CRCS Lunch Seminar
Date: Monday, April 9, 2012
Speaker: Anupam Datta, Carnegie Mellon University
Title: Privacy, Audit and Accountability
Abstract: Privacy has become a significant concern in modern society as personal information about individuals is increasingly collected, used, and shared, often using digital technologies, by a wide range of organizations. To mitigate privacy concerns, organizations are required to respect privacy laws in regulated sectors (e.g., HIPAA in healthcare, GLBA in financial sector) and to adhere to self-declared privacy policies in self-regulated sectors (e.g., privacy policies of companies such as Google and Facebook in Web services). We investigate the possibility of formalizing and enforcing such practical privacy policies using computational techniques. We formalize privacy policies that prescribe and proscribe *flows* of personal information as well as those that place restrictions on the *purposes* for which a governed entity may use personal information. Recognizing that traditional preventive access control and information flow control mechanisms are inadequate for enforcing such privacy policies, we develop principled audit and accountability mechanisms with provable properties that seek to encourage policy-compliant behavior by detecting policy violations, assigning blame and punishing violators.
We apply these techniques to several US privacy laws and organizational privacy policies, in particular, producing the first complete logical specification and audit of all disclosure-related clauses of the HIPAA Privacy Rule.
Short Bio: Anupam Datta is an Assistant Research Professor at Carnegie Mellon University where he has appointments in CyLab, Electrical & Computer Engineering, and (by courtesy) Computer Science Departments. His research focuses on the scientific foundations of security and privacy. Dr. Datta has authored a book, over 40 publications, and presented numerous seminars on programming language, logical, and algorithmic methods for privacy, software system security, and cryptographic protocol analysis and design. He serves on the Steering Committee of the IEEE Computer Security Foundations Symposium, and has served as Program and General Chair of several meetings on security foundations and on the program committees of top security and privacy conferences. He participates in the NSF TRUST center on security and the HHS SHARPS center on healthcare security and privacy. Dr. Datta obtained PhD and MS degrees from Stanford University and a BTech from IIT Kharagpur, all in Computer Science.