Winter 2019 Lablet Quarterly meeting focuses on Privacy
Winter 2019 Lablet Quarterly meeting focuses on Privacy 
The Winter 2019 Science of Security and Privacy (SoS) Quarterly Lablet meeting was held at the International Computer Science Institute (ICSI) in Berkeley, California on January 10-11 2019. Hosted by Serge Egelman, Principal Investigator (PI) at ICSI, the meeting was attended by over thirty representatives from NSA and the six Lablets as well as some of the Sub-Lablets and industry. This Quarterly meeting focused on privacy and Machine Learning. The agenda included a presentation on NSA’s privacy research as well as an industry presentation on practical data governance. Additionally, all of the Lablet project presentations dealt with aspects of privacy.
After welcomes from Serge Egelman and Adam Tagert, NSA SoS Technical Director, Ray Brown from NSA’s Information Assurance Research organization spoke on NSA’s Privacy Research Problems. He described three areas that are being prototyped by NSA and also suggested four research areas that he believes deserve more research. Chris Hoofnagle, who holds dual appointments at the School of Law and School of Information, University of California (UC) Berkeley, gave a presentation on the Federal Trade Commission (FTC) and Cyber, in which he described the history of the FTC and how it came to address cybersecurity, how the FTC regulates cyber, and some of its current challenges. David Marcos, Senior Program Manager for Microsoft Cloud & Enterprise, spoke on “Practical Data Governance at Microsoft” describing how Microsoft seeks to address the requirements of GDPR. He addressed the challenges associated with building out privacy at scale and described in detail some of Microsoft’s goals in that endeavor.
In his presentation “Data Governance Requirements,” Joshua Kroll, UC Berkeley, said that the goal of this project is to develop a methodology for data governance. He described the progress to date as having developed and refined the approach and protocol for the field portion, the completion of an initial evaluation of candidate field study sites, and the development of an initial taxonomy of technical and non-technical tools. Will Enck, North Carolina State University (NCSU), gave a presentation entitled “PolicyLint: Investigating Internal Privacy Policy Contradictions on Google Play” in which he described PolicyLint as a text analysis tool designed to aid humans in identifying contradictory collection and sharing statements in software privacy practices.
Fengjun Li, University of Kansas, spoke on “Privacy-Preserving Classifications for IoT” which centered on privacy concerns associated with Machine Learning as a service (MLaaS). The final talk of the first day was “Uncertainty in Network Reliability Analysis” presented by Frank Nguyen, University of Illinois at Urbana-Champaign (UIUC). This presentation dealt with network reliability, specifically, the probability that the network remains connected under random and independent edge failures.
Helen Nissenbaum, who is working with ICSI at Cornell Tech, spoke on “Privacy as Contextual Integrity”. She described the fundamentals of contextual integrity, and stated that privacy requires that actions, practices, and policies conform with legitimate contextual informational norms. Michael Tschantz, ICSI, gave a presentation entitled “Modeling Privacy” which also dealt with contextual integrity but focused on clarifying the topic for computer scientists using the language of mathematics. Serge Egelman, ICSI, continued the contextual integrity theme in his presentation “User Privacy Preferences and IoT,” and described the goal of this research as determining what privacy laws should be put in place for smart devices.
Nicolas Christin spoke about the privacy research being done at the Security Behavior Observatory (SBO) at Carnegie Mellon University (CMU), and focused on the work being done in predictive security analytics. Lujo Bauer, also of CMU, presented “ML-generated Attacks on ML” which addressed fooling ML generators; he also spoke about other research that comparedhypothetical and realistic privacy valuations.
The final presentation “Frame Semantics for Text Understanding” was given by Collin Baker, ICSI, and dealt with the FrameNet project, an effort to produce a lexicon of English that is both human and machine readable, and its implications for privacy.
The complete agenda and selected presentations are available for viewing on the Science of Security Virtual Organization website.
The next meeting of the SoS Lablets will be at the Hot Topics in the Science of Security: Symposium and Bootcamp (HotSoS) which will be held at Vanderbilt University on 2-3 April 2019.