CRCS' Kobbi Nissim and Berkman's Center Alexandra Wood on "Bridging the gap between computer science and legal approaches to privacy"

CRCS' Kobbi Nissim and Berkman Center's Alexandra Wood presented "Bridging the gap between computer science and legal approaches to privacy" on Tuesday, November 10, 2015 at noon at Harvard Law's Wasserstein Hall, Milstein East C.

This talk summarizes early Privacy Tools results from ongoing research by Kobbi Nissim, Aaron Bembenek, Mark Bun, Marco Gaboardi, and Salil Vadhan from CRCS, together with Urs Gasser, David O’Brien, and Alexandra Wood from the Berkman Center for Internet & Society.

The abstract is pasted below. If you would like to attend, please RVSP. There will also be a virtual webcast available.


### 
https://cyber.law.harvard.edu/events/luncheon/2015/11/Nissim_Wood

Lawyers and computer scientists hold very different notions of privacy. Notably, privacy laws rely on narrower and less formal conceptions of risk than those described by the computer science literature. As a result, the law often creates uncertainty and fails to protect against the full range of data privacy risks. In contrast, emerging mathematical concepts provide robust, formal models for quantifying and mitigating privacy risks. An example of such a model is differential privacy, which provides a provable guarantee of privacy against a wide range of potential attacks, including types of attacks currently unknown or unforeseen.

The subject of much theoretical investigation, these new technical methods for privacy protection have recently been making significant strides towards practical implementation. For example, researchers are now building and testing the first generation of tools for differentially private statistical analysis. However, because the law generally relies on very different methods for mitigating risk, a significant challenge to implementation will be demonstrating that the new privacy technologies satisfy legal requirements for privacy protection. In particular, most privacy laws focus on the identifiability of data, or the ability to link an individual to a record in a release of data. In doing so, they often equate privacy with heuristic “de-identification” approaches and provide little guidance for implementing more formal privacy-preserving techniques.

In this talk, Kobbi Nissim and Alexandra Wood will articulate the gap between legal and technical approaches to privacy and present a methodology for formally proving that a technological method for privacy protection satisfies the requirements of a particular law. This methodology involves two steps: first, translating a legal standard into a formal mathematical requirement of privacy and, second, constructing a rigorous proof for establishing that a technique satisfies the mathematical requirement derived from the law. The presenters will walk through an example applying this new methodology to bridge the requirements of the Family Educational Rights and Privacy Act (FERPA) and differential privacy. They will conclude the presentation with a discussion of how the methodology could help further the real-world adoption of new privacy technologies.

This talk summarizes early results from ongoing research by Kobbi Nissim, Aaron Bembenek, Mark Bun, Marco Gaboardi, and Salil Vadhan from the Center for Research on Computation and Society, together with Urs Gasser, David O’Brien, and Alexandra Wood from the Berkman Center for Internet & Society. Further work building from this approach is anticipated to form the basis of a future publication. This research is also part of a broader collaboration through the Privacy Tools for Sharing Research Data project, which aims to build legal and technical tools, such as tools for differentially private statistical analysis, to help enable the wider sharing of social science research data while protecting the privacy of individuals.