Carnegie Mellon University

Fall 2017 Capstone Projects

A Taxonomy of Privacy Notices

Sponsor:  Microsoft
Presented by: Dhanuja Shaji and Javed Ramjohn

Dhanuja and Javed

This project provides data to help inform Microsoft on how to deliver a state-of-the-art privacy experience for Windows 10 desktop that empowers the user and that represents the dedication Microsoft has to privacy. We conducted a competitive analysis of the privacy experiences offered by major platforms and operating systems and identified a lack of proactive privacy experiences that use elements like nudges or notifications to encourage informed privacy decision making. Microsoft also offered greater privacy controls than most of the other platforms studied. An MTurk study (N = 364) was done to gain insight into the habits and preferences of consumers with regard to operating system privacy. The results show that, despite Microsoft’s extensive privacy controls, Windows users were more concerned about their privacy than other OS users (p < 0.05). We also find that participants (80%) want a proactive privacy walkthrough for their OS privacy settings. Finally, a series of prototype drafts for a privacy walkthrough experience in Windows 10 were designed as a starting point for future work. Our findings suggest that Microsoft can further assert itself as a privacy leader by focusing on a seamless privacy experience throughout its ecosystem of products and that Microsoft should devote resources to the user testing and development of a proactive privacy walkthrough experience.

Data Processing Inventory:  A solution for compliance with GDPR Article 30

Sponsor:  Citi
Presented by: Lidong Wei, Quan (Bill) Quan, and Jun Ma

Jun

This project is designed to organize the data processing activities of Citi organization and assist it in becoming compliant to Article 30 of the GDPR regulation which comes into effect on May 25th, 2018. A two-step approach was taken - analysis and developing a prototype. The analysis phase entailed of a detailed research of publicly available third party descriptions of Article 30, and research into vendor tools designed to meet Article 30 compliance objectives. In the second phase, a prototype was designed and developed. The work effort ensured the design and development would meet the requirements of GDPR Article 30 covering data processing, data collection, data sorting and the presentation of the data. The work includes data management, data analytics and data visualization components and original, innovative thinking regarding how to setup and maintain a compliant Article 30 inventory.

Getting Consent From Drivers on the Go: a Privacy Consent Collection Framework for in-vehicle Systems

Sponsor:  HERE
Presented by: Tong Liu, Yuankun Li, Yuru Liu

Lorrie et

HERE Technologies, a digital location technology company, providing location based services to various verticals, including Automotive, has been considering different means of acquiring consent in an in-vehicle context. Therefore, we designed a consent collection framework for collecting consent in an in-vehicle context.  The framework consists of four methods that each have their pros and cons:  using the vehicle’s screen, using the vehicle’s audio interface, using an app on the user’s smartphone, or using the vehicle’s audio interface to send information to the user’s smartphone for viewing.

We conducted a two-phase user study to evaluate each method with drivers. Overall, we found the in-vehicle screen is the most favored method: people think it is the most natural and convenient way to provide consent. However, some people still think the consent process takes too much time and want to bypass it. The other approaches we tested were also promising.

Supporting Data Portability in the Cloud Under the GPDR

Sponsor:  Alibaba
Presenters: Anuj Shah and Yunfan Wang

Anuj

The right to data portability under the European Union’s General Data Protection Regulation (GDPR) extends beyond existing privacy frameworks and empowers individuals to transfer their personal data between data controllers. While the Working Party for Article 29 of the Data Protection Directive has issued guidance on how to respond to portability requests, the European Commission has expressed a different interpretation of this right. Data portability therefore brings new and significant challenges to data-driven enterprises, especially those with systems that are distributed across cloud infrastructure. We attempt to clarify how this right translates to the operations of cloud service providers in their roles as either data controllers or data processors. Specifically, we outline the various technical methods available for porting data in the cloud, and then consider how the recipient of data from a portability request and the cloud service level govern which compliance solution a cloud provider can put forward. The solutions we describe here are simple extensions of existing services and do not prescribe a specific legal interpretation. We encourage cloud providers to take a competitive stance on GDPR compliance by offering these solutions to their customers.

Metrics and Adversary Models for Implicit Authentication

Sponsor:  UnifyID
Presenters:  Siddharth Nair, Preethi Josephina Mudialba, and Dan Calderon

Dan etc

Abstract:

Implicit Authentication is a prominently emerging field for considering the usably secure authentication of users. Many approaches have been considered for achieving the goals of this field, but it remains unclear how to evaluate across systems since there is no agreed-upon set of performance evaluation metrics for this field. To compound this problem further, not all systems necessarily consider the same, if any, adversarial threats to their system that could compromise the security or usability of the system. In this project, we review literature on performance evaluation, and the broader computer security authentication literature, and determine a set of important criteria that a metric and a threat model should have to be valuable for evaluating an implicit authentication system. We present taxonomies of performance metrics and threat models with respect to these criteria, and recommend a subset that all future proposed systems should use.