Capstone Archive - Privacy Engineering Program - Software and Societal Systems Department

Software and Societal Systems Department › Privacy Engineering Program › Masters Program › Capstone Project › Capstone Archive

2023

Summer 2023

Sponsor: ZenData
Presented by: Sriram Viswanathan, Pauline Mevs, David Mberingabo
Advisor: Prof. Hana Habib

With the deprecation of third party cookies, publishers are looking for ways to protect their revenues, which often leads them to finding alternative solutions that enable audience addressability and reporting ad campaign effectiveness. Publishers are considering ways of leveraging first party data, that also protect users’ data and comply with regulations. Deprecation is also an opportunity for brands and publishers to build increased trust with their customers and provide richer value exchange for the data collected to the users.

In our study, we looked at the current state of these alternative solutions and what AdTech use-case do they solve (viz., audience addressability, or data sharing and enrichment, or measuring campaign effectiveness). At a high level, these solutions can be classified into alternative ID solutions, Data Clean Room (DCR), Seller Defined Audience (SDA), and Privacy Enhancing Technologies or PETs. In addition to this, Google is introducing its Privacy Sandbox suite of APIs and features that are built into Chrome (the largest browser by market share) to enable a more privacy-preserving way for both interest-based advertising (IBA) and ad attribution reporting. All these solutions have varying degrees of maturity, adoption, ease of implementation, privacy guarantees, and last but not the least, utility to the use-case for which it is being used in terms of measurable ad metrics that can help with the choice of the right solution for the right use-case.

Fall 2023

Sponsor: KIPP NYC
Presented by: Kexin Jiang, Hongtao Yao, Harish Balaji
Advisor: Prof. Hana Habib

KIPP NYC Public Schools, operates a network of 18 K-12 public charter schools, fostering an environment that encourages educators to embrace innovative practices for family engagement and instructional delivery. Despite implementing staff and student policies along with technical controls, the inherent challenges of the Internet often limits the effectiveness of these interventions in ensuring authentic student privacy protection.

We, the privacy engineering team at CMU, is an experienced team with knowledge in the privacy and software engineering domain and expertise with implementing the privacy-enhancing products. We collaborated with KIPP NYC to address this challenge. Our collaboration yielded a comprehensive online privacy guide aimed at enhancing the staff's understanding of existing privacy regulations for minors in the United States. This dynamic guide serves as a user-friendly and engaging resource, translating legal complexities into actionable 'rules of engagement' for staff handling student information online.

As a pivotal component of our final deliverable, we designed and conducted a survey to assess educators' usage of various online tools and services in daily classroom activities, management, and parent communication. This survey, covering social media, approved district applications, and non-approved district applications, not only provided valuable insights but also served as a foundational resource for the development of the comprehensive privacy guide.

Sponsor: PwC
Presented by: Geetika Gopi, Seo Young Ko, Alexandra Li, Yanhao Qiu, Ziping Song
Advisor: Prof. Lorrie Cranor and Prof. Norman Sadeh

For the capstone project, as a team, we worked on drafting a privacy threat modeling framework for User Notice and Choice. The framework is designed to be practical and user-oriented, addressing the limitations of existing high-level guidance. It builds on the concept of Privacy-by-Design and aims to provide a systematic approach to identifying and mitigating risks associated with user-oriented privacy notice and choice, particularly in the context of AI. This is a critical need in today’s rapidly evolving technological landscape, where new technologies like AI are outpacing the ability of regulation to address privacy risks directly. The framework aims to move beyond a compliance-by-design approach to a more proactive and practical approach to privacy.

