Research Area: Privacy Protection
Cross Cutting Thrusts: Formal Methods
Scope: As Daniel Solove so aptly summarizes, “Privacy is a concept in disarray. Nobody can articulate what it means.” One goal of this project is to precisely articulate what privacy means in various settings, and whether and how it can be achieved. In other words, we seek to develop conceptual and technical frameworks in which privacy notions (policies) are given precise semantics, algorithms for enforcing such policies, and characterizations of classes of policies that can or cannot be enforced. In addition to general results of this form, another goal of the project is to study specific application domains that raise significant privacy concerns in modern society and to apply these results (or specialized versions thereof) to these domains. Our current focus is on the healthcare domain. We are also thinking about privacy issues on the web and in online social media.
Outcomes: Formalizing privacy as a right to appropriate flows of personal information (not simply confidentiality or control) and as a right to use of personal information for appropriate purposes. Principled audit & accountability mechanisms for enforcing privacy properties, recognizing that traditional preventive access control and information flow control mechanisms are inadequate for enforcing practical privacy policies. Applications to several US privacy laws, including the first complete logical specification and audit of all disclosure-related clauses of the HIPAA Privacy Rule.
Technical Report: Audit Games