Privacy by Design – Engineering Privacy
August 31-September 1, 2015
Pittsburgh, PA
Omni William Penn Hotel, William Penn Place, Pittsburgh, PA, United States
Event Contact
Ann Drobnis
adrobnis@cra.org
Event Type
2015 Events, 2015 Visioning Activities, Visioning Activities, Workshop
Event Category
This workshop surveyed emerging challenges in engineering privacy from applications of cryptographic protocols and privacy-preserving databases, to formal notations and programming languages in identity management, de-identification, and software specification. This survey reviewed known challenges, such as understanding privacy policies (e.g., privacy laws in regulated sectors like healthcare and finance; privacy promises in self-regulated sectors like Web services) in computational terms so that tools can be developed to help with their enforcement, which includes conflicts introduced by cross-references from one legal text to another, difficulties reflecting use based models, modeling business process’ compliance with the law; and policy weaknesses exposed by computer scientists that limit the utility of translation for privacy protection (e.g., the atomic view of information types that ignores statistical correlations leading to weak de-identification requirements and ineffective approaches to privacy-preserving big data analytics). The workshop raised awareness of how well these results address the concepts and open problems identified in workshop #2, as well as serve to identify open research questions.
Privacy by Design Workshops
This workshop was one of four aimed at identifying a shared research vision to support the practice of privacy-by-design. They convened both practitioners with direct experience of the challenges in implementing privacy-by-design from a range of fields—software developers, privacy engineers, usability and interaction designers, chief privacy officers—and researchers from an equally broad range of disciplines.
The goals for the four workshops included:
- To take stock of the methods, tools, and approaches currently used to design for privacy.
- Broaden the lens through which privacy-by-design is viewed by the research community—positioning technical design along side theoretical/conceptual, organizational, and regulatory design questions.
- Begin the process of building an interdisciplinary community of researchers to develop broader theoretical foundations, systematic approaches, as well as organizational and regulatory models for supporting the practice of privacy-by-design.
Other Privacy by Design Workshops
Workshop 1- State of Research and Practice
Workshop 2- Privacy Enabling Design
Workshop 4- Catalyzing Privacy by Design
August 31, 2015 (Monday)
08:00 AM | Breakfast | Conference B |
09:00 AM | Session 1: Opening Remarks and Introductions
| Conference A Deirdre Mulligan, UC Berkeley |
09:30 AM | Session 2: Requirements and Policy Languages
| Conference A Limin Jia, Carnegie Mellon |
10:30 AM | Break | Outside Conference A |
10:50 AM | Session 3: Threat Modeling
| Conference A Susan Landau, Worcester Polytechnic Institute |
11:40 AM | Session 4: Identity Management
| Conference A Naomi Lefkovitz, NIST |
12:30 PM | Lunch | Conference B |
01:30 PM | Session 5: Privacy Tool Clinic, Part 1
| Conference A Chair: Seda Gurses, Princeton Tool Presenters: Tool Ringers: |
02:30 PM | Session 6: Conception of Privacy
| Conference A Deirdre Mulligan, UC Berkeley |
03:30 PM | Break | Outside Conference A |
04:00 PM | Session 7: Privacy Tool Clinic, Part 2
| Conference A Chair: Seda Gurses, Princeton Tool Presenters: Tool Ringers: |
05:00 PM | Session 8: Wrap-up on Day 1 | Conference A |
06:30 PM | Dinner
| Grand Concourse Restaurant Walk: leave from lobby at 6:10 |
September 1, 2015 (Tuesday)
08:00 AM | Breakfast | Conference B |
09:00 AM | Session 9: Reflections from Day 1
| Conference A Deirdre Mulligan, UC Berkeley |
09:30 AM | Session 10: Composability
| Conference A Anupam Datta, Carnegie Mellon |
11:00 AM | Break | Outside Conference A |
11:30 AM | Session 11: Standards
| Conference A Lorrie Cranor, Carnegie Mellon |
12:30 PM | Lunch | Conference B |
01:30 PM | Session 12: Practical De-Identification