Sponsor: City of Boston
Presented by: Katie Earlies, Andrew Berry and Jatan Loya
Advisor: Prof. Han Habib

Data sharing within city governments can cultivate improved service delivery, transparency, and trust. The City of Boston aims to foster data sharing with Boston Public Schools (BPS) to improve educational outcomes and budgeting efficiency. Partnering with the Department of Innovation and Technology (DoIT), we assessed the technical and regulatory possibilities of various future states of increased data sharing. After speaking with a multitude of stakeholders within the City, we assessed the regulatory and technical requirements to ingest and utilize data from BPS and DoIT to conduct future analyses which could impact educational outcomes and the city’s budget. We evaluated regulatory requirements of future states of data sharing, analyzed necessary legal and procedural requirements, and assessed technical possibilities of sharing data in a privacy- preserving way. Finally, we defined four future states that incorporated both impact evaluation value as well as privacy and security. Moving forward, we highly recommend expanding collaboration with BPS. Even a small step in the direction of increasing data sharing will help promote trust and transparency between BPS and the City. Additionally, we recommend strong technical privacy controls for data shared, including encryption in transit and at rest as well as data manipulation techniques, such as aggregation, k-anonymity, tokenization, and differential privacy. DoIT has the technical abilities and stakeholder support to facilitate secure data sharing with BPS that will simultaneously protect the privacy and security of student data while providing critical information to the City.

Sponsor: Meta
Presented by: Aadyaa Maddi, Swadhin Routray, Yifeng Zeng, Zili Zhou
Advisor: Prof. Norman Sadeh

The development of Generative Artificial Intelligence (Gen AI) has led to its widespread use across various digital industries by businesses and consumers. Consequently, a growing need exists to educate users, especially minors and their guardians, about the risks and adverse effects of using Gen AI software. This project addresses privacy concerns about data collection and usage in Gen AI, particularly in scenarios where teenagers generate and share photo-realistic images. Our main goal is to map out information flows from the prompter of the Gen AI tool to the end-user and identify potential privacy risks associated with each of these flows. We will draw ideas from existing regulations, policies, and frameworks and propose mitigation strategies to improve privacy protections. Our study will also include user feedback, obtained by conducting a thorough user study, to prioritize risks and select effective mitigation strategies. We hope that the work presented herein will help inform the development and deployment of Gen AI tools by platform operators and other providers of Gen AI technologies.

2022

Sponsor: Twitch
Presented by: Adhishree Abhyankar, Xin Gu, Zhi Lin, Yixuan Wang
Advisor: Prof. Norman Sadeh

This project examines end users' expectations from technology companies regarding their use of AI. Possible privacy questions include what end users expect for their rights to deletion, access, and transparent use of their data in the AI realm. How can information about AI data use be communicated to users to enhances trust and understanding?

Sponsor: Mastercard
Presented by: Tresna Mulatua, Rakshit Nemakallu, Navid Kagalwalla, Mingjie Chen
Advisor: Prof. Michael Shamos

Because there is no standard, biometric service providers (BSPs) use proprietary methods to capture, analyze, and process facial recognition data, for example at point of sale. Students will investigate best practices to author recommendations on appropriate privacy and security protections for facial recognition data.

2021

Best Practices for Global Audio Streaming Platforms

Capstone Report: Best Privacy Practice Recommendations for Global Audio Streaming Platforms

2020

Sponsor: Highmark
Presented by: Chenxiao Guan, Chenghao Ye, Yigeng Wang, Fangxian Mi
Advisor: Timothy Libert

People are accustomed to letting voice assistants complete daily tasks for more convenience, and the purpose of our design is to provide healthcare services to people via voice assistants as well. However, news and studies show many devices have been exposed to record and abuse users’ conversations with intelligent voice assistants without consent. Thus, we created a consent and authorization voice interface using Alexa Skill based on HIPAA Privacy Rule to guarantee users can handle their protected health information (PHI). We innovated a new way of agreeing to privacy policies and notices via a voice interface, while still maintaining the usability from the user's perspective in a privacy-friendly manner, and simultaneously letting the company-side be in compliance with regulations such as HIPAA. The implementation is meant to strike a balance between usability and privacy-friendliness, and thus we provide a way of configuring fine-grained privacy preferences while making sure the interface is not bloated with too many explanations that annoy our users.

