list-specific data, Google uses a private intersection-sum protocol [8]. Although the protocol efficiency is not ideal, it is simple and can meet Google’s computing requirements.
1.2.1.3 Access Control
Access control is one of the most important approaches to achieving privacy preservation. The essence of privacy preservation is to share privacy information with authorized entities at the right time and in the right way. In traditional access control systems, permissions are formulated and implemented by system
administrators. Common access control strategies include discretionary access control, mandatory access control, and role-based access control. In privacy preservation scenarios, permissions and access control policies are basically set by the data owner. In application environments such as social networks and Internet services, privacy information is often forwarded by friends and spread across systems and ecosystems among different service providers. Therefore, extended control has become the biggest problem faced in privacy preservation scenarios. In 2016, Li Fenghua et al. [9] proposed a Cyberspace-oriented access control model and an extended control model.
Encryption can also be combined with access control. Attribute Based Encryption (ABE) is an encryption method that effectively implements access control [10] where users have several attributes, and each attribute is assigned a public-private key pair. When encrypting a plaintext, the encryptor selects the public key of the corresponding attribute to construct an encryption key according to the access control policy. This encryption key can directly encrypt the plaintext, or encrypt the key used to encrypt the plaintext. If the user has a private key with attributes that match the access control policy, the private key of the corresponding attribute is selected to construct the decryption key, and the corresponding ciphertext can be decrypted similarly. ABE is essentially a public key encryption system with relatively slow encryption and decryption speed.
1.2.2 Privacy Desensitization
Privacy desensitization protects privacy information by adopting a distorted and irreversible method, so that the desensitized information cannot be associated with the data subject. Privacy desensitization of the privacy information contained in the data includes but is not limited to existing methods such as Generalization, Suppression, Anatomization, Permutation, and Perturbation. New theoretical innovations in privacy desensitization are needed in the future. Privacy desensitization is also often referred to as privatization or anonymization.
1.2.2.1 Generalization
Generalization is a technique which replaces a speci fic value in a class of properties with a more general value. For example, if a person is 25 years old, it can be generalized to 20–30 years old; a person’s occupation is a programmer or a lawyer, and it can be generalized to white-collar workers (brain workers).
1.2.2.2
Suppression
Suppression refers to replacing an attribute, attribute value, or part of an attribute value with * when publishing information. For example, the mobile phone number is represented as 135****3675, and the credit card number is represented as 4392********.
1.2.2.3
Anatomization and Permutation
The goal of anatomization and permutation is to remove the association between quasi-identi fiers and sensitive attributes without changing the values of quasiidentifiers or sensitive attributes. Anatomization is to divide the original record table into two tables to publish, where one table publishes quasi-identi fier attributes, the other table publishes sensitive attributes, and the two tables only have the same GroupID as a common attribute. Permutation is used to divide a set of data records into groups, and permute sensitive values within the group, thereby disrupting the correspondence between quasi-identifiers and sensitive attributes.
1.2.2.4
Perturbation
Data perturbation refers to the technique of replacing the original data values with synthetic data values. Statistical information does not change signi ficantly after perturbation, and the perturbed data lose relevance to the real data subject. Classic data perturbation mechanisms include noise addition, data exchange, synthetic data generation, etc. Noise addition is mainly used for privacy preservation of numerical data by generating noise values from a speci fic distribution of noise and adding them to sensitive values. The main idea of data exchange is to exchange the values of sensitive attributes between personal data records, which can maintain low-order frequency statistics or marginal distributions for statistical analysis. Synthetic data generation aims of building a statistical model according to data, and then up-sampling from the model to replace the original data. Perturbation has a long history of application in statistical release control because of its simplicity, effectiveness, and the ability to maintain statistical information [11].
On the basis of the above desensitization operations, a series of privacy desensitization models and methods have been developed, including k-anonymity [12], ldiversity [13], t-closeness [14], differential privacy [15], local differential privacy [16], etc., which will be introduced in subsequent chapters.
1.3 The “Four Rights” of Privacy Preservation
GDPR has made relevant provisions on the right to know, the right to erasure, and the right to be forgotten. The right to know addresses the collection and processing of personal information, and the right to erasure and the right to be forgotten address the storage of personal information. With the popularization and application of mobile apps, although the right to know has not been fully implemented and has become the root cause of out-of-scope collection of privacy information, it has been widely noticed by everyone. In reality, data subjects voluntarily provide some privacy information to obtain personalized services, but the data subjects’ right to erasure and to be forgotten are privacy preservation issues that deserve more attention. Service providers’ neglect of the right to erasure and to be forgotten is a source of misuse of privacy information. Under the circumstance that privacy information is widely exchanged and disseminated in the ubiquitous interconnected environment, the “extended authorization” proposed by the authors of this book is the core criterion to ensure the controlled sharing of privacy information, and an effective guarantee mechanism for balancing privacy desensitization and usability.
1.3.1 Related Parties of Privacy Information
The related parties of privacy information are the participants in the processing of privacy information in the process of privacy preservation, including the following five aspects.
1. Data subject: refers to the owner of personal data or personal information.
2. Controller: refers to the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of privacy information.
3. Processor: refers to a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.
4. Recipient: refers to a natural or legal person, public authority, agency, or another body, to which the privacy information are disclosed, whether a third party or not.
5. Third party: refers to a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
1.3.2 Right to Know
The right to know requires the controller to obtain the consent of the data subject when collecting and processing personal information. The data subject has the right
to know how the data controller processes and stores personal information, where the personal information is obtained and to whom it will be transferred. When the purpose and method of processing personal information are changed, the individual’s consent shall be obtained again. When personal information processors transfer personal information to third parties, they should also inform individuals of the recipient’s identity and contact information. The recipient should continue to perform the obligations of the personal information processor. If there is any change, the data subject needs to be notified again and consent should be obtained.
1.3.3 Right to Erasure
The right to erasure is the right of the data subject to ask the controller to delete his or her personal information. When the data subject withdraws consent or the personal information is no longer necessary for the purpose for which it was collected and processed, the data controller can be asked to delete the relevant data. If the controller has made the data public, it should consider taking reasonable steps, including technical measures, to inform other data controllers who are processing personal data that the data subject has asked them to delete the personal information of the data subject, and the data controller and processor should delete personal information in a deterministic and irrecoverable manner.
1.3.4 Right to be Forgotten
The right to be forgotten means that when the storage period agreed between the data subject and the controller has expired or the processing purpose has been achieved, and the personal information controller or processor stops providing products or services, the controller or processor should take the initiative to delete personal information, i.e., personal information is automatically deleted after being retained by the data controller or processor for a certain period of time.
1.3.5 Extended Authorization
In social network applications, there are widespread problems such as personal information being forwarded more than twice by friends across Moments and systems. Therefore, in the process of dissemination of privacy information, whether the data subject can extend authorization for the cross-system exchange of personal information, and the implementation of extended control is crucial to privacy protection. The requirement for extended authorization is not mentioned in GDPR and other privacy protection-related regulations, but in the era of ubiquitous
information sharing, extended authorization is the basis for ensuring controlled sharing of privacy information. Extended control is a technical implementation method of extended authorization, and an indispensable and effective mechanism for balancing privacy desensitization and privacy information utility.
Although the “Personal Information Protection Law of the People’s Republic of China” requires that personal consent is required for personal information processing, if the purpose of processing personal information, processing methods, and types of personal information are changed, personal consent should be obtained again, but in in the actual information system implementation process, if there are no technical means to implement extended control mechanism, the legal requirements are difficult to implement.
1.4 Technical Challenges in Privacy Preservation
The development of technologies such as the Internet, mobile Internet, Internet of Things, cloud computing, 5G, and satellite communications has spawned an endless stream of new service paradigms, and privacy information flows widely across systems, ecosystems, and even across borders. From the perspective of the “threedimensional space” composed of time, scene, and privacy information, any privacy preservation scheme is a “point” in the three-dimensional space; It is necessary to form a privacy preservation algorithm system in the “three-dimensional space” that is continuous in time, universal in scenarios, and common to all privacy information modalities, so that the system can ensure the stability of the industry privacy information system and realize the protection of the full lifecycle, any scenario, and any privacy information. Although thousands of academic papers or solutions have been published on research in privacy preservation around the world, why hasn’t the problem of privacy preservation been effectively solved in practical applications? This is because privacy preservation has not theoretically solved a series of challenges in systematization, computability, etc.
1.4.1 Threats in Privacy Preservation
1.4.1.1 Over-Collection of Information
In recent years, with the rapid development of mobile Internet technology, mobile App has become the main carrier of network information service and an important tool for users to use mobile Internet. However, many mobile apps, while providing users with network services, have problems such as compulsory authorization, excessive claiming of rights, and frequent over-scope collection of personal information, leading to the increasingly serious threat of personal information leakage.
1.4.1.2 Unauthorized Use and Excessive Retention of Information in the
Information System
Network information service providers have collected a large amount of personal information, created user profiles without obtaining user consent and used “big dataenabled price discrimination”, illegally overstepping their authority to use personal information and illegally sharing personal information with third parties, resulting in excessive retention of personal information across systems and posing a huge risk of privacy leakage.
1.4.1.3
Inconsistency of Cross-System Protection Capabilities
Privacy information flows widely across systems, and the protection capabilities of each system may be inconsistent, so the protection capabilities of the whole life cycle of privacy information are limited by the system with the weakest protection capability. The lack of extended control mechanism for the flow of privacy information cross-system increases the risk of cross-system privacy information leakage.
1.4.2 Systematic Computational Model
In order to realize the full life cycle protection of privacy information and ensure its implementation in a ubiquitous information system, it is necessary to build a systematic computing model for the preservation of privacy information, which supports the measurement and on-demand protection of privacy information.
1.4.2.1
Perception and Dynamic Measurement of Privacy Information
Privacy information is multi-dimensionally correlated, scene-changing, and subjective, leading to dynamic changes in privacy cognition. To establish a systematic computing model, it is necessary to break through key bottlenecks such as the privacy information perception of diverse data, the fine-grained division of privacy attribute vectors, the dynamic quantification of privacy attributes, and the dynamic assessment of privacy information value and leakage risk associated with multiple factors, so as to solve the problem of accurate privacy perception in massive data and the time complexity problem of privacy dynamic measurement.
1.4.2.2 On-Demand Privacy Preservation and Combination of Privacy-Preserving Mechanisms
Regarding the changes in application scenarios, differences in privacy preservation requirements of data subjects, and diverse data types, it is necessary to study key technologies such as privacy desensitization mechanisms in the process of personal information collection, processing and sharing, privacy desensitization strategies adapted to scenarios, and parameter selection. At the meantime, regarding the different privacy preferences of users, diverse privacy preservation algorithms, and differences in protection degree requirements, etc., we should consider specific characteristics of different privacy algorithms, the relevance of multimodal data, and privacy preservation mechanisms, explore scenario-adapted methods for efficient and optimal combination of privacy preservation algorithms, and break through key technologies such as fine-grained feature description of privacy preservation algorithms, characterization of algorithm combination characteristics, detection, and resolution of multi-party privacy preference conflicts, to achieve automatic optimization and combination of multi-preserving algorithms for different types of data with differentiated privacy-preserving requirements.
1.4.3 Evaluation of Privacy-Preserving Effectiveness
Considering the diverse theoretical systems of different privacy-preserving algorithms, differences in application requirements and algorithm effects, etc., it is vital to study the multi-dimensional evaluation index system of privacy-preserving effectiveness, and propose a scenario-adapted quantitative evaluation model for effectiveness. It is necessary to break through key technologies such as qualitative and quantitative performance evaluation, privacy-preserving performance limit estimation of single algorithm and combined algorithm, and quantitative evaluation of privacy-preserving strength for dynamic data addition, etc., so as to provide multidimensional quantitative support for the evaluation of algorithm effectiveness and selection of algorithms.
Moreover, it is essential to study the evaluation method of privacy-preserving effectiveness based on big data analysis while taking into account the characteristics of big data in actual Internet applications, such as large time-scale, differentiated sources, large sample space, differences in the effect and continuous evolution of privacy-preserving algorithms, and correlation to privacy in desensitized information. It is necessary to break through key technologies such as accurate collection of cross-platform privacy-related background data, rapid perception and labeling of non-explicit privacy attributes, fine-grained data owner privacy knowledge modeling, multi-source scene content cross-correlated privacy leak detection, and Bayesian statistical inference based on mutual information between linked data, so as to
achieve a reverse evaluation of privacy-preserving effect based on privacy mining using big data analysis.
1.4.4 Extended Control of Privacy Information
The GDPR and other regulations do not explicitly mention the extended authorization of privacy, but there are widespread problems in social network applications such as personal information being forwarded more than twice by friends across Moments and systems. In view of the diverse social application scenarios, the differences in the sensitivity of the types of objects in the media, the diversity of data subjects, and the differences in the privacy-preserving capabilities of the platforms, considering the impact of cross-platform flowing and multiple forwarding of multi-subject data on privacy control, and impact of subject, object, social platform, privacy needs, and other elements on dissemination control, it is necessary to establish a fine-grained extended control mechanism that supports the random topology of social networks and the differential privacy-preserving requirements of multiple data subjects, and breaks through key technologies including the normalized description of multi-factor constraints such as scene, space-time, content, and privileges, secure binding of media with followed extended-control-policy of protection strength and constraint conditions, the sharing process monitoring based on labeling and exchange auditing, the dynamic logical relationship generation of the data cross-platform flowing, differential description of privacy-preserving strength of subject-related data objects, normalized description of data extended control policy across domains, so as to support the controlled sharing of data in ubiquitously connected environment.
1.4.5 Forensics of Privacy Infringement
To address the problems of dynamic and random dissemination paths of privacy information, hidden privacy infringement, and fragmented spatial and temporal distribution of evidence in the diversity of Internet applications, it is necessary to study infringement monitoring for multi-type data, whole-process infringement clue capture and analysis, and abnormal data sharing behavior judgment and traceability, break through key technologies such as cross-domain exchange control and violation determination, cross-platform multi-dimensional reconstruction of privacy infringement events, and virtual identity positioning, so as to achieve accurate tracking of privacy infringements.
1.5 Chapter Summary
In the continuous evolution of new business paradigms, frequent cross-border, crosssystem, and cross-ecosystem exchange of user data results in privacy information being retained intentionally or unintentionally in different information systems. The cask principle effect caused by the differences in the data protection capabilities and protection strategies of various information systems has led to an increasingly prominent risk of privacy leakage. Issues such as the lack of privacy information protection methods and the difficulty in governing the abuse of privacy information have become worldwide problems. Privacy preservation can be divided into two categories: privacy protection and privacy desensitization. Faced with the controlled sharing of information across systems, privacy desensitization technology is much needed to ensure the realization of the “four rights of privacy”. At present, many privacy preservation solutions have been proposed, which however cannot effectively address the privacy issues in practical applications. Therefore, it is a must to establish a new and complete theoretical system for the protection of privacy information in its entire life cycle to support privacy preservation in information systems. The notion of privacy computing proposed by Li Fenghua et al. [17] is the solution to the privacy preservation problem in practical applications, which will be elaborated in the subsequent chapters.