| Conference A Khaled El Emam, University of Ottawa |
02:30 PM | Session 13: Design Patterns for Privacy
| Conference A Nick Doty, UC Berkeley |
03:45 PM | Session 14: Wrap up on Day 2 | Conference A |
Organizing Committee:
Deirdre K. Mulligan (Chair) University of California, Berkeley
Annie Antón Georgia Institute of Technology
Ken Bamberger University of California, Berkeley
Travis Breaux Carnegie Mellon University
Nathan Good Good Research
Susan Graham University of California, Berkeley and the Computing Community Consortium
Seda Gürses New York University
Susan Landau Worcester Polytechnic Institute
Helen Nissenbaum New York University
Fred Schneider Cornell University
Peter Swire Georgia Institute of Technology
Ira Rubinstein New York University
Ann Drobnis Computing Community Consortium Director
The Computing Community Consortium (CCC) will cover travel expenses for all participants who desire it. Please make your hotel reservation, using the link you receive after registering for the workshop. Participants are asked to make their own travel arrangements to get to the workshop, including purchasing airline tickets. Following the symposium, CCC will circulate a reimbursement form that participants will need to complete and submit, along with copies of receipts for amounts exceeding $75.
In general, standard Federal travel policies apply: CCC will reimburse for non-refundable economy airfare on U.S. Flag carriers; and no alcohol will be covered.
For more information, please see the Guidelines for Participant Reimbursements from CCC.
Additional questions about the reimbursement policy should be directed to Ann Drobnis, CCC Director (adrobnis [at] cra.org).
Privacy Engineering Tool Clinic
The objective of this tool clinic is to reflect on privacy (engineering) tools in the presence of interdisciplinary experts from academia, industry, government and civil society. During a tool clinic session, toolmakers present their tool, then two ringers steer and stir a lively discussion with an multi-disciplinary group of participants. The exercise aims to promote the collective evaluation of the tool with a focus on future directions for the presented tool. During tool clinic sessions the participants are encouraged to put themselves in the shoes of the designer and to reflect on a privacy engineering problem in the context of a concrete artifact. At the same time, the sessions provide toolmakers with an opportunity to rethink their tools in the presence of a group of experts with trans-disciplinary skills. By raising questions around production, licensing, deployment, use, legal implications, maintenance and sustainability the tool clinic also encourages participants to think about privacy engineering in holistic terms.
You can read more about tool clinics here: http://bit.ly/1K1OegK
The Tools:
Eddy: A privacy requirements specification language that privacy analysts can use to express requirements over acts to collect, use, transfer and retain personal and technical information.
Tool Makers:
Daniel Smullen and Travis Breaux, CMU
Ringers Session 1:
Eleanor Birrell, Cornell
Mohit Gupta, Clever
Ringers Session 2:
Damien Desfontaines, Google
Katie Shilton, UM College Park
RAPPOR: A technology for crowdsourcing statistics from end-user client software anonymously and with strong privacy guarantees.
Google’s blog post: http://googleresearch.blogspot.com/2014/10/learning-statistics-with-privacy-aided.html
Academic paper: http://arxiv.org/abs/1407.6981
Open source project: https://github.com/google/rappor
Tool Makers:
Ilya Mironov, Google and Aleksandra Korolova, USC
Ringers Session 1:
Gerald Friedland, UC Berkeley
Ira Rubinstein, NYU
Ringers Session 2:
Khaled El Emam, University of Ottawa
Helen Nissenbaum, NYU
Privacy Preserving Genomics Sharing Tool: A tool that allows for privacy-preserving sharing and visualization of genomic sequences, keeping them encrypted while they traverse outsourced environments.
Genomic Sharing Info Sheet
Flow Sheet
Tool Maker:
Carmela Troncoso, Gradient
Ringers Session 1:
Lorrie Cranor, Carnegie Mellon
Joe Hall, CDT
Ringers Session 2:
Matthew Fredrikson, Carnegie Mellon
Bethan Cantrell, Microsoft