Sponsor: Elektra Labs
Presented by: Dev N. Patel, Yash D. Mehta, Ziyuan Zhu
Advisor: Yuvraj Agarwal

IoT is a rapidly growing industry and it is becoming increasingly difficult to keep up with the advances in the industry. These advances have also led to a large increase in the number of devices available in the market, which makes it difficult for consumers to compare and make a decision about which device to purchase. Elektra Labs is a startup focused on providing comprehensive information about medical IoT devices, such as research evidence and security, through an interface which makes it possible to find information easily and compare it with other similar devices, the target audience being clinicians, medical researchers who might be interested in purchasing the device for their study, their research subjects or even consumers interested in a device for personal use. In this presentation, we describe our efforts to select the information that should be displayed to the target audience through a multi-layered label. We also present a questionnaire that would be given to device manufacturers to provide the information that would be displayed on the label. We tested both, the questionnaire and the label with some device manufacturers and medical researchers respectively. We also include our findings from these user test in this presentation.

Sponsor: Facebook
Presented by: Clare Hsu, Lewei Li, Daniel Mo
Advisor: Lorrie Cranor

Low digital literacy users, who are generally not familiar with digital skills and Internet technologies, are forced to join in the current trend of online payment and social commerce under this COVID-19 situation. However, compared to general users, their lower awareness, less concerns, and more misconceptions could make them more vulnerable in terms of privacy. In this talk, we will present a design of privacy education for low digital literacy users under the context of data practice policies on Facebook Pay, addressing their potential privacy concerns, misconception towards existing data practice policies, and absence of privacy self-efficacy. We will also discuss the evaluation result of our design based on qualitative responses we collected from interviews, and propose several recommendations for current education design.

2018

Evaluation of Mobile Privacy and Security: Mobile App Privacy Score

Sponsored:       Redmorph Inc.
Presented by:   Fan Yang, Jianlan Zhu
Advisor:            Timothy Libert

Fan etc

Nowadays, mobile applications suffer from tremendous user-privacy issues. With the popularity of mobile apps, users’ data is shared between a large variety of entities. Problems like targeted advertising and information leakage are common privacy violations among mobile applications. What makes it even worse is that, according to research, few users have an idea of the complicated issues. Even users are aware of some of their personal data has been improperly used, they have no idea of how bad the situation is and no choice but to accept them. Related studies have done plenty of work to identify privacy issues exist in current mobile applications. Researchers have taken many metrics like privacy policies, permission requested, code analysis, data transmission into consideration to evaluate mobile apps’ privacy performance. But average users still have a difficult time understanding the issues because few studies have put forward a straightforward scoring system.

Executive Summary: Evaluation of Mobile Privacy and Security: Mobile App Privacy Score.

Evaluating Privacy Enhancing Technologies for Organizations

Sponsor:           Netflix, Inc.
Presented by:   Ao Chen, Jeremy Thomas
Advisor:            Nicolas Christin

Ao etc

Given the changing perspective on privacy in today’s society, organizations must adapt to a growing set of requirements and constraints on practices that impact privacy. Individual choices about privacy, exposure of broken privacy practices, and expanding regulations force organizations towards expanding the influence of accepted principles of privacy throughout
business operations. All of these factors encourage the use of technologies to provide stronger privacy guarantees and to directly address the privacy challenges these requirements create in an effective and efficient manner. To better understand the use of privacy enhancing technologies (PETs) by organizations, we interviewed a set of privacy experts working across various industries and in multiple disciplines. We conducted 20 interviews of privacy experts from September 2018 to November 2018. We interviewed most participants over the phone or through video conferencing applications, and typically the interviews lasted 30 to 60 minutes.

Executive Summary: Evaluating Privacy Enhancing Technologies for Organizations

View the final report here.

Designing Privacy Controls for Older Facebook Users

Sponsor: Facebook
Presented by: Yama Ahmadullah, Zhuo Chen, David Edelstein
Advisor: Lorrie Cranor

Yama etc

At Facebook’s request we investigated the particular privacy concerns of seniors (age 65+) regarding Facebook and to develop proposed remedies.

Information Gathering
We built off of existing research and prior attempts to develop privacy aids for older users to construct interviews and surveys to find places for improvement in Facebook’s existing experience. We conducted 15 semi-structured interviews to identify privacy concerns senior users have on Facebook. Then, from our results, we developed a survey to find which concerns were most important and to find promising ways to provide senior users with better control of their security and privacy. Ultimately, we got 79 completed surveys. Seniors were eager to share their concerns with us, and were pleased that a company like Facebook was interested in learning how they felt.