References
1. General data protection regulation. (2018)
2. Federal Trade Commission. Data brokers: a call for transparency and accountability. (2014)
3. Rivest, R.L., Adleman, L., Dertouzos, M.L.: On data banks and privacy homomorphisms. Foundations of Secure Computation. 4(11), 169–179 (1978)
4. Paillier, P.: Public-Key Cryptosystems Based on Composite Degree Residuosity Classes. In: International Conference on the Theory and Application of Cryptographic Techniques, pp. 223–238. Springer, Berlin (1999)
5. Gentry, C.: A fully homomorphic encryption scheme. Stanford University, Stanford (2009)
6. Yao, A.C.: Protocols for secure computations. In: IEEE 23rd Annual Symposium on Foundations of Computer Science, pp. 160–164. IEEE Press, Piscataway (1982)
7. Lapets, A., Jansen, F., Albab, K.D., et al.: Accessible privacy-preserving web-based data analysis for assessing and addressing economic inequalities. In: Proceedings of the 1st ACM SIGCAS Conference on Computing and Sustainable Societies, pp. 1–5. ACM Press, New York (2018)
8. Ion, M., Kreuter, B., Nergiz, E., et al.: Private intersection-sum protocol with applications to attributing aggregate ad conversions. IACR Cryptology ePrint Archivet. 7, 738 (2017)
9. Li, F., Wang, Y., Yin, L., et al.: Novel cyberspace-oriented access control model. J. Commun. 37(5), 9–20 (2016)
10. Sahai, A., Waters, B.: Fuzzy identity-based encryption. In: International Conference on Theory & Applications of Cryptographic Techniques, pp. 457–473. Springer, Berlin (2005)
11. Adam, N.R., Worthmann, J.C.: Security-control methods for statistical databases: a comparative study. ACM Comput. Surv. 12, 515–556 (1989)
12. Sweeney, L.: K-anonymity: a model for protecting privacy. Int J Uncertain Fuzz. 10(5), 557–570 (2002)
13. Machanavajjhala, A., Gehrke, J., Kifer, D., et al.: L-Diversity: Privacy beyond K-Anonymity. In: IEEE 22nd International Conference on Data Engineering, p. 24. IEEE Press, Piscataway (2006)
14. Li, N., Li, T., Venkatasubramanian, S.: T-Closeness: Privacy beyond K-Anonymity and L-Diversity. In: IEEE 23rd International Conference on Data Engineering, pp. 106–115. IEEE Press, Piscataway (2007)
15. Dwork, C.: Differential privacy: a survey of results. In: International Conference on Theory and Applications of Models of Computation, pp. 1–19. Springer, Berlin (2008)
16. Duchi, J.C., Jordan, M.I., Wainwright, M.J.: Local Privacy and Statistical Minimax Rates. In: IEEE 54th Annual Symposium on Foundations of Computer Science, pp. 429–438. IEEE Press, Piscataway (2013)
17. Li, F., Li, H., Jia, Y., et al.: Privacy computing: concept, connotation and its research trend. J. Commun. 37(4), 1–11 (2016)
Another random document with no related content on Scribd:
folded it, put it in its envelope, and fastened a look that a basilisk might have envied, on her companion.
Glancing up from her novel with a frank fearless countenance, she encountered Miss Fane’s cold gray eyes critically surveying her, over the top of her tortoiseshell pince-nez. To describe Miss Fane more particularly, she was a prim, dignified, elderly lady, seated bolt upright on the most uncompromising chair in the room. She had wellcut aristocratic features; a high arrogant-looking nose; rather a spiteful mouth; iron-gray sausage curls, carefully arranged on either temple, and surmounted by a sensibly sedate cap. A very handsome brown silk dress, as stiff as herself, completed her costume.
Not being overburdened with this world’s goods, owing to the failure of a bank in which most of her fortune had been invested, she had accepted a very handsome allowance and the post of chaperon to her nephew’s ward. If she could have had this immense increase to her income without the ward, so much the better; girls were not to her taste, but though narrow-minded, frigid, and intensely selfish, she was strictly conscientious, according to her lights, and was thoroughly prepared to do her duty by her young companion.
“Alice,” she said, glancing from Alice to the note she held in her hand, and then back again with an air of hesitation, “I have just heard from my nephew, your guardian, you know. He expects to leave India immediately; and if the Euphrates stops here for coaling, he says he will come and look us up. Would you like to read his letter? Perhaps I ought not to show it to you; but it will give you some idea of the kind of young man he is.”
“Thank you,” replied his ward, stretching out a slim ready hand; “if you really think I may, Miss Fane,” she added interrogatively, whereupon Miss Fane handed her her nephew’s effusion, which ran as follows:
“Cheetapore.
“M�
���� A��� M���,
“I got your last letter all right. I did not answer it at once as I had nothing to say, and am no scribe at the best of times. I
quite agree with you, that you had much better take entire charge of Miss Saville now she has left school; but why not have kept her there another year or two? Your suggestion is excellent, and you will make a much more fitting guardian than my unworthy self. I do not know what on earth I should have done with her if you had not come to the rescue. I cannot imagine what possessed my father to leave me, of all people, guardian to a girl. Of course I shall look after her money affairs, etc., but I hope you will take her off my hands completely No doubt she will marry soon, as you say she is pretty, and if the parti is anything like a decent fellow, and comes up to the mark in the way of settlements, you may take my consent for granted—I shall say: ‘Bless you, my children,’ with unmixed satisfaction. I am bringing you some shawls, curios, etc., to make amends for my shortcomings as a correspondent. We sail from Bombay on the twenty-second, and if we coal at Malta I shall look you up. What in the world took you there? It strikes me you are becoming a regular ‘globetrotter’ in your old age.
“Your affectionate Nephew, “R. M. F������.”
“What a funny letter, or note rather!” exclaimed Alice; “only two sides of the paper. The Fifth Hussars have a very pretty crest; and what a good hand he writes! He certainly seems very anxious to get rid of me, does he not, Miss Fane? I am afraid I am a great infliction,” she added, colouring, “but I will do my best to trouble him as little as possible.”
