These are notes from the first day of talks at PEPR 2020 (possibly the last year of PEPR, although Lorrie and Lea mentioned during the introductory remarks that they were working on a plan for next year).
These notes are mostly for my own purposes, but I hope they might be helpful to anyone wondering about what the sessions covered.
Sessions that are outlined with a border are ones that I wanted to highlight specifically, though I was super impressed by all of the talks today.
Amanda Walker, Nuna, Inc.
Amanda discussed implementing ABAC frameworks (Attribute-based Access Control), as well as describing how access control has evolved over time. She identified some early examples of ABAC frameworks (XACML, NIST 800-162, Microsoft SDDL), and made the case that you really need to adopt both strategies of using object attributes and a policy service to handle the types of access control policies that you’d want to implement. I am not super familiar with ABAC’s, but I found the idea that you could develop a very granular and comprehensive access control system with context super appealing.
Derek Care, Legal Director, Privacy at Uber; Nishant Bhajari, Privacy Architecture and Strategy at Uber
Derek and Nishant’s talk was about expanding your privacy architecture beyond just breaches, and discussed both general data classification examples, as well as a specific system that was implemented at Uber to assist with data inventory (with a particular focus on maintaining data protection while sharing data). That system crawls data sources and maintains a metadata store which allows Uber to do both manual and ML-powered categorization. I thought the metadata registry was very interesting.
Guillaume Saint-Jacques, LinkedIn Corporation
This was a super-neat talk by Guillaume that talked about a framework for determining whether a new feature would make outcomes more equal or more unequal. This is another area I have very little knowledge of (that’s going to be a recurring theme in many of these talks).
One interesting method they discussed is using The Atkinson inequality index in performing A/B testing. In the example he was using at LinkedIn, the index was used to identify if a new feature (such as an instant notification about a job posting) would increase or decrease equal outcomes. If you imagine that a feature has a higher engagement rate with a certain category of users, you can extrapolate that the feature may make inequalities worse. I can see myself trying to shoehorn the Atkinson inequality index into all kinds of places it probably doesn’t warrant (like the slide deck I’m preparing to give my partner tonight about dinner selection).
Frederick Jansen, Boston University
This talk included a very interesting experience report about an MPC (multi-party computation) system that was devised for a platform that ingests wage data from multiple sources. Frederick discussed the evolution of the approach that they used, and some of the communication issues around re-assuring stakeholders (explaining how the secret sharing wouldn’t reveal the underlying data they were trying to protect).
Ryan Rogers, LinkedIn
This was the first talk that touched on differential privacy, and it described an analytics system at LinkedIn that allows for advertisers to run specific queries. Ryan touched on the foundational aspects to differential privacy, and then described the approach they took at LinkedIn to build the aforementioned analytics system.
Milinda Perera and Miguel Guevara, Google LLC
Milinda and Miguel’s talk was also about differential privacy, but specifically how to improve the usability of a reporting system at Google that you could theoretically use to tune the parameters of your query. I was particularly stoked (Stoked? This is what’s become of my life) about a brief mention on using a SQL engine to query with differential privacy. One of the first things I was interested in about differential privacy was about whether it made sense to put the “DP-engine” into the data store (I was imagining like a Postgres plugin that you’d just enable), vs. at the application logic layer. We are living in exciting times!
Lorrie Faith Cranor, Carnegie Mellon University; Florian Schaub, University of Michigan
This was an interesting talk that hit a little close to home (I had to work with our web team to implement the required verbiage for CCPA last year). Lorrie and Florian discussed a test they conducted that showed participants multiple different versions of the privacy iconography and link text that was being ratified by the California Attorneys General. There was confusion from participants about whether the icon provided by the CalA’sG was actually a toggle (basically the inverse of what iOS looked like in the dark confusing years before they realized a button should look at least vaguely like a button).
Martin J. Kraemer, University of Oxford
Yet another area I hadn’t given much consideration, Martin’s talk was about participatory co-design workshops (which I didn’t even know were a thing, but of course they are, and they seem like a good idea) where the group identified two semi-shared communal locations (a cafe and a home) and devised some ideas for handling data privacy in those spaces. One particular idea he calls a “data flush” which provides reassurance from the occupants of the communal space that their device information is deleted when they leave. Neat.
Dan Crowley, Quizlet
Dan’s talk dealt with the approach they took at Quizlet for integrating data privacy into the culture of the company, vs. just implementing a bunch of checklists (see the title fo the talk) for the privacy team to manage. He refers to this as a “privacy by ethos” culture, and it’s a sentiment that I’ve seen echoed more and more on the information security side (deputizing everyone to be responsible for security vs. keeping that responsibility in a centralized security organization).
Igor Trindade Oliveira, Work & Co
Igor’s talk was about product-centric privacy engineering frameworks; specifically some product and privacy principles to guide product decisions at all phases of the product (as opposed to things just being bolted on later). The principles he discussed were “No choice is forever”, “Context is key”, “Sharing should add value”, “Plain language empowers”, “Tricks erode trust”, and “Personal data belongs to individuals”. These seem like useful principles to keep in mind when designing a product.
Nuria Ruiz, Principal Engineer, Wikimedia Foundation
This was a very interesting talk by Nuria about how Wikipedia’s privacy policy came to be, and what measures they use to enforce privacy on a platform with the unique challenges of Wikipedia. One of the neat takeaways for me was when she described the process they use for data deletion (basically you execute a dry-run of the data you want to delete and it generates a checksum, which is then validated against the actual deletion command). I can envision a lot of situations where that idea might come in handy. Another key point is the idea of pruning the data (my words, not hers) at the point of ingestion (like overwriting an IP address with the country) so that un-sanitized data is never even stored.
Melanie Ensign, Discernible Inc.
Melanie is a badass, and her talk was fantastic. Like Dan’s talk above, I feel like there’s a lot of advice here that is just as relevant to information security champions within a company (particularly the ideas around being a strategic advisor, and always looking to provide business value). She specifically makes the argument that just relying on compliance as the vehicle to get privacy taken seriously within your organization has some pitfalls, and provided some very helpful advice around advising senior leadership.