Collaborative Research: DASS: Developer Implementation of Privacy in Software Systems

合作研究：DASS：开发人员在软件系统中实施隐私

• 批准号: 2217771
• 负责人: Serge Egelman
• 金额: $ 43.94万
• 依托单位: International Computer Science Institute
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2022
• 资助国家: 美国
• 起止时间: 2022-10-01 至 2025-09-30
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2217771&HistoricalAwards=false
• 关键词: Collaborative; Research; DASS; Developer; Implementation

Recent years have seen a surge in privacy regulations across the globe. The main objective of these regulations is to protect user data and users’ rights by providing guidelines for organizations to follow. The assumption is that such guidelines will provide developers with a clear and concise framework for writing privacy-conscious code. However, even after the introduction of these regulatory frameworks, software regularly fails to protect user privacy. This often happens because the developer is responsible for ensuring that the legal framework is implemented correctly in the code, but writing privacy-conscious code requires developers to develop a thorough and nuanced understanding of the regulatory demands. To further such an understanding and develop solutions, this project explores the interaction between new privacy regulations and the software developers tasked with complying with them. The project team will look at how developers react to privacy regulations, analyzing discussions among developers in the face of new privacy regulations, code changes they make in response to shifting regulatory frameworks or new case laws interpreting existing regulations, and developer reactions to widely publicized privacy breaches. After identifying these interactions, this project aims to propose software development tools and methodologies to support the effective alignment of regulatory constraints and development practice.The project brings together computer scientists experts in security, privacy, and usability, and legal and organizational behavior scholars with expertise in privacy law, algorithmic fairness, network consensus mechanisms, and computational linguistics. The team will study how new privacy laws are impacting software systems by examining the discussions developers are having among themselves, in public code repositories, bug tracking systems, and online fora. These discussions and related code updates in public repositories will be compared with the language of privacy used in the laws and regulations themselves, the public comments around the laws, and the broader public conversation on privacy, in order to understand privacy regulations that raise particular confusion, concerns, and errors. These comparisons will lead to a rigorous analysis of the impacts of new privacy regulations on software development and offer recommendations for improvements in terms of both regulation and software development.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

近年来，全球范围内的隐私法规激增。这些规定的主要目的是通过为组织提供遵循的指导方针来保护用户数据和用户权利。我们的假设是，这样的指导方针将为开发人员提供一个清晰而简洁的框架，用于编写具有隐私意识的代码。然而，即使在这些监管框架出台后，软件也经常无法保护用户隐私。这种情况经常发生，因为开发人员负责确保在代码中正确实现法律框架，但编写具有隐私意识的代码需要开发人员对监管要求进行彻底和细微的理解。为了促进这样的理解和开发解决方案，这个项目探索了新的隐私法规与负责遵守这些法规的软件开发人员之间的互动。项目团队将研究开发人员对隐私法规的反应，分析开发人员在面对新的隐私法规时的讨论，他们针对不断变化的监管框架或解释现有法规的新判例法所做的代码更改，以及开发人员对广泛宣传的隐私违规行为的反应。在确定这些相互作用后，该项目旨在提出软件开发工具和方法，以支持法规约束与开发实践的有效匹配。该项目汇集了计算机科学家、安全、隐私和可用性方面的专家，以及在隐私法、算法公平性、网络共识机制和计算语言学方面具有专业知识的法律和组织行为学者。该团队将通过检查开发人员之间在公共代码库、错误跟踪系统和在线论坛中进行的讨论，来研究新的隐私法如何影响软件系统。这些讨论和公共资源库中的相关代码更新将与法律法规本身使用的隐私语言、围绕法律的公众评论以及更广泛的关于隐私的公众对话进行比较，以了解引起特定困惑、担忧和错误的隐私法规。这些比较将导致对新的隐私法规对软件开发的影响进行严格分析，并在法规和软件开发方面提出改进建议。该奖项反映了NSF的法定使命，并通过使用基金会的智力优势和更广泛的影响审查标准进行评估，被认为值得支持。