At Meta, we’ve been working to incorporate privacy into different systems of our software stack as part of our Privacy Aware Infrastructure (PAI) initiative. PAI offers efficient and reliable first-class privacy constructs embedded in Meta infrastructure to address complex privacy issues. In this talk, we will describe Policy Zones: an Information-Flow Control system that is deployed across our infrastructure to address privacy restrictions on data, such as using data only for allowed purposes, providing strong guarantees for limiting the purposes of its processing.
In this talk, we describe how we model the restrictions on data through a mix of toy examples and a real-world case study. Our approach to enforcing restrictions on data involves using annotations to represent different aspects of data and its processing and using these annotations to apply policy checks across data flows. Equipped with privacy-relevant annotations, we show how Policy Zones enforces high-level data restrictions across two paradigms that, together, encompass the common lifecycle of data: general-purpose programming languages where the data is initially collected, and data warehouse systems where the data is processed in batch.
There are several challenges in designing Policy Zones, including: translating high-level privacy restrictions to code; handling different data granularities to avoid label creep; maintaining homogeneity of data annotations across heterogeneous data processing systems; managing reclassification in practice; and the scale of applying this tech to large companies such as Meta.
Enforcing Privacy Requirements at scale is a challenging task. In this talk we will go over key learnings on this space, using the more familiar domain of Security to draw analogies and highlight differences. The talk covers four key learnings: (a) the key similarities and distinctions between security and privacy requirements, (b) how to design an effective enforcement framework, (c) how to get such an enforcement framework deployed at scale, and (d), the main approaches for demonstrating the effectiveness of such enforcement to relevant parties. Overall, the talk will emphasize a proactive and comprehensive approach to enforcing privacy requirements.
It has been five years since the General Data Protection Regulation (GDPR) went into effect in the EU. Ever since, research has continued to show that the creators of online services find it difficult to implement the legal requirements of EU legislation into practice. They mainly resort to lengthy privacy policies and often deceptive cookie notices to ask users for their consent to data processing, rather than revise their own data processing practices and opt for approaches that collect less personal data. This comes to the detriment of service providers and users, who are both faced with decreased usability of websites, apps, and devices.
This talk investigates approaches to both understand the roadblocks that keep system creators and users from adopting a privacy-by-design mindset and to find ways to address them. This is ever more important in the light of new European platform regulations that intend to create boundaries for personalized advertising and introduce interoperability requirements, which in turn pose new opportunities to empower system creators and users alike to take control of users' privacy.
The Tor anonymous communication system helps millions of users every day to use the Internet more safely, protecting their identity, blocking tracking, and in some cases circumventing censorship. Since its creation in 2005, the Tor Project has worked to enhance the usability and security of Tor, bringing it from a research prototype with a handful of users to an easy-to-use modern application today. In this talk, I’ll discuss the research challenges that had to be addressed during this journey and open research questions that remain, including on usability, traffic-analysis resistance, ethical considerations, and post-quantum cryptography.
In this talk, Sofía will present FrodoPIR, a highly configurable, stateful, singleserver Private Information Retrieval (PIR) scheme that involves an offline phase that is completely client-independent.
In this talk, I will present DenIM (Deniable Instant Messaging), a novel
protocol built on the idea of hiding traffic to make it unobservable to
an adversary by piggybacking it on observable traffic. We posit that
resilience to traffic analysis must be directly supported by major IM
services themselves, and must be done in a low-latency manner without
breaking existing features. Hence, DenIM is designed both for
compatibility and performance; DenIM is a variant of the Signal
protocol—commonly used for strong encryption in instant messaging
services, and, DenIM’s bandwidth overhead scales with the volume of
regular traffic, as opposed to scaling with time or the number of users.
Victor will present in this introductory talk his past work on informed consent in the
IoT, and his research perspectives for the CyberSecIT project.
The first part of his presentation will summarize his PhD work, including a short
video demonstration.
The second part will introduce his interdisciplinary experience within the Sustainable
Computing Lab in Vienna on the standardization of consent in the IoT.
Finally, the third part will expose his research perspectives for the CyberSecIT
project with the iSec group at Chalmers.
Marit will explain various difficulties of enforcing Art. 25 GDPR from the perspective of a supervisory authority. She
will compare the deficiencies in this area with the situation of implementing "security-by-design" approaches. Also,
current trends stemming from technology design and from recent court decisions will be discussed concerning their
relevance for compliance with data protection requirements. To achieve built-in data protection, Marit will present
her "wish list" that addresses stakeholders such as researchers, developers, academic teachers, data protection
officers, lawyers and the data protection authorities themselves.
Traffic analysis for instant messaging (IM) applications continues to pose an important privacy challenge. In particular, transport-level data can leak unintentional information about IM – such as who communicates with whom. Existing tools for metadata privacy have adoption obstacles, including the risks of being scrutinized for having a particular app installed, and performance overheads incompatible with mobile devices.