Current Topics in Privacy Seminar
The Current Topics in Privacy Seminar is a three-credit course (17-702) taught in the Fall and Spring semesters. Members of the university community are invited to participate in the seminar even if they are not enrolled in the course. In this seminar course students will discuss recent papers and current public policy issues related to privacy. Privacy professionals from industry, government, and non-profits will deliver several guest lectures each semester.
Members of the CMU community interested in receiving notifications about the seminars each week should contact the course instructor to request to be added to the email list.
Instructors: Hana Habib and Norman Sadeh
Time and location: Tuesdays, 12:30-1:50 PM. All seminars will be held in Hamburg Hall, 1002 and will be available via Zoom.01/17/23 - Introduction - Hana Habib and Norman Sadeh, Guest Speaker: Eric Zeng (CMU, CyLab)
01/24/23 - Hana Habib
Abstract:
01/31/23 - Shomir Wilson (Penn State)
02/07/23 - Cameron Boozarjomehri (Mozilla)
Title: Privacy Engineer In Practice
Abstract: A case study of the many stakeholders and partners a privacy engineer will need to collaborate with to be successful. This presentation is an examination of how privacy engineering allows organizations to develop well rounded features that serve the customers and the organization. More importantly, it highlights the balance of technical, legal, and regulatory knowledge needed to be successful.
02/15/23 (in place of 2/14 seminar)- Joint CyLab/S3D Seminar with Helen Nissenbaum (Cornell Tech)
02/21/23 - Yixin Zou (Max Planck Institute for Security and Privacy)
02/28/23 - Alessandro Acquisti (CMU, Heinz College)
Title: Who Benefits from the Data Economy
Abstract: He will discuss recent and ongoing work that aims at understanding benefits allocation in a data economy. First, he will review works that attempt to estimate how the economic value extracted from consumer data is allocated to different stakeholders, and the way privacy protection can influence those allocations. Next, he will focus on two studies: an investigation of the impact that the application of differential privacy to U.S. Census data can have on the allocation of Title I funding; and an online experiment on the impact of behaviorally targeted advertising on consumer welfare.
03/14/23 - CHI Speakers
03/21/23 - Cara Bloom (MITRE)
Title: Privacy Threat Modeling & MITRE PANOPTIC™
Abstract
Threat modeling is a process which can be used to understand potential attacks or adversaries and is essential for holistic risk modeling. As privacy moves from a compliance-based to a risk-based orientation, threat-informed defense will be crucial for privacy management as it has already become for cybersecurity management. Yet, privacy lacks a shared threat language and commonly used threat model. This talk will overview the domain of privacy threat modeling in the context of risk modeling, and present one effort to fill the privacy threat modeling gap: the Pattern & Action Nomenclature Of Privacy Threats In Context (PANOPTIC). PANOPTIC is a data-driven, threat agent-agnostic, attack-oriented taxonomy that breaks individual privacy attacks down into their constituent parts, and can be used for privacy threat assessments, risk modeling, and red teaming.
03/28/23 - Jennifer Urban (Berkeley Center for Law and Technology)
Title: “The CCPA and the CPPA: California as a Vanguard for Consumer Privacy”
Abstract: Americans face unprecedented threats to their personal privacy. Today, data collection on a massive scale fuels new methods for monitoring and monetizing consumers’ behavior. Our personal information feeds algorithms that decide everything from what ads we see to life-changing credit, housing, and hiring evaluations. In recent years, multiple states have moved to address these threats and protect their residents’ privacy. In California, the California Consumer Privacy Act of 2018, gives residents have important privacy protections—protections expanded by California voters themselves in a 2020 ballot initiative. In addition to creating further consumer rights, the initiative also created the California Privacy Protection Agency, the first data protection authority in the United States. What is the nature of these developments, and what do they mean for Californians and others? This talk will discuss California’s protections and place them in the broader context of rapid growth in data collection and use and responses by lawmakers, regulators, and data subjects.
04/04/23 - Divya Sharma (Google)
04/11/23 - Ellen Nadeau (Cruise)
04/18/23 - Sebastian Zimmeck (Wesleyan University)
04/25/23 - Darya Pilram (SEI)