Additional Resources on Privacy and Security

Privacy Tools for Sharing Research Data Led by Salil Vadhan, Vicky Joseph Professor of Computer Science and Applied Mathematics, “Privacy Tools for Sharing Research Data” is a collaborative project aimed at enabling the collection, analysis, and sharing of personal data for research in social science and other fields, while providing privacy for individual subjects. The initiative seeks to incorporate computational, statistical, legal, and policy tools into data repositories. The project, which has received seed funding from both Google and the National Science Foundation, seeks to define and measure privacy in both mathematical and legal terms, and explore alternative definitions of privacy that may be more practical. Read more.

 

Consumer Data Privacy in a Networked World

In 2012, the White House released “Consumer Data Privacy in a Networked World,” a comprehensive Consumer Privacy Bill of Rights to give consumers clear guidance on what they should expert from those who handle their personal information. The report also set expectations for companies that collect and use personal data. The document details a number of rights individuals possess related to their personal information, including: individual control over personal data, transparency related to company security practices, and the ability to access and correct personal data. Read more.

 

 

Center for Research on Computation and Society

Launched at SEAS in 2005, the Center for Research on Computation and Society brings together an interdisciplinary team of researchers to conduct cutting-edge computer science research that serves the public interest. The center began by addressing issues in security and privacy, but its mission has broadened in recent years to address areas such as health care informatics, technology and accessibility, automated and reproducible data analysis, and computational game theory. CRCS, led by Margo Seltzer, Hershel Smith Professor of Computer Science, is comprised of Harvard faculty, visiting scholars, and postdoctoral fellows who collaborate on a number of research projects, including: “Privacy Tools for Sharing Research Data,” “Theory and Applications of Social Computing,” and “Language-Based Security and Privacy.” Read more.

 

 

Privacy in a Networked World

On Jan. 23, 2015, the Institute for Applied Computational Science at SEAS held a daylong symposium: “Privacy in a Networked World.” The event featured a Q&A with former NSA systems administrator Edward Snowden, who called into the symposium via Google Hangout from Moscow.  Led by Bruce Schneier, a fellow at Harvard Law School’s Berkman Center for Internet and Society, the Snowden Q&A focused on Internet surveillance and data privacy related to individuals, organizations, and governments, and how technological changes have rendered once-secure systems vulnerable. Other speakers included Latanya Sweeney, chief technology officer of the U.S. Federal Trade Commission, John Wilbanks, chief commons officer at Sage Bionetworks, and Cynthia Dwork, a distinguished scientist at Microsoft Research. Read more.

 

 

Shill

Shill, developed by Stephen Chong, associate professor of computer science, with graduate students Scott Moore and Dan King, and postdoctoral fellow Christos Dimoulas, is a scripting language that limits the resources scripts can access to only those they need to complete specific tasks. It applies the principle of least privilege, which says that software shouldn’t be executed with more authority than it needs to do its job. By limiting the parts of a system that a script can access, Shill helps to prevent hackers from exploiting security vulnerabilities by injecting malicious code into a script. Read more.

 

 

RockSalt

RockSalt, developed in the research group of Greg Morrisett, former Allen B. Cutting Professor Computer Science, could help to increase the security of commonly used Web and mobile applications. Created by Edward Gan, A.B. ’13, Joseph Tassarotti, A.B. ’13, former postdoctoral fellow Jean-Baptiste Tristan, and Gang Tan of Lehigh University, RockSalt is a piece of code that uses the fundamentals of a mathematical proof to verify whether a native computer programming language complies with a particular security policy. The security checker could be useful in Web-based applications, where running a program in native machine code (as opposed to a safer, intermediate language like Javascript) could open up the door to hackers. Read more.