“I will make you a much more suitable guardian,” returned Miss Fane complacently. “I do not know what my brother-in-law could have been dreaming about when he made his will. Poor man! he naturally thought he had yet many years to live, and never contemplated your having such a preposterously young guardian. Reginald cares for nothing beyond his profession—horses, racing, and men’s society. My brother-in-law spoiled him as a boy, and allowed him his own way completely, though I believe he was a good son and very much attached to his father. Greville was a weak-
minded man,” she pursued, shaking her head reflectively, “governed first by his wife and then by his son. Reginald has always been his own master, and is headstrong and overbearing to the last degree.”
“You don’t like him, Miss Fane?” inquired Alice, slightly raising her eyebrows.
“Ah well!” hesitatingly, “I don’t exactly say that; I have seen so little of him since he was a boy; and then he was, without exception, the most troublesome, mischievous, impudent urchin I ever came across; always in trouble, falling out of trees, or downstairs, or off his pony, playing practical jokes, fighting the gardener’s big boys, riding his father’s hunters on the sly. He kept everyone in hot water. I spent six months at Looton, and added six years to my life,” concluded Miss Fane, nodding her head with much solemnity.
The truth was, Miss Fane had gone to Looton on a very long visit, with the intention of remaining permanently as virtual mistress. Her easy-going brother-in-law would have made no objection, but her impish nephew immediately saw through her object, and made her life unbearable. His practical jokes were chiefly at her expense, and the way in which he teased her beloved poodle was simply intolerable. She had to give up her intention of remaining, and leave what she had fully intended to have been a most luxurious home.
This she had never forgotten, nor forgiven; her feelings on the subject had been stifled, but they smouldered. She never cared for her nephew—never would; he was far too like his mother—her handsome stepsister—whom she had detested with all her heart. Nevertheless, she found it to her advantage to be on apparently good terms with her liberal and wealthy relative, who had not the remotest idea of the real feelings his aunt secretly cherished towards him.
About a week later the Euphrates came into Malta, late one evening. Miss Fane and the Lee-Dormers were dining at the Governor’s; Alice, not being “out,” had tea solus at home.
Time hung heavily on her hands; her book was stupid, she was not in the humour for music, and it was too early to go to bed. Opening the window, she stepped out on the balcony that ran all round the house and overlooked the courtyard. Here she remained for a long time, her chin resting on her hand, indulging in a daydream—“in maiden meditation, fancy free.” The air was laden with the perfume of twenty different flowers; but the fragrant orange-trees in their tubs down below overpowered all.
“How delicious!” said Alice to herself, sniffing the air. “If I am ever married—which is not very likely—I shall have a wreath of real orange-blossoms, always supposing I can get them.”
Presently she turned her attention to the stars, and endeavoured to make out some of the constellations, not very successfully, it must be confessed. She listened to the distant driving through Valetta.
“Belated sightseers returning to their steamers,” she thought.
Just then a carriage drove rapidly into their quiet street, and seemed to stop close by.
“It can’t be Miss Fane come home already; they are barely at coffee yet,” she mentally remarked, as she settled herself for another reverie.
After a while, feeling rather chilly, she pushed open the window and stepped back into the sitting-room. For a moment the light dazzled her eyes. That moment past, what was her amazement to find a handsome young man, in undress cavalry uniform, standing on the rug with his back to the fire!
The surprise was apparently mutual. However, he at once came forward and said:
“Miss Saville, I am sure. The servant said my aunt was out, but that you were at home. As the room was empty, I concluded you had gone to bed.”
“When did you arrive?” she asked, offering her hand.
“We came in about two hours ago, and are going to coal all night —a most detestable but necessary performance.”
“Have you been here long?” was her next question, as she seated herself near the table.
“About twenty minutes. I have been enjoying this English-looking fire immensely. You must have found it rather chilly in the verandah, I should say.”
A thought flitted through his mind—“Was there a Romeo to this lovely Juliet?” He looked down at her with a quick keen glance. No; the idea was absurd.
“What were you doing out there this cool evening?” he added.
“Nothing,” she replied shyly. She could not bring herself to tell this brilliant stranger that she had been simply star-gazing.
“A regular bread-and-butter miss,” he thought, as he pulled his moustache with a leisurely patronising look.
Bread-and-butter or not, she was an extremely pretty girl, and his ward. The idea tickled him immensely. He put his hand before his mouth to conceal an involuntary smile.
“Vernon or Harcourt would give a good deal to be in my shoes, I fancy,” he said to himself, as he took a seat at the opposite side of the table from his charge.
Alice having mastered her first astonishment, felt that it behoved her to make some attempt at conversation, and to endeavour to entertain this unexpected guest, pending Miss Fane’s return. She offered him refreshments, coffee, etc., which he declined, having dined previously to coming on shore. With small-talk, Maltese curios, and the never-failing topic—weather, she managed to while away the time. At first her voice was very low, as it always was when she was nervous or embarrassed, but she soon recovered herself, and played the part of hostess in a manner that astonished the man who, half-an-hour before, had called her (mentally) “a bread-and-butter miss.” Seven years on the Continent had given her at least easy polished manners. She had none of the gaucherie so common to an English girl of her own age, brought up exclusively at home. It seemed to her that Sir Reginald was shy!—he sat opposite to her playing with a paperknife, and by no means properly supporting his
share of the conversation. Her good-natured efforts amused him prodigiously. He was sufficiently sharp to see that she thought him bashful and diffident, whereas he was only lazy; he preferred to allow ladies, whenever they were good enough to talk to him, to carry on the most of the conversation, a few monosyllables, and his eloquent dark eyes, contributing his share. Poor deluded Alice! she little knew that the apparently diffident young man was the life and soul of his mess, and that shyness was unknown to him (except by name) since he had been out of his nurse’s arms.