Executive Summary: Designing Privacy Controls for Older Facebook User

Developing a Process to Test Privacy in Mobile Apps

Sponsor: Phillips
Presented by: Sharada Boda

This project developed a process specification for Philips to test privacy for mobile apps and tested two apps using the developed process. The process addresses a few aspects of GDPR which are ‘Purpose Identifications’, ‘Third-Part library identification and their access’, Consent and Portability. The process involved a 3-step methodology which combined the use of automated tools with manual analysis. The first phase involved identification of personal data, the third-party libraries and their access to personal data. The second phases involved determining the behavior of personal data in terms of identifying the purpose of processing the personal data, consent and portability. These aspects were manually verified by analyzing the code, interacting with the application, inspecting the network traffic and learning more about the various third-party libraries used in the app. The data was also analyzed to determine how it was stored and transmitted and checked for encryption. The last phase of the process involved analyzing the policy text. The policy text was analyzed to identify possible violations (contradiction as to how personal data is processed in the app compared to the privacy policy text) and omissions (missing information in the privacy policy). Four different automated tools were identified for various parts of the process and were combined with manual analysis for a comprehensive privacy testing. The entire process involved both static analysis as well as dynamic analysis. The process was implemented on two Philips apps and few potential issues were found. While the process is capable of finding certain potential issues, the process aims to help raise pertinent questions that must be addressed through team collaboration with the developers and privacy officers. The finding suggests there is scope for further improvement that can address some of the aspects of GDPR and secure client data in mobile application.

Developing a Process to Test Privacy in Mobile Apps - Executive Summary

2017

Developing a Windows Privacy Walkthrough Experience

Sponsor: Microsoft
Presented by: Dhanuja Shaji and Javed Ramjohn

Dhanuja and Javed

This project provides data to help inform Microsoft on how to deliver a state-of-the-art privacy experience for Windows 10 desktop that empowers the user and that represents the dedication Microsoft has to privacy. We conducted a competitive analysis of the privacy experiences offered by major platforms and operating systems and identified a lack of proactive privacy experiences that use elements like nudges or notifications to encourage informed privacy decision making. Microsoft also offered greater privacy controls than most of the other platforms studied. An MTurk study (N = 364) was done to gain insight into the habits and preferences of consumers with regard to operating system privacy. The results show that, despite Microsoft’s extensive privacy controls, Windows users were more concerned about their privacy than other OS users (p < 0.05). We also find that participants (80%) want a proactive privacy walkthrough for their OS privacy settings. Finally, a series of prototype drafts for a privacy walkthrough experience in Windows 10 were designed as a starting point for future work. Our findings suggest that Microsoft can further assert itself as a privacy leader by focusing on a seamless privacy experience throughout its ecosystem of products and that Microsoft should devote resources to the user testing and development of a proactive privacy walkthrough experience.

Developing a Windows Privacy Walkthrough Experience - Executive Summary

Data Processing Inventory: A solution for compliance with GDPR Article 30

Sponsor: Citi
Presented by: Lidong Wei, Quan (Bill) Quan, and Jun Ma

Jun

This project is designed to organize the data processing activities of Citi organization and assist it in becoming compliant to Article 30 of the GDPR regulation which comes into effect on May 25th, 2018. A two-step approach was taken - analysis and developing a prototype. The analysis phase entailed of a detailed research of publicly available third party descriptions of Article 30, and research into vendor tools designed to meet Article 30 compliance objectives. In the second phase, a prototype was designed and developed. The work effort ensured the design and development would meet the requirements of GDPR Article 30 covering data processing, data collection, data sorting and the presentation of the data. The work includes data management, data analytics and data visualization components and original, innovative thinking regarding how to setup and maintain a compliant Article 30 inventory.

