Collaborative Research: DASS: Developer Implementation of Privacy in Software Systems

合作研究：DASS：开发人员在软件系统中实施隐私

• 批准号: 2217771
• 负责人: Serge Egelman
• 金额: $ 43.94万
• 依托单位: International Computer Science Institute
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2022
• 资助国家: 美国
• 起止时间: 2022-10-01 至 2025-09-30
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2217771&HistoricalAwards=false
• 关键词: Collaborative; Research; DASS; Developer; Implementation

Recent years have seen a surge in privacy regulations across the globe. The main objective of these regulations is to protect user data and users’ rights by providing guidelines for organizations to follow. The assumption is that such guidelines will provide developers with a clear and concise framework for writing privacy-conscious code. However, even after the introduction of these regulatory frameworks, software regularly fails to protect user privacy. This often happens because the developer is responsible for ensuring that the legal framework is implemented correctly in the code, but writing privacy-conscious code requires developers to develop a thorough and nuanced understanding of the regulatory demands. To further such an understanding and develop solutions, this project explores the interaction between new privacy regulations and the software developers tasked with complying with them. The project team will look at how developers react to privacy regulations, analyzing discussions among developers in the face of new privacy regulations, code changes they make in response to shifting regulatory frameworks or new case laws interpreting existing regulations, and developer reactions to widely publicized privacy breaches. After identifying these interactions, this project aims to propose software development tools and methodologies to support the effective alignment of regulatory constraints and development practice.The project brings together computer scientists experts in security, privacy, and usability, and legal and organizational behavior scholars with expertise in privacy law, algorithmic fairness, network consensus mechanisms, and computational linguistics. The team will study how new privacy laws are impacting software systems by examining the discussions developers are having among themselves, in public code repositories, bug tracking systems, and online fora. These discussions and related code updates in public repositories will be compared with the language of privacy used in the laws and regulations themselves, the public comments around the laws, and the broader public conversation on privacy, in order to understand privacy regulations that raise particular confusion, concerns, and errors. These comparisons will lead to a rigorous analysis of the impacts of new privacy regulations on software development and offer recommendations for improvements in terms of both regulation and software development.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

近年来，全球隐私法规激增。这些法规的主要目的是通过为组织提供准则来保护用户数据和用户的权利。假设是，此类准则将为开发人员提供一个清晰简洁的框架，以编写隐私意识代码。但是，即使引入了这些监管框架，软件仍无法保护用户隐私。这通常是因为开发人员有责任确保在《代码》中正确实施法律框架，但是编写具有隐私意识的代码要求开发人员对监管要求有详尽而细微的理解。为了进一步理解和开发解决方案，该项目探讨了新的隐私法规与遵守符合其的软件开发人员之间的相互作用。项目团队将研究开发人员对隐私法规的反应，面对新隐私法规的开发人员之间的讨论，对改变监管框架的转换或解释现有法规的新案例法所进行的代码更改，以及开发人员对广泛宣传的隐私破坏的反应。在确定了这些相互作用之后，该项目旨在提出软件开发工具和方法，以支持监管约束和开发实践的有效保持一致。该项目将计算机科学家汇集了安全，隐私和可用性和可用性的专家，以及法律和组织的行为学者与隐私权法，算法公平，网络共识，网络共识机构和计算机学和计算效率和计算机学的专业知识。该团队将通过研究开发人员之间的讨论，在公共代码存储库，错误跟踪系统和在线fora中进行研究，研究新的隐私法正在如何影响软件系统。将将公共存储库中的这些讨论和相关代码更新与法律法规本身使用的隐私语言，公众对法律的评论以及有关隐私的更广泛的公众对话，以了解引起特定混乱，关注和错误的隐私法规。这些比较将导致对新隐私法规对软件开发的影响的严格分析，并为改进监管和​​软件开发提供建议。该奖项反映了NSF的法定任务，并且我们是否使用基金会的智力优点和更广泛的影响标准来评估我们的支持。