| 07:30-08:45|| Breakfast|
| 08:45-09:00|| Welcome|
| || |
| || Session: Beyond Data Usage Control|
| 09:00-09:30|| Gringotts: Securing Data for Digital Evidence [Slides]|
Catherine MS Redfield, Hiroyuki Date
| 09:30-10:00|| Hurdles for Genomic Data Usage Management [Slides]|
| || |
| 10:00-10:30|| Coffee|
| || |
| || Session: Technology|
| 10:30-11:00|| Architecture, Workflows, and Prototype for Stateful Data Usage Control in the Cloud [Slides]|
Aliaksandr Lazouski, Gaetano Mancini, Fabio Martinelli, Paolo Mori
| 11:00-11:30|| Resilience as a new Enforcement Model for IT Security based on Usage Control [Slides]|
| 11:30-12:00|| Structure Matters - A new Approach for Data Flow Tracking [Slides]|
Enrico Lovat, Florian Kelbert
| || |
| 12:00-13:15|| Lunch|
| || |
| || Session: Keynote and Languages|
| 13:15-14:15|| Keynote: Privacy through Accountability: The Case of Web
Services (abstract below)|
Anupam Datta, CMU
Johnson Iyilade, Julita Vassileva
| || |
| 14:45-15:15|| Coffee|
| || |
| || Session: Accountability|
| 15:15-15:45|| RAPPD: A language and prototype for recipient-accountable private personal data [Slides]|
Yuan J. Kang, Allan M. Schiffman, Jeff Shrager
| 15:45-17:15|| Panel: Data Usage Management by and for Accountability (description below)|
Nick Doty, UC Berkeley
Aaron Jaggard, Naval Research Labs
Erin Kenneally, The Cooperative Association for Internet Data Analysis
Jeff Shrager, Stanford
Michael Tschantz, UC Berkeley
Moderator: Anupam Datta, CMU
| 17:15-17:30 || Thanks and Wrap-Up|Keynote: Anupam Datta, Privacy through Accountability: The Case of Web
With the rapid increase in Web services collecting and
using user data to offer personalized experiences, ensuring that these services
comply with their privacy policies has become a business imperative for
building user trust. In this talk, I will report on two of our recent results
that Web services' companies can employ to improve their privacy compliance
efforts and be accountable for their privacy promises.
First, I will present our experience building and
joint work with Microsoft Research. Central to the design of the system are
(a) LEGALEASE —a language that allows specification of
privacy policies that impose restrictions on how user data is handled; and (b)
GROK —a data inventory for Map-Reduce-like big data systems that tracks how
user data flows among programs. GROK maps code-level schema elements to
datatypes in LEGALEASE, in essence, annotating existing programs with
information flow types with minimal human input.
Compliance checking is thus reduced to information flow
analysis of big data systems. The system, bootstrapped by a small team, checks
compliance daily of millions of lines of ever-changing source code written by
several thousand developers.
Second, I will describe the problem of detecting personal
data usage by websites when the analyst does not have access to the code of the
system nor full control over the inputs or observability of all outputs of the
system. A concrete example of this setting is one in which a privacy advocacy
group or Web user may be interested in checking whether a particular web site
uses certain types of personal information for advertising. I will present a
methodology for Information Flow Experiments based on experimental science and
statistical analysis that addresses this problem and report on results of our
experiments with Google.
Panel: Data Usage Management by and for Accountability
We want to discuss the applicability
of data usage management technologies to accountability. What can
we do today; where would we like to go; when considering accountability
of privacy requirements, don't we create far larger privacy
problems by monitoring, tracking and combining different kinds
of data usages?
Individuals and institutions increasingly want to
know whether information systems are adhering to policies that
are supposed to govern the data usage in these systems. As these
systems grow in scale and complexity, we would like to be able to assess
theiraccountability to data usage policy specifications
in an automated, or machine-assisted manner. Responding to requirements
from the fields ofdata privacy, electronic surveillance, security,
intellectual property, as well as healthcare and finance,
researchers have been exploring how to design and enforce accountability
properties for various systems.
Specifically, the panel will address the following questions:
- Definition of accountability? Precisely which needs does it
satisfy, what exactly are accountability requirements, and why do we think
they are important?
- Are there differences between accountability for safety and accountability for
security/privacy? Which ones?
- Are there differences between accountability in purely human, purely technical,
and sociotechnical (human+technology) contexts?
- In which contexts is accountability (detection and logging if policies are
adhered to; that’s what auditors are supposed to find out) the right strategy;
in which contexts is preventive data usage control (making sure that a policy
is adhered to; as in DRM) the right strategy? Is one generally preferable to
the other one? What are pros and cons regarding cost, practicality, technical
limits, usability, etc.?
- Detection and prevention are not necessarily very different in terms of
technology: if you can detect, you can in many cases also prevent. Does this
mean that accountability becomes potentially dangerous in that it can be abused
for control rather than observation?
- Accountability seems to imply the need for tracking data provenance
information. Accountability may then mean that we can know which data about an
individual a company or a government possesses. That in turn may mean we have
the panopticon: one system can combine data from different sources, something
we often don’t want. Is it worth to pay that price of potential abuse?
- Is there a business for accountability? Who is going to pay?
- As far as accountability is concerned, where do you see the most relevant
challenges in terms of society and in terms of research?