Visible to the public ICSI SoS Lablet Quarterly Executive Summary - October 2018Conflict Detection Enabled

Submitted by Serge Egelman on Sun, 10/28/2018 - 10:38pm

A. Fundamental Research
The International Computer Science Institute (ICSI) initiated four projects, which together aim to make advances in defining privacy, privacy engineering, Big Data accountability, understanding privacy perceptions, and assessing privacy risks. The specific projects are as follows:

  • Performing empirical research towards applying the theory of Contextual Integrity (CI) to the design of future privacy controls.
    • This quarter we designed several studies and received IRB approval to examine privacy issues surrounding in-home voice-activated IoT devices. These studies are designed to examine users' expectations surrounding data capture and transmission.
    • Our work on mobile app privacy controls also continues, as we are now expanding the infrastructure. Through this process, we have identified several security vulnerabilities on Android that we have reported to Google and are working on a paper on covert channels that apps are using to collect user data without consent.
  • Using formal methods to improve CI theory by refining it to support a wider range of privacy contexts.
    • This project is moving along, with Tschantz and Nissenbaum collaborating on formal definitions of privacy.
  • Conducting a series of workshops with stakeholders from government, industry, and academia to examine issues pertaining to Big Data governance.
    • Mulligan's team attended a NIST workshop on a new privacy framework; also exploring the literature to build a taxonomy of concepts that should be embodied.
  • Conducting a series of workshops on Privacy by Design to examine, improve, and refine privacy engineering practices and outreach efforts.
    • Mulligan's team conducted interviews with privacy engineers and is planning an upcoming workshop on "design thinking."

 

B. Community Engagement(s)
Egelman and three members of his team presented three papers at the Symposium on Applications of Contextual Integrity, hosted by Nissenbaum at Prineton. This resulted in a lot of discussion, as well as some future potential collaborations.

Egelman has also had several meetings with regulators to discuss findings on mobile privacy. This includes ongoing consultations with FTC staff, guidance on a lawsuit being brought against platforms and app developers by the NM AG, as well as speaking to international regulators earlier this month at an event organized by the OECD.

Mulligan and students attended a NIST workshop on their privacy framework, as part of their effort to meet with stakeholders to develop guidance on "governance for big data."

 

C. Educational Advances
None this quarter.

Groups: