Colloquium Details

Foundations of Privacy: Contextual Integrity, The Logic of Privacy and Beyond

Speaker: Anupam Datta, Research Scientist, Carnegie Mellon University

Location: Warren Weaver Hall 1302

Date: February 27, 2009, 11:30 a.m.

Host: Helen Nissenbaum


Organizations, such as businesses, non-profits, government agencies, hospitals, banks, and universities, collect and use personal information from a range of sources, shared with specific expectations about how it will be managed and used. Accordingly, they must find ways to comply with expectations, which may be complex and varied, as well as with relevant privacy laws and regulations, while they minimize operational risk and carry out core functions of the organization efficiently and effectively.

In this talk, I will report on a principled approach for expressing and enforcing privacy policies in complex organizational processes. The starting point of our work is "contextual integrity", a conceptual framework for understanding privacy expectations and their implications developed in the literature on law, public policy, and political philosophy. We formalize some aspects of contextual integrity in a logical framework for expressing norms of transmission of personal information. The technical approach is based on temporal logic with semantics defined over concurrent game structures. In comparison with access control and privacy policy frameworks such as RBAC, EPAL, and P3P, these norms focus on who personal information is about, how it is transmitted, and past and future actions by both the subject and the users of the information. Our logic is expressive enough to capture naturally many notions of privacy found in legislation, including those found in HIPAA, COPPA, and GLBA. In addition to privacy, we formalize a notion of "utility" that captures the goals of the organization, e.g. since a hospital's goal is to provide health care, certain flows of personal information are necessary. We also develop automated support for policy compliance, audit, and policy analysis.

While contextual integrity and its formalization focuses on personal information about individuals, privacy policies also refer to aggregate or anonymized information about groups of individuals. I will describe some of our ongoing work on integrating database privacy concepts into formal policy models and languages. Specifically, I will report on our experiences with formalizing and lifting differential privacy (a promising recent approach to database privacy) to reactive organizational processes.

Speaker Bio:

Anupam Datta joined the research faculty at Carnegie Mellon University in 2007. Prior to that he was a Postdoctoral Research Associate (2005-07) at Stanford University. He obtained PhD (2005) and MS (2002) degrees from Stanford and a BTech (2000) from IIT Kharagpur, all in Computer Science. Dr. Datta's research interests are in privacy, analysis of cryptographic protocols, and software system security. He has served as General Chair of the 2008 IEEE Computer Security Foundations Symposium, Program Co-chair of the 2008 Formal and Computational Cryptography Workshop, and on the program committees of many computer security conferences including ACM CCS, IEEE S & P, and IEEE CSF.


Refreshments will be offered starting 15 minutes prior to the scheduled start of the talk.

How to Subscribe