Skip to main content

Seminar:  Privacy through Accountability

Date:February 17, 2014 
Talk Title:Privacy through Accountability
Speaker:Anupam Datta
Time & Location:12:00pm - 1:00pm
CIC Building, Pittsburgh

Abstract

Privacy has become a significant concern in modern society as personal information about individuals is increasingly collected, used, and shared, often using digital technologies, by a wide range of organizations. To mitigate privacy concerns, organizations are required to respect privacy laws in regulated sectors (e.g., HIPAA in healthcare, GLBA in financial sector) and to adhere to self-declared privacy policies in self-regulated sectors (e.g., privacy policies of companies such as Google and Facebook in Web services). We investigate the possibility of formalizing and enforcing such practical privacy policies using computational techniques. We formalize privacy policies that prescribe and proscribe flows of personal information as well as those that place restrictions on the purposes for which a governed entity may use personal information. Recognizing that traditional preventive access control and information flow control mechanisms are inadequate for enforcing such privacy policies, we develop principled audit and accountability mechanisms with provable properties that seek to encourage policy-compliant behavior by detecting policy violations, assigning blame and punishing violators. We apply these techniques to several US privacy laws and organizational privacy policies, in particular, producing the first complete logical specification and audit of all disclosure-related clauses of the HIPAA Privacy Rule.

Speaker Bio

Anupam Datta is an Associate Professor at Carnegie Mellon University where he holds a joint appointment in the Computer Science and Electrical and Computer Engineering Departments. His research focuses on the scientific foundations of security and privacy. Datta’s work has led to new principles for securely composing cryptographic protocols and software systems; applications of these principles have influenced several IEEE and IETF standards. His work on privacy protection has led to formalizations of privacy as contextual integrity and purpose restrictions on information use; accountability mechanisms for privacy protection; and their applications in healthcare and Web privacy. Datta has authored a book and over 40 other publications on these topics. He serves on the Steering Committee and as the 2013-14 Program Co-Chair of the IEEE Computer Security Foundations Symposium. Datta obtained Ph.D. (2005) and M.S. (2002) degrees from Stanford University and a B.Tech. (2000) from IIT Kharagpur, all in Computer Science.

Education

PhD 2005. Computer Science, Stanford University
MS 2002. Computer Science, Stanford University
BTech 2000. Computer Science & Engineering, IIT Kharagpur

Additional Resources