Data Processing Inventory - Executive Summary

Getting Consent From Drivers on the Go: a Privacy Consent Collection Framework for in-vehicle Systems

Sponsor: HERE
Presented by: Tong Liu, Yuankun Li, Yuru Liu

Lorrie et

HERE Technologies, a digital location technology company, providing location based services to various verticals, including Automotive, has been considering different means of acquiring consent in an in-vehicle context. Therefore, we designed a consent collection framework for collecting consent in an in-vehicle context. The framework consists of four methods that each have their pros and cons: using the vehicle’s screen, using the vehicle’s audio interface, using an app on the user’s smartphone, or using the vehicle’s audio interface to send information to the user’s smartphone for viewing.
We conducted a two-phase user study to evaluate each method with drivers. Overall, we found the in-vehicle screen is the most favored method: people think it is the most natural and convenient way to provide consent. However, some people still think the consent process takes too much time and want to bypass it. The other approaches we tested were also promising.

Getting Consent from Drivers on the Go - Executive Summary

Supporting Data Portability in the Cloud Under the GPDR

Sponsor: Alibaba
Presenters: Anuj Shah and Yunfan Wang

Anuj

The right to data portability under the European Union’s General Data Protection Regulation (GDPR) extends beyond existing privacy frameworks and empowers individuals to transfer their personal data between data controllers. While the Working Party for Article 29 of the Data Protection Directive has issued guidance on how to respond to portability requests, the European Commission has expressed a different interpretation of this right. Data portability therefore brings new and significant challenges to data-driven enterprises, especially those with systems that are distributed across cloud infrastructure. We attempt to clarify how this right translates to the operations of cloud service providers in their roles as either data controllers or data processors. Specifically, we outline the various technical methods available for porting data in the cloud, and then consider how the recipient of data from a portability request and the cloud service level govern which compliance solution a cloud provider can put forward. The solutions we describe here are simple extensions of existing services and do not prescribe a specific legal interpretation. We encourage cloud providers to take a competitive stance on GDPR compliance by offering these solutions to their customers.

Supporting Data Portability in the Cloud Under the GPDR - Executive Summary

Researchers develop data portability recommendations for the cloud.

Metrics and Adversary Models for Implicit Authentication

Sponsor: UnifyID
Presenters: Siddharth Nair, Preethi Josephina Mudialba, and Dan Calderon

Dan etc

Abstract:
Implicit Authentication is a prominently emerging field for considering the usably secure authentication of users. Many approaches have been considered for achieving the goals of this field, but it remains unclear how to evaluate across systems since there is no agreed-upon set of performance evaluation metrics for this field. To compound this problem further, not all systems necessarily consider the same, if any, adversarial threats to their system that could compromise the security or usability of the system. In this project, we review literature on performance evaluation, and the broader computer security authentication literature, and determine a set of important criteria that a metric and a threat model should have to be valuable for evaluating an implicit authentication system. We present taxonomies of performance metrics and threat models with respect to these criteria, and recommend a subset that all future proposed systems should use.

Metrics and Adversary Models for Implicit Authorization - Executive Summary

2016

Prevalence of PII data in the clear on personal computers

Sponsor: Intersections, Inc.
Presented by: Lieyong Zhou & Xi Zheng

Project Description:
Problem: People commonly store personal data (SSN, credit card numbers, user names and passwords, etc.) on their devices in the clear. Devices, meaning mobile phones, laptops, desktops, tablets, etc.

Goals:

Develop methods to scan personal computers (with the users' consent), search for personal data in the clear, and categorize the type of data found.
The resulting data will be used to determine how prevalent the issue is, determine what type of data is most commonly at risk, and identify ways of increasing user awareness.
The project will focus on windows machines

Data Subject Notice and Consent under the EU GDPR

Sponsor: PrivacyCheq
Presented by: Jonathan Liao, Vijay Kalani, Arnab Kumar

Project Description:
Problem: The EU GDPR (General Data Protection Regulation is going to change requirements revolving around notice and consent when collecting and processing data associated with EU residents. This capstone will take a close look at these changes and work with PrivacyCheq to identify opportunities to refine and extend its current product portfolio and in particular its recently launched ConsentCheck GDPR "Compliance Development Kit."

Goals: The objective of this capstone is to investiage what effect GDPR-grade notice and consent might have in terms of user experience if/when it is implemented on Americans (arguably accustomed to a less rigorous notice/consent user experience). What would be the level of acceptance or delight with enhanced notice, more granular consent and added available benefits such as right of access, erasure, portability, etc.?