Privacy through Accountability

Privacy has become a significant concern in modern society as personal information about individuals is increasingly collected, used, and shared, often using digital technologies, by a wide range of organizations. One goal of this project is to precisely articulate what privacy means in various settings, and whether and how it can be achieved. Recognizing that traditional preventative mechanisms are inadequate for enforcement, we develop a computational basis for information accountability -- theories and tools that can be used to provide oversight of complex information processing ecosystems to ensure that they respect privacy, and other desirable values such as fairness and transparency. Significant recent results include the following:

  • First study to demonstrate statististically significant evidence of discrimination in online behavioral advertising [PETS 2015] by augmenting and applying our methodology for information flow experiments [CSF 2015]
  • First automated privacy compliance analysis of the production code of an Internet-scale system -- the big data analytics pipeline for Bing, Microsoft's search engine; leverages our usable privacy policy language and an information flow analysis methodology (joint work with Microsoft Research) [IEEE S & P 2014]
  • First complete logical specification of all disclosure-related clauses of the HIPAA Privacy Rule for healthcare privacy [WPES2010] and audit algorithms that apply to it and, more generally, to a rich class of policies (fragments of metric first-order temporal logic) [CCS 2011, CAV 2014, CCS 2015]
  • First formal semantics for purpose restrictions on information use [IEEE S & P 2012, ESORICS 2013]

 

An overview paper:

  • A. Datta, Privacy through Accountability: A Computer Science Perspective, in Proceedings of 10th International Conference on Distributed Computing and Internet Technology, February 2014. [PaperInvited Paper

 

Publications:

  • O. Chowdhury, D. Garg, L. Jia, A. Datta, Equivalence-based Security for Querying Encrypted Databases: Theory and Application to Privacy Policy Audits, in Proceedings of 22nd ACM Conference on Computer and Communications Security, October 2015. [Paper]
  • A. Datta, D. Garg, D. Kaynar, D. Sharma, A. Sinha, Program Actions as Actual Causes: A Building Block for Accountability, in Proceedings of 28th IEEE Computer Security Foundations Symposium, July 2015. [Paper] [Full Version]
  • M. C. Tschantz, A. Datta, A. Datta, J. M. Wing, A Methodology for Information Flow Experiments, in Proceedings of 28th IEEE Computer Security Foundations Symposium, July 2015. [Paper] [Full Version]
  • A. Datta, M. C. Tschantz, A. Datta, Automated Experiments on Ad Privacy Settings: A Tale of Opacity, Choice, and Discrimination, in Proceedings of Privacy Enhancing Technologies Symposium, July 2015. [Paper] [Full Version]
  • A. Datta, A. Datta, A. Procaccia, Y. Zick, Influence in Classification via Cooperative Game Theory, in Proceedings of 25th International Joint Conference on Artificial Intelligence, July 2015. [Paper] [Full Version]
  • A. Carbonara, A. Datta, A. Sinha, Y. Zick, Incentivizing Peer Grading in MOOCs: An Audit Game Approach, in Proceedings of 25th International Joint Conference on Artificial Intelligence, July 2015. [Paper]
  • J. Blocki, N. Christin, A. Datta, A. Procaccia, A. Sinha, Audit Games with Multiple Defender Resources, in Proceedings of 29th AAAI Conference on Artificial Intelligence, January 2015. [Full Version]
  • O. Chowdhury, L. Jia, D. Garg, A. Datta, Temporal Mode-Checking for Runtime Monitoring of Privacy Policies, in Proceedings of 26th International Conference on Computer Aided Verification, July 2014. [Paper] [Full Version]
  • S. Sen, S. Guha, A. Datta, S. Rajamani, J. Tsai, J. M. Wing, Bootstrapping Privacy Compliance in Big Data Systems, in Proceedings of 35th IEEE Symposium on Security and Privacy, May 2014. [Paper] Best Student Paper Award
  • S. E. Oh, J.Y. Chun, L. Jia, D. Garg, C. A. Gunter, A. Datta, Privacy-preserving audit for broker-based health information exchange, in Proceedings of 4th ACM Conference on Data and Application Security and Privacy, March 2014.
  • A. Datta, Privacy through Accountability: A Computer Science Perspective, in Proceedings of 10th International Conference on Distributed Computing and Internet Technology, February 2014. [Paper] Invited Paper
  • J. Blocki, N. Christin, A. Datta, A. Sinha, Adaptive Regret Minimization in Bounded-Memory Games, in Proceedings of 4th Conference on Decision and Game Theory for Security, November 2013. [Full Version]
  • M. C. Tschantz, A. Datta, J. M. Wing, Purpose Restrictions on Information Use, in Proceedings of 18th European Symposium on Research in Computer Security, September 2013. [Full Version]
  • J. Blocki, N. Christin, A. Datta, A. Procaccia, A. Sinha, Audit Games, in Proceedings of 23rd International Joint Conference on Artificial Intelligence, August 2013. [Full Version]
  • O. Chowdhury, A. Gampe, J. Niu, J. von Ronne, J. Bennatt, A. Datta, L. Jia, W. H. Winsborough, Privacy Promises That Can Be Kept: A Policy Analysis Method with Application to the HIPAA Privacy Rule, in Proceedings of 18th ACM Symposium on Access Control Models and Technologies, June 2013.
  • J. Blocki, A. Blum, A. Datta, O. Sheffet, Differentially Private Data Analysis of Social Networks via Restricted Sensitivity, in Proceedings of 4th Innovations in Theoretical Computer Science Conference, January 2013. [Full Version]
  • J. Blocki, N. Christin, A. Datta, A. Sinha, Audit Mechanisms for Provable Risk Management and Accountable Data Governance, in Proceedings of 3rd Conference on Decision and Game Theory for Security, November 2012. [Paper]
  • J. Blocki, A. Blum, A. Datta, O. Sheffet, The Johnson-Lindenstrauss Transform Itself Preserves Differential Privacy, in Proceedings of 53rd Annual IEEE Symposium on Foundations of Computer Science, October 2012. [Full Version]
  • M. C. Tschantz, A. Datta, J. M. Wing, Formalizing and Enforcing Purpose Restrictions in Privacy Policies, in Proceedings of 33rd IEEE Symposium on Security and Privacy, May 2012.[Paper] [Full Version]
  • A. Datta, D. Sharma, A. Sinha, Provable De-anonymization of Large Datasets with Sparse Dimensions, in Proceedings of ETAPS Conference on Principles of Security and Trust, March 2012. [Paper]
  • A. Conley, A. Datta, H. Nissenbaum, D. Sharma, Sustaining both Privacy and Open Justice in the Transition from Local to Online Access to Court Records: A Multidisciplinary Inquiry,Maryland Law Review, 71 Md. L. Rev. 772 (2012). [Paper]

