March 28, 2015

avatar

Why were CERT researchers attacking Tor?

Yesterday the Tor Project issued an advisory describing a large-scale identification attack on Tor hidden services. The attack started on January 30 and ended when Tor ejected the attackers on July 4. It appears that this attack was the subject of a Black Hat talk that was canceled abruptly.

These attacks raise serious questions about research ethics and institutional responsibilities.
[Read more...]

avatar

Are We Rushing to Judgment Against the Hidden Power of Algorithms?

Several recent news stories have highlighted the ways that online social platforms can subtly shape our lives. First came the news that Facebook has “manipulated” users’ emotions by tweaking the balance of happy and sad posts that it shows to some users. Then, this week, the popular online dating service OKCupid announced that it had deliberately sent its users on dates that it predicted would not go well. OKCupid asks users questions, and matches them up based on their answers (for example, “do you like horror movies?”), using the answers to compute a “match percentage” showing how likely two people are to get along.
[Read more...]

avatar

A Scanner Darkly: Protecting User Privacy from Perceptual Applications

“A Scanner Darkly”, a dystopian 1977 Philip K. Dick novel (adapted to a 2006 film), describes a society with pervasive audio and video surveillance. Our paper “A Scanner Darkly”, which appeared in last year’s IEEE Symposium on Security and Privacy (Oakland) and has just received the 2014 PET Award for Outstanding Research in Privacy Enhancing Technologies, takes a closer look at the soon-to-come world where ubiquitous surveillance is performed not by the drug police but by everyday devices with high-bandwidth sensors. [Read more...]

avatar

“Loopholes for Circumventing the Constitution”, the NSA Statement, and Our Response

CBS News and a host of other outlets have covered my new paper with Sharon Goldberg, Loopholes for Circumventing the Constitution: Warrantless Bulk Surveillance on Americans by Collecting Network Traffic Abroad. We’ll present the paper on July 18 at HotPETS [slides, pdf], right after a keynote by Bill Binney (the NSA whistleblower), and at TPRC in September. Meanwhile, the NSA has responded to our paper in a clever way that avoids addressing what our paper is actually about. [Read more...]

avatar

Fair Use, Legal Databases, and Access to Litigation Inputs  

In copyright-and-fair-use news, a significant case for the legal profession’s access to the inputs of judicial decision-making was decided last week in federal district court in New York. The case was brought against West Publishing Corp. (owner of the Westlaw database) and Reed Elsevier (owner of the LexisNexis database) by two lawyers who alleged that their copyrights in their legal briefs were infringed when West and Lexis included the briefs in their databases. The two databases have long provided paid subscribers with access to the judicial decisions that adjudicate the arguments raised by litigants. Now, Westlaw and Lexis will be able to continue providing their subscribers with access to the primary documents in which those arguments are made. In a decision that follows the lead of recent fair use decisions concerning the wholesale copying of literary works to repurpose them for search and research, the court held that West and Lexis are protected from the lawyers’ claims of infringement. A holding in favor of the plaintiffs would have made it effectively impossible for West and Lexis to continue to provide subscribers with access to copies of briefs, given the prohibitively high transaction costs associated with trying to license every brief filed by every lawyer in every case in every court in the United States.
[Read more...]

avatar

No silver bullet: De-identification still doesn’t work

Paul Ohm’s 2009 article Broken Promises of Privacy spurred a debate in legal and policy circles on the appropriate response to computer science research on re-identification techniques. In this debate, the empirical research has often been misunderstood or misrepresented. A new report by Ann Cavoukian and Daniel Castro is full of such inaccuracies, despite its claims of “setting the record straight.”

In a response to this piece, Ed Felten and I point out eight of our most serious points of disagreement with Cavoukian and Castro. The thrust of our arguments is that (i) there is no evidence that de-identification works either in theory or in practice and (ii) attempts to quantify its efficacy are unscientific and promote a false sense of security by assuming unrealistic, artificially constrained models of what an adversary might do. [Read more...]

avatar

On the Ethics of A/B Testing

The discussion triggered by Facebook’s mood manipulation experiment has been enlightening and frustrating at the same time. An enlightening aspect is how it has exposed divergent views on a practice called A/B testing, in which a company provides two versions of its service to randomly-chosen groups of users, and then measures how the users react. A frustrating aspect has been the often-confusing arguments made about the ethics of A/B testing.

One thing that is clear is that the ethics of A/B testing are an important and interesting topic. This post is my first cut at thinking through these ethical questions. I am thinking about A/B testing in general, and not just testing done for academic research purposes. Some disclaimers: I am considering A/B testing in general rather than one specific experiment; I am considering what is ethical rather than what is legal or what is required by somebody’s IRB; I am considering how people should act rather than observing how they do act.
[Read more...]

avatar

After the Facebook emotional contagion experiment: A proposal for a positive path forward

Now that some of the furor over the Facebook emotional contagion experiment has passed, it is time for us to decide what should happen next. The public backlash has the potential to drive a wedge between the tech industry and the social science research community. This would be a loss for everyone: tech companies, academia, and the public. In the age of big data, the interaction between social scientists and tech companies could yield a richer understanding of human behavior and new ideas about how to solve some of society’s most important problems. Given these opportunities, we must develop a framework within which this research can continue, but continue in a responsible way.
[Read more...]

avatar

“Privacy Comes at a Cost” – The U.S. Supreme Court’s Opinion in Riley v. California

In Riley v. California, a cell phone search-and-seizure opinion delivered by Chief Justice Roberts for a unanimous Court last month, the U.S. Supreme Court squarely recognized, and afforded special protection to, the ubiquitous use and storage of voluminous electronic data of many different types on mobile devices today. The opinion holds that, without a warrant, law enforcement generally may not search the content of a cell phone that has been taken from an arrested individual.

This landmark decision required a distinct departure from a trilogy of U.S. Supreme Court decisions permitting the search of property found on or near an arrestee under the “incident to an arrest” exception to the requirement of a warrant under Fourth Amendment jurisprudence. Those decisions were grounded in the interests of officer safety and preservation of evidence, a limited intrusion on individual privacy, and, in one decision, the unique characteristics of the arrest of an individual in an automobile.
[Read more...]

avatar

Privacy Implications of Social Media Manipulation

The ethical debate about Facebook’s mood manipulation experiment has rightly focused on Facebook’s manipulation of what users saw, rather than the “pure privacy” issue of which information was collected and how it was used.

It’s tempting to conclude that because Facebook didn’t change their data collection procedures, the experiment couldn’t possibly have affected users’ privacy interests. But that reasoning is incorrect.
[Read more...]