PEPR '20 Conference Program

Over the last several decades, access control systems have evolved steadily from a single bits (“write protect”) through identity and role based approaches to complex, abstract frameworks such as Attribute Based Access Control (ABAC). However, in use they are most often used to answer traditional question of read and write access. In this talk, I will explore how frameworks like ABAC can be used to implement more abstract controls and policies such as purpose constraints and other data handling policies that need to depend on attributes of the data, the code, and surrounding context.

As technology advances, there is increasing concern about individuals being left behind. Businesses are striving to adopt responsible design practices and avoid any unintended consequences of their products. We propose a novel approach to fairness and inclusiveness based on experimentation. We use experimentation in order to assess not only the intrinsic properties of products and algorithms but also their impact on people. We do this by introducing an inequality approach to A/B testing. We show how to perform causal inference over this inequality measure. We provide real examples from LinkedIn, as well as an open-source, highly scalable implementation of the computation of the Atkinson index and its variance in Spark/Scala. We also provide over a year's worth of learnings - gathered by scaling our method and analyzing thousands of experiments - on which areas and which kinds of product innovations seem to foster fairness through inclusiveness.

This talk focuses on our experience building and deploying various iterations of a web-based secure multi-party computation (MPC) platform. Our experience demonstrates that secure computations can add value to questions of social good when otherwise constrained by legal, ethical, or privacy restrictions, and that it is feasible to deploy MPC solutions today.

We present a framework to improve the usability of Differential Privacy (DP) by allowing practitioners to quantify and visualize privacy vs utility trade-offs of DP.

While DP has long been seen as a robust anonymization technique, there is a significant disconnect between theory, implementation, and usability. One of the biggest problems that practitioners face when using DP is forming mental models around the benefits that DP provides to end users and how DP affects data utility. Many users are not acquainted to think in terms of epsilons, deltas, and sensitivity bounds, and they shouldn't have to! Our system helps users think in terms of utility loss and user anonymity gains.

Our talk has three parts. First, we provide a very quick primer on DP. Second, we will explain why and how we build this framework. Third, we demo the system using a real dataset in real-time!

Clear communication about privacy through icons and/or just a few words can be a difficult challenge. We have been involved in a number of research projects that evaluated proposed and implemented privacy choice icons and short text, including most recently studies related to the CCPA opt-out button. In this talk we will discuss our research into privacy icons and text, explaining both our methods, and our findings. We will demonstrate how to conduct these sorts of studies quickly and at low cost, and discuss why they are so important. We will also provide lessons learned about what works and what doesn’t when you want to communicate about privacy through icons and short text.

Effective privacy design is a crucial component of technology products and has been a global focus area for regulators and companies alike for decades. Despite this, many classic "privacy-by-design" processes ultimately fail. Why is that? This session focuses on the gaps in most PbD processes, notably how classic PbD systems exhibit inflexibility, are under-resourced, and conflict with predominant engineering cultures. It also discusses what companies, but especially smaller companies, and their privacy champions can do to achieve better privacy outcomes. By shifting from programs designed around process-oriented mandates to programs that emphasize building a “privacy-by-ethos” culture, companies can set themselves (and their users) up for success when it comes to privacy best practices.

The Product Journey and the Consumer Journey are essential parts of the product development process. When thinking about privacy from the perspective of the user, there is an underlying part of the consumer journey that must be mapped, the product's privacy journey. This talk discusses challenges of embedding privacy into the product creation process and how privacy product principles help consumers and how they can translated to product requirements.

Despite the growth in new regulations around the world, reliance on legal mandates often has diminishing returns for privacy professionals exerting influence beyond their immediate team. This presentation will introduce new and experienced professionals from all privacy disciplines to pragmatic techniques for thinking creatively about your role, how to build influence for privacy throughout cross-functional organizations, and reduce your dependence on regulatory hammers for securing privacy outcomes.

This talk is a guide to using privacy technology in deployment. First, we will give a brief overview of the current state of privacy technology for (a) Differential Privacy & Anonymization, and (b) Secure Multiparty Computation, Homomorphic Encryption, Secure Enclaves. We will then go over the current obstacles of deploying privacy-preserving software; namely, identifying privacy risks & risk management, the capabilities & limitations of privacy tool sets and the backgrounds required to use them. Obstacles differ depending on whether one is attempting to retrofit a codebase in order to integrate privacy post-hoc or whether one is choosing the tech stack they will use for creating a codebase that integrates Privacy by Design. With those two scenarios in mind, we will discuss strategies for choosing privacy tools, for choosing to compute on the edge vs. on-premise vs. on the cloud, and for thinking about right risk management frameworks.

Recent attacks on encryption have diverged. On the one hand, we’ve seen Attorney General William Barr call for “extraordinary access” to encrypted communications, using arguments that have barely changed since the 1990’s. But we’ve also seen suggestions from a different set of actors for more purportedly “reasonable” interventions, particularly the use of client-side scanning to stop the transmission of contraband files, most often child sexual abuse material (CSAM).

On their face, proposals to do client-side scanning seem to give us the best of all worlds: they preserve encryption, while also combating the spread of illegal and morally objectionable content.

But unfortunately it’s not that simple. While it may technically maintain some properties of end-to-end encryption, client-side scanning would render the user privacy and security guarantees of encryption hollow. This talk will explain why that is, and what we can do to keep encryption encrypted.

Privacy Incident Response (PIR) can be challenging to most organizations given the growing number of regulations and notification obligations. While most of the focus is on timely response to incidents, breach notification and quick fixes to minimize damage, the communication of lessons learnt to the appropriate product and privacy teams is often ignored. This talk focuses on maturing the incident response program to analyze key privacy incident trends and metrics which can highlight the success / progress / challenges of the privacy program.

Modern software development has embraced the concept of "code reuse," which is the practice of relying on third-party code to avoid "reinventing the wheel" (and rightly so). While this practice saves developers time and effort, it also creates liabilities: the resulting app may behave in ways that the app developer does not anticipate. This can cause very serious issues for privacy compliance: while an app developer did not write all of the code in their app, they are nonetheless responsible for it. In this talk, I will present research that my group has conducted to automatically examine the privacy behaviors of mobile apps vis-à-vis their compliance with privacy regulations. Using analysis tools that we developed and commercialized (as AppCensus, Inc.), we have performed dynamic analysis on hundreds of thousands of the most popular Android apps to examine what data they access, with whom they share it, and how these practices comport with various privacy regulations, app privacy policies, and platform policies. We find that while potential violations abound, many of the issues appear to be due to the (mis)use of third-party SDKs. I will provide an account of the most common types of violations that we observe and how app developers can better identify these issues prior to releasing their apps.

Introducing the IPA Triad, a generalized privacy framework consisting of three properties: Identity, Presence, and Activity. Like the CIA triad of information security, these properties provide a useful approach for modeling privacy risks in an applied problem space.

The path to navigating data protection risks is often filled with uncertainty. Overestimating the risks stifles growth, and underestimating them can derail the business. To be able to measure data protection risks and right-size the risk-profile of a company, we need to view them from both a technical and legal lens. Engineers and lawyers need to talk.

This talk will provide practical examples of how right-sizing the risk profile helps simply compliance. It will cover scenarios of data retention, use, and sharing, as well as breach notification. We will review key architectural decisions as well as engineering trade-offs that are often involved in shaping an organization’s compliance processes. These decisions and tradeoffs often center around the purpose of use, which is a concept that engineering teams do not traditionally pay attention to. Therefore, viewing the system requirements from a data protection lens helps clarify legal obligations and simplify compliance.