Collaborative Research: DASS: Assessing the Relationship Between Privacy Regulations and Software Development to Improve Rulemaking and Compliance

合作研究：DASS：评估隐私法规与软件开发之间的关系以改进规则制定和合规性

• 批准号: 2317185
• 负责人: Yinzhi Cao
• 金额: $ 25万
• 依托单位: Johns Hopkins University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2023
• 资助国家: 美国
• 起止时间: 2023-11-01 至 2026-10-31
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2317185&HistoricalAwards=false
• 关键词: Collaborative; Research; DASS; Assessing; Relationship

The advent of the surveillance economy in the modern Internet has significantly transformed understandings of privacy. Governments worldwide have proposed various legislative solutions to encourage responsible behavior by companies handling personally identifiable information. However, the relationship between regulation and software design, and the ultimate efficacy of enforcement paradigms at promoting widespread compliance with data protection standards, are difficult to measure. This research leverages a combined team of legal and engineering experts to provide the first tool to systematically evaluate how privacy laws impact approaches to personally identifiable information in software development, laying the foundation for a new regulatory paradigm based on proactive, rather than reactive, models of enforcement, which rely on mass automated notifications rather than labor-intensive individual enforcement actions.The research begins with a comprehensive study of privacy legislation, including contrasting approaches to enforcement. The investigators will then develop an automatic framework based on machine learning and program analysis to assess the impact of privacy regulations on real-world software. Lastly, the investigators will utilize the data from the previous two activities to develop conclusions on how regulatory and enforcement paradigms can be improved to develop more effective models of compliance among software developers. In addition to generating concrete lessons for improving the efficiency and efficacy of privacy legislation, the research will advance program analysis and natural language processing techniques for extracting complex software information and verifying compliance with privacy regulationsThis award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

现代互联网中监控经济的出现极大地改变了人们对隐私的理解。世界各国政府已经提出了各种立法解决方案，以鼓励处理个人身份信息的公司采取负责任的行为。然而，监管和软件设计之间的关系，以及执法模式在促进广泛遵守数据保护标准方面的最终效力，很难衡量。这项研究利用了一个由法律的和工程专家组成的联合团队，提供了第一个工具来系统地评估隐私法如何影响软件开发中个人身份信息的方法，为基于主动而不是被动的执法模式的新监管范式奠定了基础，这依赖于大规模的自动通知，而不是劳动密集型的个人执法行动。这项研究始于对隐私立法的全面研究，包括对执法采取截然不同的做法。然后，研究人员将开发一个基于机器学习和程序分析的自动框架，以评估隐私法规对现实世界软件的影响。最后，调查人员将利用前两项活动的数据得出结论，说明如何改进监管和执法模式，以便在软件开发人员中开发更有效的合规模式。除了为提高隐私立法的效率和效力提供具体的经验教训外，该研究还将推进程序分析和自然语言处理技术，以提取复杂的软件信息并验证是否符合隐私法规。该奖项反映了NSF的法定使命，并被认为值得通过使用基金会的知识价值和更广泛的影响审查标准进行评估来支持。