CCCCatalyzing the computing research community and enabling the pursuit of innovative, high-impact research.
  • Twitter
  • Facebook
  • Youtube
  • Rss
  • About
    • About CCC
    • Council Members
    • Council Meetings
    • CCC Council Nominations
    • Governing Documents
    • FAQ
    • Contact
  • Visioning
    • Visioning Activities
      • 2022
      • 2021
      • 2020
      • 2019
      • 2018
      • 2017
      • 2016
      • 2015
      • 2014
      • 2013
      • 2012
      • 2011 and Prior Years
    • Workshop Reports
    • RFP – Creating Visions for Computing Research
    • Blue Sky
    • CS for Social Good White Paper Competition
    • Robotics Roadmap
  • Leadership Development
    • Call for Council Nominations
    • Leadership in Science Policy Institute
    • Big Data Regional Hubs
    • Postdoc Best Practices
      • Postdoc Best Practice Final Reports
      • Postdoc Best Practice Resources
    • CIFellows
      • CIFellows 2021
      • CIFellows 2020
      • CIFellows 2020: For the Record
      • CI Fellows 2014 Workshop
      • 2011 Class
      • 2010 Class
      • 2009 Class
      • Assessment
      • Diversity
      • Success Stories
  • Task Forces
    • Computing Challenges to Humanity: Climate
    • Research Ecosystem Working Group
    • NextGen AI
    • Unique Ways to Compute
    • Socio Technical Resilience
    • Computational Challenges in Healthcare
    • Past Task Forces
      • AI Working Group
      • Weird Ways to Compute
      • Security, Integrity, and Trust
      • Future of Life in a Hybrid World
      • Computing Challenges to Humanity
  • Resources
    • CCC Call for Content
    • Workshop Reports
    • CCC-Led White Papers
    • Presentations
    • CCC Responds to the Community
    • Recent CCC Activities
    • Ongoing CCC Activities
    • CIFellows Spotlight
    • Great Innovative Ideas
    • Event Videos
    • Catalyzing Computing Podcast
    • Computing Research in Action
    • Computing Research Highlights
  • Events
    • Upcoming Events
    • Special Events
    • Past Events
    • CCC at AAAS
      • CCC at AAAS 2023
      • CCC at AAAS 2022
      • CCC at AAAS 2020
      • CCC at AAAS 2019
      • CCC at AAAS 2018
      • CCC at AAAS 2017
      • CCC at AAAS 2016
      • CCC at AAAS 2013
  • CCC by CS Area
    • AI /ML / Robotics
    • Architecture / Systems / Networking
    • Databases / Informatics / Data Science / HPC
    • Human-Computer Interaction / Graphics / Visualization
    • IoT / Ubiquitous
    • Programming Languages / Compilers / Software Engineering
    • Security / Privacy / Fairness
    • Theory / Algorithms
    • Miscellaneous
  • Blog
  • Podcast
  • Search
  • Menu

Privacy by Design – Engineering Privacy


   Workshop Report   

August 31-September 1, 2015

Pittsburgh, PA
Omni William Penn Hotel, William Penn Place, Pittsburgh, PA, United States



Event Contact

Ann Drobnis
adrobnis@cra.org


Event Type

2015 Events, 2015 Visioning Activities, Visioning Activities, Workshop


Event Category

CCC, CRA

Overview

This workshop surveyed emerging challenges in engineering privacy from applications of cryptographic protocols and privacy-preserving databases, to formal notations and programming languages in identity management, de-identification, and software specification. This survey reviewed known challenges, such as understanding privacy policies (e.g., privacy laws in regulated sectors like healthcare and finance; privacy promises in self-regulated sectors like Web services) in computational terms so that tools can be developed to help with their enforcement, which includes conflicts introduced by cross-references from one legal text to another, difficulties reflecting use based models, modeling business process’ compliance with the law; and policy weaknesses exposed by computer scientists that limit the utility of translation for privacy protection (e.g., the atomic view of information types that ignores statistical correlations leading to weak de-identification requirements and ineffective approaches to privacy-preserving big data analytics). The workshop raised awareness of how well these results address the concepts and open problems identified in workshop #2, as well as serve to identify open research questions.

Privacy by Design Workshops

This workshop was one of four aimed at identifying a shared research vision to support the practice of privacy-by-design. They convened both practitioners with direct experience of the challenges in implementing privacy-by-design from a range of fields—software developers, privacy engineers, usability and interaction designers, chief privacy officers—and researchers from an equally broad range of disciplines.

