Spring 2025 NYC Privacy Day will be hosted at Columbia University on April 18, 2025.

Location: Columbia University Innovation Hub 2276 12th Avenue, New York, NY 10027 (Note that this NOT on the main campus. By public transit, take the 1 train to the 125th stop.)

Registration: Please register here by April 14. [EDIT: Registration is now closed and the event is at capacity.] Make sure to use the same name as on your government-issued ID, which you will need to access the building. Please note that we cannot accommodate late registrations, due to Columbia's guest policy.

Poster session: There will be a poster session. Please submit for the poster session through this form by April 7, 2025 [EDIT: April 16, 2025]. Acceptance notifications will be sent along with instructions shortly after the deadline (bring your own poster).

Schedule:
9-9:30am Breakfast and check-in
9:30-10am Opening Remarks and Icebreakers
10-11am Talks: Lucy Simko (Barnard),  Alex Kulesza (Google)
11-11:30am Break
11:30am-12:30pm Talks: Eugene Bagdasarian (UMass Amherst), Wenqi Wei (Fordham)
12:30-1:30pm Lunch
1:30-2:30pm Poster session
2:30-3:30pm  Talks: Gamze Gursoy (Columbia), Hal Triedman (Cornell Tech/Wikimedia)
3:30-4pm Wrap-up

Talks:

Lucy Simko: How geopolitical change causes people to become (more) vulnerable
Computer security and privacy is critical for vulnerable and marginalized populations. Vulnerable populations might face more determined adversaries or higher consequences for security and privacy breaches. Vulnerability can be caused by change, like undergoing life changing events including environmental or manmade crises that can affect all humans at various stages in their lives. It is therefore of critical importance for computer security and privacy to understand the interactions between change and computer security and privacy. In this talk, I will explore this relationship based on different populations that experienced change. Based on my research, I describe three major themes that characterize the relationship between change and computer security and privacy: (1) Change creates different elements of one's threat model---actors, threats, assets---as well as different technical needs. (2) During a period of change, people may change how they prioritize computer security and privacy in response to other emergent needs. (3) When technology design is misaligned with the needs and uses of marginalized populations, it causes those populations to have to work harder to maintain security and privacy, exacerbating existing systemic inequalities during times of change. Based on this understanding of how change interacts with computer security and privacy, I recommend how we can design for change: by centering the needs of those affected by change and marginalization.

Alex Kuzesza: Practical Differential Privacy, Pessimism, and Risk
Differential privacy promises to replace fuzzy, case-by-case privacy reasoning with a universal framework guaranteeing safe data analysis across a wide variety of applications. In some settings, this promise has already been fulfilled. However, differential privacy in practice often turns out to require a lot more fuzzy decision-making than we’d like to think. In this talk I will discuss some of the practical challenges that we’ve encountered in our work, and show how DP’s innate pessimism frequently causes or exacerbates those problems. I will then argue that there might be another path: a risk-based formalization of differential effects that better addresses the increasingly complex privacy problems we face today.

Eugene Bagdasarian: Context Is Key: Building Privacy-conscious Assistants
Privacy of model inputs is a new challenge when deploying AI assistants powered by large language models (LLMs) and agentic capabilities. Operating on sensitive user data, these assistants must distinguish between different contexts when deciding what information to share. In this talk, I will introduce a problem domain that connects well to principles of contextual integrity—a theory defining appropriate information flows. Leveraging this theory, I will outline how AI assistants are fundamentally vulnerable to attacks exploiting context ambiguities. I will walk through our experiences studying safety mechanisms for these agents, along with the hard lessons we learned. To evaluate new agents, I will discuss creating synthetic data and user profiles, as well as obtaining appropriate norms and metrics. Finally, I will explain why blindly applying traditional operating-system methods requires caution and will discuss how to adapt them for AI assistants.

Wenqi Wei: The Price of Utility and Security: Can AI Truly Prioritize Privacy?
Abstract: As large language models (LLMs) become increasingly integrated into software development workflows, questions around the trade-offs between privacy, utility, and security have grown more pressing. This talk will discuss whether privacy can be genuinely prioritized in AI systems without sacrificing core functionalities or compromising security guarantees. Using code generation models as a case study, we examine the impact of privacy-preserving techniques—particularly differential privacy—on user-facing utility. We further analyze how these methods interact with core security goals from the CIA triad (confidentiality, integrity, and availability) and identify potential tensions or synergies. Through empirical evidence and theoretical framing, we argue that achieving robust privacy often requires recalibrating expectations around utility and security. Our findings call for a rethinking of what it means to build "trustworthy AI" and offer guidance for aligning privacy with the broader objectives of responsible AI development. 

Gamze Gursoy: Privacy in the Double Helix: Protecting Genomic Data While Advancing Biomedical Research
Genomic data hold immense promise for advancing biomedical research, improving patient outcomes, and powering fields as diverse as forensics and genealogy. Yet, the very qualities that make genetic information powerful—its uniqueness, permanence, and deep ties to personal and familial health—also make it intensely sensitive. In this talk, I will explore the landscape of genomic privacy, outlining the critical challenges posed by the identifiability of DNA, the risk of re-identification, and the potential for discrimination or financial harm to individuals and their relatives. I will provide a comprehensive overview of the pathways through which privacy can be compromised, drawing attention to both well-known risks and emerging vulnerabilities. Importantly, I will discuss existing and next-generation privacy-preserving strategies that can enable meaningful research without compromising individual rights.

Hal Triedman: Clean narratives and messy realities: Stories of success and failure in applied DP from the field
Differential privacy (DP) specialists have simple narratives and clean stories about the motivations and guarantees that underlie DP as a technological intervention. This simplicity — a narrative dichotomy between the inherent insecurity of non-DP methods of other data analysis methods and the clear worst-case bounds of DP — burnishes the legitimacy of privacy researchers and technologists but largely elides the messier needs and understandings of the many varied constituencies for data releases: non-DP expert dataset owners and maintainers, data users, and data subjects. This talk presents the case study of the Wikimedia DP geoeditors data release as a method of understanding the shortfalls of traditional DP narratives when compared to the messy realities that data releases emerge from. The hope is that this serves as a departure point for newer ways to communicate and debate formal privacy guarantees more broadly.

Organizers: Abdellah Aznag, Rachel Cummings, Saeyoung Rho

Sponsors: We gratefully acknowledge support from our sponsors: 

Department of Industrial Engineering and Operations Research and the Cybersecurity Center at the Data Science Institute, at Columbia University