TC: Medium: Semantics and Enforcement of Privacy Policies: Information Use and Purpose

TC：媒介：隐私政策的语义和执行：信息使用和目的

• 批准号: 1064688
• 负责人: Anupam Datta
• 金额: $ 119.71万
• 依托单位: Carnegie-Mellon University
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2011
• 资助国家: 美国
• 起止时间: 2011-08-01 至 2017-07-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1064688&HistoricalAwards=false
• 关键词: TC; Medium; Semantics; Enforcement; Privacy

Organizations, such as hospitals, financial institutions, and universities, that collect and use personal information are required to comply with privacy regulations, such as the Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach-Bliley Act (GLBA), and the Family Educational Rights and Privacy Act (FERPA). Similarly, to ensure customer trust, web services companies, such as Google, Facebook, Yahoo!, and Amazon, publish privacy policies stating what they will do with the information they keep about customers' individual behaviors. These policies impose constraints on disclosure (or transmission) of personal information, articulate obligations (e.g., notifying customers about privacy breaches), and identify purposes for which personal information may or may not be used. Prior work has focused on formalisms for disclosure and obligations, but no such foundation has been developed for information use for specified purposes.Intellectual Merit. This project addresses the central problem of developing a formal semantics that explains what it means to use information for a set of purposes, a logic for specifying such policies, and algorithmic methods for their enforcement. It advances the state of knowledge in the field of privacy by providing a foundation for a concept that is commonly used in practice, but has not been the subject of careful scientific study. The project also investigates the interaction of this concept with the previously studied concepts of disclosure and obligation, thereby enabling a more comprehensive understanding of privacy. The formal semantics the project develops is novel and draws on insights from prior work on philosophical theories of causation and intentions, and from the computer science literature on formal methods, information flow, and planning. The model is validated through user studies and its application through case studies in the healthcare domain. Broader Impacts. The project addresses a problem of significant and growing importance to society. It initiates a new direction in providing foundations for privacy by studying the concept of information use for a purpose. This concept appears in privacy policies published by organizations in sectors as diverse as finance, web services, healthcare, insurance, education, and government - the cornerstones of modern society. The semantic foundation serves as the basis for developing practical tools to support the enforcement of such policies in such organizations. The project provides opportunities for engaging graduate and undergraduate students. The PIs plan to integrate the research results into their existing security and privacy courses, and, for wider dissemination, leverage outreach programs in Carnegie Mellon's Computer Science Department and CyLab aimed at K-12, women, persons with disabilities, and underrepresented minorities.

医院、金融机构和大学等收集和使用个人信息的组织必须遵守隐私法规，如《健康保险流通与责任法案》（HIPAA）、《格拉姆-利奇-比利雷法案》（GLBA）和《家庭教育权利和隐私法案》（FERPA）。同样，为了确保客户的信任，网络服务公司，如谷歌，Facebook，雅虎，和亚马逊，发布隐私政策，说明他们将如何处理他们保存的有关客户个人行为的信息。这些政策对个人信息的披露（或传输）施加限制，明确规定义务（例如，通知客户有关隐私泄露），并确定个人信息可能或可能不被使用的目的。以前的工作主要集中在披露和义务的形式上，但还没有为特定目的的信息使用建立这样的基础。这个项目解决了开发一个正式的语义，解释它意味着什么使用信息的一组目的，一个逻辑，指定这样的政策，和算法的方法，他们的执法中心问题。它为一个在实践中普遍使用但尚未经过认真科学研究的概念提供了基础，从而推进了隐私领域的知识水平。该项目还调查了这一概念与先前研究的披露和义务概念之间的相互作用，从而使人们能够更全面地了解隐私。 该项目开发的形式语义是新颖的，并借鉴了因果关系和意图的哲学理论的先前工作的见解，并从正式的方法，信息流和规划的计算机科学文献。该模型通过用户研究和医疗保健领域的案例研究，其应用程序进行了验证。更广泛的影响。该项目处理一个对社会日益重要的重大问题。它开创了一个新的方向，通过研究信息使用的概念，为隐私提供了基础。这一概念出现在金融、网络服务、医疗保健、保险、教育和政府等不同部门的组织发布的隐私政策中-这些部门是现代社会的基石。语义基础是开发实用工具以支持在此类组织中执行此类政策的基础。 该项目为研究生和本科生提供了参与的机会。PI计划将研究成果整合到现有的安全和隐私课程中，并利用卡内基梅隆大学计算机科学系和CyLab针对K-12，妇女，残疾人和代表性不足的少数民族的外展计划进行更广泛的传播。