The goals for the four workshops included:

  • To take stock of the methods, tools, and approaches currently used to design for privacy.
  • Broaden the lens through which privacy-by-design is viewed by the research community—positioning technical design along side theoretical/conceptual, organizational, and regulatory design questions.
  • Begin the process of building an interdisciplinary community of researchers to develop broader theoretical foundations, systematic approaches, as well as organizational and regulatory models for supporting the practice of privacy-by-design.

Other Privacy by Design Workshops
Workshop 1- State of Research and Practice
Workshop 2- Privacy Enabling Design
Workshop 4- Catalyzing Privacy by Design

Agenda

August 31, 2015 (Monday)

08:00 AM Breakfast | Conference B
09:00 AM Session 1: Opening Remarks and Introductions | Conference A

Deirdre Mulligan, UC Berkeley
Travis Breaux, Carnegie Mellon

09:30 AM Session 2: Requirements and Policy Languages | Conference A

Limin Jia, Carnegie Mellon
Travis Breaux, Carnegie Mellon
Becky Richards, NSA

10:30 AM Break | Outside Conference A
10:50 AM Session 3: Threat Modeling | Conference A

Susan Landau, Worcester Polytechnic Institute
Naomi Lefkovitz, NIST
Giles Hogben, Google

11:40 AM Session 4: Identity Management | Conference A

Naomi Lefkovitz, NIST
Paul Grassi, Connect.gov
David Kelts, MorphoTrust

12:30 PM Lunch | Conference B
01:30 PM Session 5: Privacy Tool Clinic, Part 1 | Conference A

Chair: Seda Gurses, Princeton

Tool Presenters:
Daniel Smullen, Carnegie Mellon
Travis Breaux, Carnegie Mellon
Carmela Troncoso, Gradiant
Ilya Mironov, Google
Aleksandra Korolova, Stanford

Tool Ringers:
Eleanor Birrell, Cornell
Mohit Gupta, Clever
Lorrie Cranor, Carnegie Mellon
Joe Hall, CDT
Gerald Friedland, UC Berkeley
Ira Rubinstein, NYU

02:30 PM Session 6: Conception of Privacy | Conference A

Deirdre Mulligan, UC Berkeley
Helen Nissenbaum, NYU

03:30 PM Break | Outside Conference A
04:00 PM Session 7: Privacy Tool Clinic, Part 2 | Conference A

Chair: Seda Gurses, Princeton

Tool Presenters:
Daniel Smullen, Carnegie Mellon
Carmela Gonzalez Troncoso, Gradient
Aleksandra Korolova, Stanford

Tool Ringers:
Damien Desfontaines, Google
Katie Shilton, UM College Park
Matthew Fredrikson, Carnegie Mellon
Bethan Cantrell, Microsoft
Khaled El Elmam, University of Ottawa
Helen Nissenbaum, NYU

05:00 PM Session 8: Wrap-up on Day 1 | Conference A
06:30 PM Dinner | Grand Concourse Restaurant

Walk: leave from lobby at 6:10
Cab: leave from lobby at 6:20

September 1, 2015 (Tuesday)

08:00 AM Breakfast | Conference B
09:00 AM Session 9: Reflections from Day 1 | Conference A

Deirdre Mulligan, UC Berkeley

09:30 AM Session 10: Composability | Conference A

Anupam Datta, Carnegie Mellon
Michael Tschantz, ICSI
Ashwin Machanavajjhala, Duke
Robert Ferguson, Automatic Labs

11:00 AM Break | Outside Conference A
11:30 AM Session 11: Standards | Conference A

Lorrie Cranor, Carnegie Mellon
Dawn Jutla, St. Mary’s University
Nick Doty, UC Berkeley

12:30 PM Lunch | Conference B
01:30 PM Session 12: Practical De-Identification | Conference A

Khaled El Emam, University of Ottawa
Matthew Fredrikson, Carnegie Mellon
Ira Rubinstein, NYU

02:30 PM Session 13: Design Patterns for Privacy | Conference A

Nick Doty, UC Berkeley
José M. del Álamo, Universidad Politecnica de Madrid
Richard Chow, Intel
Mohit Gupta, Clever
Jaap-Henk Hoepman, Radboud University Nijmegen

03:45 PM Session 14: Wrap up on Day 2 | Conference A
Participants

Participant Lightning Slides

Organizing Committee:

Deirdre K. Mulligan (Chair) University of California, Berkeley

Annie Antón Georgia Institute of Technology

Ken Bamberger University of California, Berkeley

Travis Breaux Carnegie Mellon University

Nathan Good Good Research

Susan Graham University of California, Berkeley and the Computing Community Consortium

Seda Gürses New York University

Susan Landau Worcester Polytechnic Institute

Helen Nissenbaum New York University

Fred Schneider Cornell University

Peter Swire Georgia Institute of Technology

Ira Rubinstein New York University

Ann Drobnis Computing Community Consortium Director

Logistics

The Computing Community Consortium (CCC) will cover travel expenses for all participants who desire it. Please make your hotel reservation, using the link you receive after registering for the workshop. Participants are asked to make their own travel arrangements to get to the workshop, including purchasing airline tickets. Following the symposium, CCC will circulate a reimbursement form that participants will need to complete and submit, along with copies of receipts for amounts exceeding $75.

In general, standard Federal travel policies apply: CCC will reimburse for non-refundable economy airfare on U.S. Flag carriers; and no alcohol will be covered.

For more information, please see the Guidelines for Participant Reimbursements from CCC.

Additional questions about the reimbursement policy should be directed to Ann Drobnis, CCC Director (adrobnis [at] cra.org).

Resources

Privacy Engineering Tool Clinic

The objective of this tool clinic is to reflect on privacy (engineering) tools in the presence of interdisciplinary experts from academia, industry, government and civil society. During a tool clinic session, toolmakers present their tool, then two ringers steer and stir a lively discussion with an multi-disciplinary group of participants. The exercise aims to promote the collective evaluation of the tool with a focus on future directions for the presented tool. During tool clinic sessions the participants are encouraged to put themselves in the shoes of the designer and to reflect on a privacy engineering problem in the context of a concrete artifact. At the same time, the sessions provide toolmakers with an opportunity to rethink their tools in the presence of a group of experts with trans-disciplinary skills. By raising questions around production, licensing, deployment, use, legal implications, maintenance and sustainability the tool clinic also encourages participants to think about privacy engineering in holistic terms.

You can read more about tool clinics here: http://bit.ly/1K1OegK

The Tools:

Eddy: A privacy requirements specification language that privacy analysts can use to express requirements over acts to collect, use, transfer and retain personal and technical information.

Eddy Workshop Info Sheet

Eddy Website: https://gaius.isri.cmu.edu:8210/eddy/

Tool Makers:
Daniel Smullen and Travis Breaux, CMU

Ringers Session 1:
Eleanor Birrell, Cornell
Mohit Gupta, Clever

Ringers Session 2:
Damien Desfontaines, Google
Katie Shilton, UM College Park

RAPPOR: A technology for crowdsourcing statistics from end-user client software anonymously and with strong privacy guarantees.

Google’s blog post: http://googleresearch.blogspot.com/2014/10/learning-statistics-with-privacy-aided.html
Academic paper: http://arxiv.org/abs/1407.6981
Open source project: https://github.com/google/rappor

Tool Makers:
Ilya Mironov, Google and Aleksandra Korolova, USC

Ringers Session 1:
Gerald Friedland, UC Berkeley
Ira Rubinstein, NYU

Ringers Session 2:
Khaled El Emam, University of Ottawa
Helen Nissenbaum, NYU

Privacy Preserving Genomics Sharing Tool: A tool that allows for privacy-preserving sharing and visualization of genomic sequences, keeping them encrypted while they traverse outsourced environments.

Genomic Sharing Info Sheet
Flow Sheet

Tool Maker:
Carmela Troncoso, Gradient

Ringers Session 1:
Lorrie Cranor, Carnegie Mellon
Joe Hall, CDT

Ringers Session 2:
Matthew Fredrikson, Carnegie Mellon
Bethan Cantrell, Microsoft

CRA - Uniting Industry, Academia and Government to Advance Computing Research and Change the World.
CCC - Catalyzing the computing research community and enabling the pursuit of innovative, high-impact research.
Increasing the Success and Participation of Underrepresented Groups in Computing Research.
CRA-E - Addressing society’s need for a continuous supply of talented and well-educated computing researchers.
CERP - Promoting diversity in computing through evaluation and research.
Increasing interaction between industry partners and other organizations involved in computing research for the benefit of all.
CRA Home | Contact Us | Unsubscribe/Removal of Information | Terms of Use         © Copyright 2021 - CRA
Privacy by Design – Privacy Enabling Design privacy_sm 2025 Roundtable
Scroll to top