Conversation presently became somewhat brisker; they exchanged experiences of Germany and India. They discussed books, horses, and music, and at the end of an hour Alice felt as if she had known him for at least a year. Certainly they had made as much progress in each other’s confidence as if they had gone through a London season together, when a few brief utterances are gasped between the pauses in a waltz, or whispered on the stairs, or interrupted by some spoil-sport in the Row.
As for Reginald, he not only felt completely at home, but, what was worse, most thoroughly bewitched.
“I’m never going to be so mad as to lose my head about this grown-up child, am I?” he indignantly asked himself. “I who have hitherto been invulnerable, as far as the tender passion is concerned. No! not likely. If I can’t face a pretty girl without immediately feeling smitten, the sooner I renounce the whole sex the better.”
Whilst he was thinking thus, he was to all appearance immersed in a series of views of Rome and Florence, and listening to a description of palaces, churches, and tombs.
There was not the slightest soupçon of a flirtation between this couple. Sir Reginald talked to his ward as he would to his grandmother, and there was a look in her clear deep gray eyes that would have abashed the most thorough-paced male flirt in Christendom—which he was very far from being—a look half of childish innocence, half of newly-awakened maiden dignity—
Standing where the rivers meet, Womanhood and childhood sweet.
Miss Fane duly returned, and accorded her nephew a warm welcome and a kiss, which he very reluctantly received, for she had also a moustache! She treated him besides to a most recherché little supper, and at twelve o’clock he took his departure, faithfully promising to look them out a suitable house in London, and with an uneasy conviction that he had met his fate.
I need scarcely tell the astute reader that the acquaintance thus formed shortly ripened into something else: a few dances—a few rides in the Row—a water-party—the Cup-day at Ascot—finally a moonlight picnic, and the thing was settled.
Before the end of the season the following announcement appeared in The Times:
“On the 25th inst., at St. George’s, Hanover Square, by the Lord Bishop of Bermuda, assisted by the Rev. H. Fane, Sir Reginald Mostyn Fairfax, Bart., Captain Fifth Hussars, of Looton Park, Bordershire, to Alice Eveleen, only child of the late Major-General Saville.”
Sir Reginald expressed his intention of retiring, much to the disgust of his brother-officers, who said they thought Fairfax was the last man who would have married and left them. “You of all people too! After the way you used to be down on other fellows who fell in love, or got married—it’s perfectly shameful! You were actually the means of nipping several very promising affairs in the bud, and now you are going to get married yourself. What excuse have you to make?” cried an indignant hussar.
“I say,” replied Sir Reginald complacently, “‘that he jests at scars who never felt a wound.’ That was my case. Now I’m a reformed character.”
But when at the drawing-room, the opera, and elsewhere, the Fifth saw the future Lady Fairfax, even the most hardened bachelor among them frankly admitted that “Rex,” as they called him, had a very fair excuse.
After their honeymoon the Fairfaxes went down to Looton, where they were considered the handsomest and happiest couple within three counties.
CHAPTER IV. A PRACTICAL JOKE.
Sir Reginald left for Cannes the end of November, intending to spend a week there, and to be home, of course, long before Christmas. Meanwhile, a plot he little dreamt of had been hatched for his benefit. A storm was brewing; in fact, a regular cyclone threatened his domestic atmosphere.
When he was in India with the Fifth Hussars, among his few lady acquaintances outside the regiment there was one who had taken an immense fancy to him—a fancy he by no means reciprocated. She was the daughter of an old Commissariat officer, who had survived to enjoy his off-reckonings and settled down at Cheetapore. “After thirty-eight years of India, he could not stand England,” he said; “one winter there would finish him.”
Miss Mason had been already four seasons on the plains. The climate was beginning to tarnish her beauty—the dark Italian style, her friends declared. Her foes, on the other hand, did not scruple to accuse her of “four annas in the rupee”—native blood, in fact. She was, nevertheless, one of the belles of the station. Time was flying, as I have said before, her good looks were waning, and she was becoming extremely anxious to be settled. Fully determined to marry well, thoroughly bold and unscrupulous, and believing firmly in Thackeray’s dictum, “that any woman who has not positively a hump can marry any man she pleases,” she looked about her, to see whom she would have.
One of the Fifth Hussars for choice; they were mostly well-born, and all rich. After some hesitation, she made up her mind that Captain Fairfax (as he then was) was perhaps the most desirable of the lot. A future baronet, of distinguished appearance, young, rich,
and extremely popular, what more could she wish for? Not much, indeed.
But he rarely mixed in ladies’ society; and there was a certain hauteur about him—a kind of “touch-me-not” air—that inclined her to think he might give her some trouble. But then he was worth it. How good-looking he was—his keen dark eyes, regular features, and thick moustache, together with his slight well-knit figure, quite fulfilled her beau-ideal of a handsome, gallant hussar.
So she prepared to lay siege to him, and at once commenced to bring her heavy guns into action. But it was in vain—all in vain. It was useless to waylay him in the ride of a morning; with a hurried bow he cantered on. It was equally futile to get a friendly chaperon to escort her to cavalry parades on Wednesday mornings, for after drill he invariably went off to stables. Polo, at which he was a great performer, was also a blank, as whenever it was over, instead of lounging and talking to the lady spectators, he mounted his hack and disappeared. At the races she was more successful, and began to think she was making way at last. The Hussars had a tent, and, being one of the hosts, Sir Reginald was brought in contact with her repeatedly. But what she attributed to special attention was merely the courtesy with which he treated all the sex.
