Anupam Datta

Associate Professor
Computer Science Department and
Electrical and Computer Engineering Department
Carnegie Mellon University
PhD 2005, Computer Science, Stanford University

Anupam Datta

Privacy through Accountability

Privacy has become a significant concern in modern society as personal information about individuals is increasingly collected, used, and shared, often using digital technologies, by a wide range of organizations. One goal of this project is to precisely articulate what privacy means in various settings, and whether and how it can be achieved. In other words, we seek to develop conceptual and technical frameworks in which privacy notions (policies) are given precise semantics, algorithms for enforcing such policies, and characterizations of classes of policies that can or cannot be enforced. In addition to general results of this form, another goal of the project is to study specific application domains that raise significant privacy concerns in modern society and to apply these results (or specialized versions thereof) to these domains. Our current focus is on healthcare and Web privacy. We also have results on privacy in social networks and court records.

Specifically, to mitigate privacy concerns, organizations are required to respect privacy laws in regulated sectors (e.g., HIPAA in healthcare, GLBA in financial sector) and to adhere to self-declared privacy policies in self-regulated sectors (e.g., privacy policies of companies such as Google and Facebook in Web services). We investigate the possibility of formalizing and enforcing such practical privacy policies using computational techniques. We formalize privacy policies that prescribe and proscribe *flows* of personal information as well as those that place restrictions on the *purposes* for which a governed entity may use personal information. Recognizing that traditional preventive access control and information flow control mechanisms are inadequate for enforcing such privacy policies, we develop principled audit and accountability mechanisms with provable properties that seek to encourage policy-compliant behavior by detecting policy violations, assigning blame and punishing violators. We apply these techniques to several US privacy laws and organizational privacy policies, in particular, producing the first complete logical specification and audit of all disclosure-related clauses of the HIPAA Privacy Rule.


An overview paper:

  • A. Datta, Privacy through Accountability: A Computer Science Perspective, in Proceedings of 10th International Conference on Distributed Computing and Internet Technology, February 2014. [PaperInvited Paper


Formalizing Privacy


Audit and Accountability

  • A. Datta, D. Garg, D. Kaynar, D. Sharma, A. Sinha, Program Actions as Actual Causes: A Building Block for Accountability, in Proceedings of 28th IEEE Computer Security Foundations Symposium, July 2015. [Paper] [Full Version]
  • M. C. Tschantz, A. Datta, A. Datta, J. M. Wing, A Methodology for Information Flow Experiments, in Proceedings of 28th IEEE Computer Security Foundations Symposium, July 2015. [Paper] [Full Version]
  • A. Datta, M. C. Tschantz, A. Datta, Automated Experiments on Ad Privacy Settings: A Tale of Opacity, Choice, and Discrimination, in Proceedings of Privacy Enhancing Technologies Symposium, July 2015. [Paper] [Full Version]
  • A. Datta, A. Datta, A. Procaccia, Y. Zick, Influence in Classification via Cooperative Game Theory, in Proceedings of 25th International Joint Conference on Artificial Intelligence, July 2015. [Paper] [Full Version]
  • A. Carbonara, A. Datta, A. Sinha, Y. Zick, Incentivizing Peer Grading in MOOCs: An Audit Game Approach, in Proceedings of 25th International Joint Conference on Artificial Intelligence, July 2015. [Paper]
  • J. Blocki, N. Christin, A. Datta, A. Procaccia, A. Sinha, Audit Games with Multiple Defender Resources, in Proceedings of 29th AAAI Conference on Artificial Intelligence, January 2015. [Full Version]
  • O. Chowdhury, L. Jia, D. Garg, A. Datta, Temporal Mode-Checking for Runtime Monitoring of Privacy Policies, in Proceedings of 26th International Conference on Computer Aided Verification<, July 2014. [Paper] [Full Version]
  • S. Sen, S. Guha, A. Datta, S. Rajamani, J. Tsai, J. M. Wing, Bootstrapping Privacy Compliance in Big Data Systems, in Proceedings of 35th IEEE Symposium on Security and Privacy, May 2014. [PaperBest Student Paper Award
  • S. E. Oh, J.Y. Chun, L. Jia, D. Garg, C. A. Gunter, A. Datta, Privacy-preserving audit for broker-based health information exchange, in Proceedings of 4th ACM Conference on Data and Application Security and Privacy, March 2014.
  • J. BlockiN. ChristinA. DattaA. Sinha, Adaptive Regret Minimization in Bounded-Memory Games, in Proceedings of 4th Conference on Decision and Game Theory for Security, November 2013. [Full Version]
  • M. C. TschantzA. DattaJ. M. Wing, Purpose Restrictions on Information Use, in Proceedings of 18th European Symposium on Research in Computer Security, September 2013.[Full Version]
  • J. BlockiN. ChristinA. DattaA. ProcacciaA. Sinha, Audit Games, in Proceedings of 23rd International Joint Conference on Artificial Intelligence, August 2013. [Full Version]
  • J. BlockiN. ChristinA. DattaA. Sinha, Audit Mechanisms for Provable Risk Management and Accountable Data Governance, in Proceedings of 3rd Conference on Decision and Game Theory for Security, November 2012. [Paper]
  • M. C. TschantzA. DattaJ. M. Wing, Formalizing and Enforcing Purpose Restrictions in Privacy Policies, in Proceedings of 33rd IEEE Symposium on Security and Privacy, May 2012. [ Paper ]
  • D. GargL. JiaA. Datta, Policy Auditing over Incomplete Logs: Theory, Implementation and Applications, in Proceedings of 18th ACM Conference on Computer and Communications Security, October 2011. [Paper] [Full Version]
  • J. BlockiN. ChristinA. DattaA. Sinha, Regret Minimizing Audits: A Learning-Theoretic Basis for Privacy Protection, in Proceedings of 24th IEEE Computer Security Foundations Symposium, June 2011 [Paper]
  • A. BarthA. DattaJ. C. Mitchell, S. Sundaram, Privacy and Utility in Business Processes, in Proceedings of 20th IEEE Computer Security Foundations Symposium, July 2007. [Paper]


