Privacy through Accountability

Privacy has become a significant concern in modern society as personal information about individuals is increasingly collected, used, and shared, often using digital technologies, by a wide range of organizations. One goal of this project is to precisely articulate what privacy means in various settings, and whether and how it can be achieved. Recognizing that traditional preventative mechanisms are inadequate for enforcement, we develop a computational basis for information accountability -- theories and tools that can be used to provide oversight of complex information processing ecosystems (including big data systems) to ensure that they respect privacy, and other desirable values in the personal data protection area, such as fairness and transparency. This includes foundations, methods, and tools for detection of violations, attribution or responsibility-assignment for the violations, and correction of responsible entities to avoid future violations. The technical work is informed by and applied to significant practical privacy problems in a broad range of sectors, including Web and healthcare privacy. Significant recent results include the following:

  • The first statistically rigorous methodology for information flow experiments to discover personal data use by black-box Web services [CSF 2015]. The AdFisher tool that implements an augmented version of this methodology to enable discovery at scale; and its application in the first study to demonstrate statististically significant evidence of discrimination in online behavioral advertising [PETS 2015] (see also the FAQ on this study and AdFisher)
  • The first automated privacy compliance analysis of the production code of an Internet-scale system -- the big data analytics pipeline for Bing, Microsoft's search engine; leverages our usable privacy policy language called Legalease, and an information flow analysis methodology (joint work with Microsoft Research) [IEEE S & P 2014]
  • The first complete logical specification of all disclosure-related clauses of the HIPAA Privacy Rule for healthcare privacy [WPES2010] and audit algorithms that apply to it and, more generally, to a rich class of policies (fragments of metric first-order temporal logic) [CCS 2011, CAV 2014, CCS 2015]
  • The first formal semantics for purpose restrictions on information use and associated audit algorithms[IEEE S & P 2012, ESORICS 2013]
  • A formalization of privacy as contextual integrity [IEEE S & P 2006] (see also the White House's Consumer Privacy Bill of Rights)

 

An overview paper:

  • A. Datta, Privacy through Accountability: A Computer Science Perspective, in Proceedings of 10th International Conference on Distributed Computing and Internet Technology, February 2014. [PaperInvited Paper

 

Publications:

  • A. Datta, M. Fredrikson, G. Ko, P. Mardziel, S. Sen, Use Privacy in Data-Driven Systems, in Proceedings of 24th ACM Conference on Computer and Communications Security, October 2017. [Preprint]
  • A. Datta, S. Sen, Y. Zick, Algorithmic Transparency via Quantitative Input Influence, in Proceedings of 37th IEEE Symposium on Security and Privacy, May 2016. [Paper]
  • J. Blocki, A. Datta, J. Bonneau, Differentially Private Password Frequency Lists: How to release statistics from 70 million passwords (on purpose), in Proceedings of Network and Distributed System Security Symposium, February 2016. [Paper]
  • O. Chowdhury, D. Garg, L. Jia, A. Datta, Equivalence-based Security for Querying Encrypted Databases: Theory and Application to Privacy Policy Audits, in Proceedings of 22nd ACM Conference on Computer and Communications Security, October 2015. [Paper]
  • A. Datta, D. Garg, D. Kaynar, D. Sharma, A. Sinha, Program Actions as Actual Causes: A Building Block for Accountability, in Proceedings of 28th IEEE Computer Security Foundations Symposium, July 2015. [Paper] [Full Version]
  • M. C. Tschantz, A. Datta, A. Datta, J. M. Wing, A Methodology for Information Flow Experiments, in Proceedings of 28th IEEE Computer Security Foundations Symposium, July 2015. [Paper] [Full Version]
  • A. Datta, M. C. Tschantz, A. Datta, Automated Experiments on Ad Privacy Settings: A Tale of Opacity, Choice, and Discrimination, in Proceedings of Privacy Enhancing Technologies Symposium, July 2015. [Paper] [Full Version]
  • A. Datta, A. Datta, A. Procaccia, Y. Zick, Influence in Classification via Cooperative Game Theory, in Proceedings of 25th International Joint Conference on Artificial Intelligence, July 2015. [Paper] [Full Version]
  • A. Carbonara, A. Datta, A. Sinha, Y. Zick, Incentivizing Peer Grading in MOOCs: An Audit Game Approach, in Proceedings of 25th International Joint Conference on Artificial Intelligence, July 2015. [Paper]
  • J. Blocki, N. Christin, A. Datta, A. Procaccia, A. Sinha, Audit Games with Multiple Defender Resources, in Proceedings of 29th AAAI Conference on Artificial Intelligence, January 2015. [Full Version]
  • O. Chowdhury, L. Jia, D. Garg, A. Datta, Temporal Mode-Checking for Runtime Monitoring of Privacy Policies, in Proceedings of 26th International Conference on Computer Aided Verification, July 2014. [Paper] [Full Version]
  • S. Sen, S. Guha, A. Datta, S. Rajamani, J. Tsai, J. M. Wing, Bootstrapping Privacy Compliance in Big Data Systems, in Proceedings of 35th IEEE Symposium on Security and Privacy, May 2014. [Paper] Best Student Paper Award
  • S. E. Oh, J.Y. Chun, L. Jia, D. Garg, C. A. Gunter, A. Datta, Privacy-preserving audit for broker-based health information exchange, in Proceedings of 4th ACM Conference on Data and Application Security and Privacy, March 2014.
  • A. Datta, Privacy through Accountability: A Computer Science Perspective, in Proceedings of 10th International Conference on Distributed Computing and Internet Technology, February 2014. [Paper] Invited Paper
  • J. Blocki, N. Christin, A. Datta, A. Sinha, Adaptive Regret Minimization in Bounded-Memory Games, in Proceedings of 4th Conference on Decision and Game Theory for Security, November 2013. [Full Version]
  • M. C. Tschantz, A. Datta, J. M. Wing, Purpose Restrictions on Information Use, in Proceedings of 18th European Symposium on Research in Computer Security, September 2013. [Full Version]
  • J. Blocki, N. Christin, A. Datta, A. Procaccia, A. Sinha, Audit Games, in Proceedings of 23rd International Joint Conference on Artificial Intelligence, August 2013. [Full Version]
  • O. Chowdhury, A. Gampe, J. Niu, J. von Ronne, J. Bennatt, A. Datta, L. Jia, W. H. Winsborough, Privacy Promises That Can Be Kept: A Policy Analysis Method with Application to the HIPAA Privacy Rule, in Proceedings of 18th ACM Symposium on Access Control Models and Technologies, June 2013.
  • J. Blocki, A. Blum, A. Datta, O. Sheffet, Differentially Private Data Analysis of Social Networks via Restricted Sensitivity, in Proceedings of 4th Innovations in Theoretical Computer Science Conference, January 2013. [Full Version]
  • J. Blocki, N. Christin, A. Datta, A. Sinha, Audit Mechanisms for Provable Risk Management and Accountable Data Governance, in Proceedings of 3rd Conference on Decision and Game Theory for Security, November 2012. [Paper]
  • J. Blocki, A. Blum, A. Datta, O. Sheffet, The Johnson-Lindenstrauss Transform Itself Preserves Differential Privacy, in Proceedings of 53rd Annual IEEE Symposium on Foundations of Computer Science, October 2012. [Full Version]
  • M. C. Tschantz, A. Datta, J. M. Wing, Formalizing and Enforcing Purpose Restrictions in Privacy Policies, in Proceedings of 33rd IEEE Symposium on Security and Privacy, May 2012.[Paper] [Full Version]
  • A. Datta, D. Sharma, A. Sinha, Provable De-anonymization of Large Datasets with Sparse Dimensions, in Proceedings of ETAPS Conference on Principles of Security and Trust, March 2012. [Paper]
  • A. Conley, A. Datta, H. Nissenbaum, D. Sharma, Sustaining both Privacy and Open Justice in the Transition from Local to Online Access to Court Records: A Multidisciplinary Inquiry,Maryland Law Review, 71 Md. L. Rev. 772 (2012). [Paper]

(Preliminary version presented at the 2011 Privacy Law Scholars Conference, June 2011.)

  • D. Garg, L. Jia, A. Datta, Policy Auditing over Incomplete Logs: Theory, Implementation and Applications, in Proceedings of 18th ACM Conference on Computer and Communications Security, October 2011 [Paper] [Full Version]
  • J. Blocki, N. Christin, A. Datta, A. Sinha, Audit Mechanisms for Privacy Protection in Healthcare Environments (Position Paper), in 2nd Usenix Workshop on Health Security and Privacy, August 2011 [Paper]
  • J. Blocki, N. Christin, A. Datta, A. Sinha, Regret Minimizing Audits: A Learning-Theoretic Basis for Privacy Protection, in Proceedings of 24th IEEE Computer Security Foundations Symposium, June 2011 [Paper]
  • M. C. Tschantz, D. Kaynar, A. Datta, Formal Verification of Differential Privacy for Interactive Systems, Extended abstract in Proceedings of the 27th Annual Conference on Mathematical Foundations of Programming Semantics, May 2011. Full Version [ Paper ] Invited Paper
  • H. DeYoung, D. Garg, L. Jia, D. Kaynar, A. Datta, Experiences in the Logical Specification of the HIPAA and GLBA Privacy Laws, in Proceedings of 9th ACM Workshop on Privacy in the Electronic Society, October 2010. [ Paper ] [ FullVersion ]
  • A. Datta, N. Dave, J. C. Mitchell, H. Nissenbaum, D. Sharma, Privacy Challenges in Patient-Centric Health Information Systems (Position Paper), in 1st Usenix Workshop on Health Security and Privacy, August 2010 [Paper]
  • A. Barth, A. Datta, J. C. Mitchell, S. Sundaram, Privacy and Utility in Business Processes, in Proceedings of 20th IEEE Computer Security Foundations Symposium, July 2007. [ Paper ]
  • A. Barth, A. Datta, J. C. Mitchell, H. Nissenbaum, Privacy and Contextual Integrity: Framework and Applications, in Proceedings of 27th IEEE Symposium on Security and Privacy , pp. 184-198, May 2006. [ Paper ]