At balls she danced with him several times; but she could see that he much preferred dancing to talking, and grudged every moment that she wasted in conversation. However, “Rome was not built in a day.” “Patience,” she thought, “and I shall be Lady Fairfax yet. He is no flirt, and does not devote himself to any lady here, married or single. All this is a point in my favour,” she reflected. “He only wants drawing out; he is reserved and cold, but never fear, I shall thaw him.” She invited him repeatedly to her father’s house, invitations which he steadily and politely declined, and still not discouraged, made a point of stopping and accosting him wherever they met, were it on the road, coming out of church, or at the band. She endeavoured to arrange playful bets on trifling subjects, and made frequent allusions to the language of flowers; forced button-holes on him, and finally calling him to her carriage as he was riding past at the band, one evening—it was dark, and he fondly hoped to
disappear unnoticed—she entreated him to dismount and have a chat.
“I cannot—very many thanks—as this is guest-night, and I have some fellows coming to dinner, and it is now”—looking at his watch —“a quarter to seven.”
“And what of that?” she returned playfully; “surely you can spare me a few minutes?”
Dead silence, during which her victim was revolving in his brain his chances of escape.
“Have you any sisters, Captain Fairfax?” she inquired, apropos of nothing.
“No; I wish I had.”
“You would be very fond of them, I am sure”—effusively.
“I daresay I would.”
“Ah!” she exclaimed, leaning over and patting his horse’s back caressingly, and looking up into his face with her bold black eyes —“ah, Captain Fairfax, how I should like to be your sister!”
With an imperceptible shudder he replied in his most frosty tone:
“You do me far too much honour, Miss Mason.”
“Not at all,” she said impressively; “nothing is too good for you, in my opinion.”
“You are very kind to say so, I am sure,” he replied, much embarrassed. “I must really be off,” gathering up his reins.
“Stay, stay—one second,” she entreated. “You remember the cracker we pulled together at the General’s on Monday, and I would not show you the motto? I was ashamed.”
“No doubt you were; some wretched, vulgar rubbish”—preparing to depart.
“No, no, not that,” she cried eagerly, “only—only—you will understand all when I give it to you—when I give it to you, you
understand. I know you will not think it either wretched or vulgar when you read it. Do not look at it till you get home and are quite— quite alone,” she added, pressing an envelope into his most reluctant hand.
“All right,” he replied, taking off his hat and rapidly riding away, only too glad to escape.
In the privacy of his own room he opened the mysterious envelope, and held its contents—a narrow slip of paper—to the lamp. It ran as follows:
My hand, my heart, my life, are thine; Thy hand, thy heart, thy life, are mine.
“Not that I know of,” he exclaimed fiercely, and colouring to the roots of his hair. “The woman must be insane,” he muttered, tearing the motto into fragments and scattering them on the floor. “She could not really think I cared two straws about her. If it is a joke, as of course it is,” he proceeded, “it is by no means a nice one, or one that a thoroughly lady-like girl would ever dream of practising. If she were my sister,” he continued, with a grim smile, “I would give her a piece of my mind that would astonish her weak nerves. God forbid she was any relation to me!” he added fervently. “I’ll give her an uncommonly wide berth for the future.”
This mental resolve of his was most rigidly carried out. He avoided Miss Mason in an unmistakable manner, and held aloof from society on her account. It took her some time to realise this painful fact, but when she did grasp it her whole soul rose in arms; and hearing about the same period a remark he had made about her—viz. “that she might be considered a fine-looking woman, but was not at all his style, and that he thought her awfully bad form.” This, though breathed in confidence over a midnight cheroot, en route from a dance where Miss Mason had been making herself more than usually conspicuous—came round to her ears, and acted like a match in gunpowder, oil in flame. The most venomous hatred took
the place of her former admiration, and an insatiate craving for revenge filled her fair bosom—a revenge she fully determined to gratify on the earliest possible occasion.
Time went on, the Hussars left for England, and the wedding of Alice and Reginald found its way into the Home News. “Now,” thought she, “I will have my innings. I will drop a shell into his camp that will astonish him, to say the least of it, and I’ll light the match at once.”
Miss Mason’s dearest friend and inveterate ally was spending the day with her It was October, and although the hot weather was a thing of the past, yet it was still warm, and occasionally muggy. Tiffin concluded, the two ladies retired, Indian fashion, to Miss Mason’s room, and there donned cool white dressing-gowns, and subsided into long cane-lounges. For some time the monotonous creaking of the punkah-rope alone broke the silence.
Presently Miss Mason said: “Harriet Chambers, I have been a good friend to you. Have I not stood by you through thick and thin, and helped you out of one or two nasty scrapes?”
“You have indeed, dear Charlotte,” replied Mrs. Chambers in grateful accents, and with a visibly heightened colour.
“Well now, I want you to do something for me—only a trifle after all, but still I would rather trust you than anyone.”
“What can I do? Whatever it is, I shall be only too glad,” returned Mrs. Chambers effusively.
“Well, my dear, I’ll soon tell you. You recollect Captain Fairfax of the Hussars?”
“Yes, of course I do; a dark young man, who won the Arconum cup, and spent all his time out shikarring.”