Privacy-preserving Statistics 

  • J. BlockiA. BlumA. DattaO. Sheffet, Differentially Private Data Analysis of Social Networks via Restricted Sensitivity, in Proceedings of 4th Innovations in Theoretical Computer Science Conference, January 2013. [Full Version]
  • J. BlockiA. BlumA. DattaO. Sheffet, The Johnson-Lindenstrauss Transform Itself Preserves Differential Privacy, in Proceedings of 53rd Annual IEEE Symposium on Foundations of Computer Science, October 2012. [Full Version]
  • M. C. TschantzD. KaynarA. Datta, Formal Verification of Differential Privacy for Interactive Systems, Extended abstract in Proceedings of the 27th Annual Conference on Mathematical Foundations of Programming Semantics, May 2011. Full Version [ Paper ].


Other Publications

  • O. Chowdhury, A. Gampe, J. Niu, J. von Ronne, J. Bennatt, A. DattaL. Jia, W. H. Winsborough, Privacy Promises That Can Be Kept: A Policy Analysis Method with Application to the HIPAA Privacy Rule, in Proceedings of 18th ACM Symposium on Access Control Models and Technologies, June 2013.
  • A. DattaD. SharmaA. Sinha,  Provable De-anonymization of Large Datasets with Sparse Dimensions, in Proceedings of ETAPS Conference on Principles of Security and Trust, March 2012.
  • A. ConleyA. DattaH. NissenbaumD. Sharma, Sustaining both Privacy and Open Justice in the Transition from Local to Online Access to Court Records: A Multidisciplinary Inquiry, Maryland Law Review, 71 Md. L. Rev. 772 (2012). [Paper]
  • (Preliminary version presented at the 2011 Privacy Law Scholars Conference, June 2011.)
  • A. DattaJ. BlockiN. ChristinH. DeYoungD. GargL. JiaD. KaynarA. Sinha, Understanding and Protecting Privacy: Formal Semantics and Principled Audit Mechanisms, 7th International Conference on Information Systems Security, December 2011 [PaperInvited Paper
  • J. BlockiN. ChristinA. DattaA. Sinha,  Audit Mechanisms for Privacy Protection in Healthcare Environments (Position Paper), in 2nd Usenix Workshop on Health Security and Privacy, August 2011 [Paper]
  • A. Datta, N. Dave, J. C. MitchellH. Nissenbaum, D. Sharma, Privacy Challenges in Patient-Centric Health Information Systems (Position Paper), in 1st Usenix Workshop on Health Security and Privacy, August 2010 [Paper]
  • H. DeYoungD. GargL. JiaD. KaynarA. Datta, Privacy Policy Specification and Audit in a Fixed-Point Logic: How to enforce HIPAA, GLBA and all that, Technical Report CMU-CyLab-10-007, May 2010. [ Paper]


Related Articles:

  • A New Perspective on Protecting Personal Data, in Security Management Online, May 2007. [ Article ]
  • The Logic of Privacy, in The Economist, January 2007. [ Article ] [ Economist link ]
  • C. E. Landwehr, Speaking of Privacy, in IEEE Security and Privacy (Editorial), Vol 4., No. 4, pp. 4-5, July/August 2006. [ Paper ]
  • H. Nissenbaum, Privacy as Contextual Integrity, in Washington Law Review, Vol 79, No. 1, pp. 119-158, February 2004. [ Paper ]