(Preliminary version presented at the 2011 Privacy Law Scholars Conference, June 2011.)

  • D. Garg, L. Jia, A. Datta, Policy Auditing over Incomplete Logs: Theory, Implementation and Applications, in Proceedings of 18th ACM Conference on Computer and Communications Security, October 2011 [Paper] [Full Version]
  • J. Blocki, N. Christin, A. Datta, A. Sinha, Audit Mechanisms for Privacy Protection in Healthcare Environments (Position Paper), in 2nd Usenix Workshop on Health Security and Privacy, August 2011 [Paper]
  • J. Blocki, N. Christin, A. Datta, A. Sinha, Regret Minimizing Audits: A Learning-Theoretic Basis for Privacy Protection, in Proceedings of 24th IEEE Computer Security Foundations Symposium, June 2011 [Paper]
  • M. C. Tschantz, D. Kaynar, A. Datta, Formal Verification of Differential Privacy for Interactive Systems, Extended abstract in Proceedings of the 27th Annual Conference on Mathematical Foundations of Programming Semantics, May 2011. Full Version [ Paper ] Invited Paper
  • H. DeYoung, D. Garg, L. Jia, D. Kaynar, A. Datta, Experiences in the Logical Specification of the HIPAA and GLBA Privacy Laws, in Proceedings of 9th ACM Workshop on Privacy in the Electronic Society, October 2010. [ Paper ] [ FullVersion ]
  • A. Datta, N. Dave, J. C. Mitchell, H. Nissenbaum, D. Sharma, Privacy Challenges in Patient-Centric Health Information Systems (Position Paper), in 1st Usenix Workshop on Health Security and Privacy, August 2010 [Paper]
  • A. Barth, A. Datta, J. C. Mitchell, S. Sundaram, Privacy and Utility in Business Processes, in Proceedings of 20th IEEE Computer Security Foundations Symposium, July 2007. [ Paper ]
  • A. Barth, A. Datta, J. C. Mitchell, H. Nissenbaum, Privacy and Contextual Integrity: Framework and Applications, in Proceedings of 27th IEEE Symposium on Security and Privacy , pp. 184-198, May 2006. [ Paper ]