“Exactly! but he found time enough to be very rude to me and I wish to pay him off somehow.”
“But what did he do?” asked Mrs. Chambers, her curiosity aroused.
“Never mind what he did—he treated me shamefully, cruelly, abominably,” returned Miss Mason with venomous empressement and a noble indifference to facts.
“Well, at any rate, he has left the country now,” put in Mrs. Chambers soothingly.
“But a letter can always reach him. I know his address at home. He is just married, and I was thinking of giving them a little bone of contention to amuse themselves with—something to ruffle up the dead, flat monotony of the honeymoon. For instance, a sham marriage certificate would give her a good fright.”
“Oh! but, my dear Charlotte,” gasped her friend, raising herself to a sitting posture, “you are joking. You would not think of such a thing.”
“Would I not?” replied Charlotte, with an unpleasant laugh and shake of her head. “I have thought of it, and, what is more, I mean to do it.”
“But you might cause fearful mischief; and, besides, I am sure it’s forgery,” Mrs. Chambers added with an awe-struck voice.
“Not a bit of it,” said Miss Mason lightly. “I have laid all my plans. Listen,” she continued, sitting up. “Oh, bother these mosquitoes,” waving her handkerchief to and fro. “Now attend to me. You know the clerk of All Saints’, a stupid, drunken old wretch, who would sell his soul for ten rupees. I have bribed him to let me have the church register and a lot of spare printed copies of certificates—blank forms, you know. I pretend I want to look out something for a friend. He brought the register here this morning, and I am to have it ready for him when he calls after dark; for, although there are very few weddings—more’s the pity—and no one troubles about the register at All Saints’, yet such books are not supposed to go travelling about in this style. Here it is,” and from beneath the mattress of her bed she produced a thick calf-bound volume. “Here are the printed forms,” she continued, getting up and busying herself arranging a writing-table, which she pushed towards her friend, whose eyes
followed her movements in dumb amazement. “Now,” she said, “Harriet, you are to copy a certificate of marriage on one of these blank strips, do you see.”
“I!” cried Mrs. Chambers. “Good heavens, Charlotte, you are out of your mind! It would be downright forgery. You are mad to think of it.”
“Forgery! Folly—it’s only a joke. After the first glance, no woman in her senses would see it in any other light. It’s a joke, I tell you—a joke, and I know,” she added, looking her friend straight in the face, “that for several reasons you will not refuse me.”
“Oh, but really—really,” faltered her victim.
“Yes, but really you will do it. Do you think I would ask you to do anything that was not right—that was illegal? Come, come, Harriet, here is a chair. You imitate writing so splendidly, you will have to oblige me, and I’ll give you my gold swami earrings into the bargain, besides all the good offices I have already done for you.”
Finding herself in the presence of a vigorous will, Mrs. Chambers, who was weak-minded and indolent, eventually succumbed, and very reluctantly settled to her task. The last marriage certificate was used as a copy, and splendidly imitated by Mrs. Chambers; the name of Reginald Fairfax was substituted for the man, and Fanny Cole for the spinster. The witnesses’ and the clergyman’s signatures were added. The only name that was really forged was the clergyman’s: “A correct copy of certificate of marriage as signed and attested by me.—H��� P����.”
This was a facsimile; the remaining part of the certificate was in a round clerkly hand, as if copied by that functionary. It was finished, and, villanous document as it was, was in every respect to all appearance an authorised and legal copy of a certificate of marriage.
Miss Mason having quieted her friend’s scruples by assuring her over and over again that it was “only a joke,” and having refreshed her with five-o’clock tea and half a brandy-and-soda, and sworn her to profoundest secrecy, dismissed her tool with much affectionate demonstration. She then locked up the book and papers and went for a drive, with the calm conviction that she had done a good
afternoon’s work. The following day an anonymous letter containing the mock certificate was despatched to Lady Fairfax.
I should here mention that when the old clerk called for the register and his ten rupees, and got them, he hastened to the Bazaar and laid in a fine supply of arrack, which he conveyed to his solitary “go down.” His orgie was on such an extensive scale that when he upset a lighted kerosine lamp he was perfectly incapable of stirring or extinguishing it, so he and his house and the marriage register were all consumed together. This occurrence was related to Miss Mason a few evenings afterwards at the band, as one of the items of local “gup;” also that the church register was missing—had recently and mysteriously disappeared; and that the general belief was that the defunct clerk had made away with it.
Miss Mason received the intelligence as a polite but totally disinterested listener; but as she rolled along the dusty roads in her carriage, on her way home, she thought all the time of her little joke and its probable consequences.
“‘Sweet is revenge, especially to women.’ I forget who wrote that; but it’s true,” she murmured. “Mine is even more complete than I had expected. Mr. Parry is dead; the clerk and the register burnt; the witnesses, John and Jane Fox, gone to Australia nearly two years ago. Clear yourself if you can, Sir Reginald Fairfax; I’ll not help you; and I think you will find that I have given you a difficult task.”
Such were Miss Mason’s reflections, and her amiability for the next two or three days was as surprising as it was unbounded. Occasionally she would lean back in her low capacious Singapore chair, drop her book in her lap, and indulge in a long and evidently delightful reverie, bewildering her foolish old father by sundry fits of wholly unexplained suppressed laughter.
“What ails you, Charlotte, my girl? What’s the matter?” he asked once, somewhat timidly.
“Oh, nothing. Nothing that would interest you, daddy; only a little bit of a practical joke that I have played on somebody.”
