Visible to the public Contextual Integrity for Computer Systems - January 2022Conflict Detection Enabled

Submitted by Michael Tschantz on Wed, 04/27/2022 - 4:09pm

PI(s), Co-PI(s), Researchers: Michael Tschantz (ICSI), Helen Nissenbaum (Cornell Tech)

HARD PROBLEM(S) ADDRESSED
Scalability and Composability, Policy-Governed Secure Collaboration

PUBLICATIONS

KEY HIGHLIGHTS

Nissenbaum and Tschantz's proposal for a workshop, Contextual Integrity for Differential Privacy, has been accepted as Workshop 23w5106 at the Banff International Research Station, Okanagan, Kelowna, British Columbia, Canada, to be held 06/11/2023 to 06/16/2023.

Our main research activities have focused on two areas.

Firstly, we have studied the role of privacy risk assessments in systems' design and more generally privacy management within organizations. We have analyzed how subjecting privacy design to a risk assessment approach within organizations may lead to unexpected outcomes, viz. design choices and strategies that do not contribute to the protection of privacy. Through the lens of contextual integrity, our findings thus far indicate the presence of critical flaws in these approaches: vague definitions and lack of actuarial models, inadequate understanding of social and network effects, and a disregard for the conflicting interests of the organization, on the one hand, and broader society, on the other. These findings suggest that risk assessment, while useful, should be playing a (narrower) role in privacy engineering and organizational management at large.

Secondly, we have considered the role that differential privacy, as a mechanism within privacy engineering, may play in the design of privacy preserving systems. In theory, differential privacy offers formal guarantees of privacy protection. It also provides an elegant way to quantify a trade-off -- in the words of DP promoters -- between data confidentiality and the utility of data products or statistics that we wish to derive. In practice, however, differential privacy is hard to interpret and accommodate into existing data analysis practices and processes. Our goal is to gain a better understanding of uses and limits of differential privacy by examining it through the lens of contextual integrity. With its focus on contexts, ends and values, contextual integrity may represent a useful conceptual framework to assist the identification of ideas settings for successful adoption of differentially private mechanisms.

COMMUNITY ENGAGEMENTS

"All the parameters matter! Contextual Integrity for Statistical Reporting", FCSM Research & Policy Conference Keynote, November 2021.

"Applying Contextual Integrity to Health", Center for Technology and Behavioral Health, Dartmouth College, October 2021.

"Are We "Over" Privacy?", Changing Values, Changing Technologies, Centre for Ethics and Technology, October 2021.

EDUCATIONAL ADVANCES

Groups: