Modern organizations, such as businesses, non-profits, government agencies, and universities, collect and use personal information from a range of sources, shared with specific expectations about how it will be managed and used. Accordingly, they must find ways to comply with expectations, which may be complex and varied, as well as with relevant privacy laws and regulations, while they minimize operational risk and carry out core functions of the organization efficiently and effectively. Designing organizational processes to manage personal information is one of the greatest challenges facing organizations (see, e.g., a recent survey by Deloitte and the Ponemon Institute [TI07]), with far-reaching implications for every individual whose personal information is available to modern organizations, i.e., all of us.
This project responds to these challenges by developing methods, algorithms and prototype tools for integrating privacy, compliance, and risk evaluation into complex organizational processes. It explores, articulates and characterizes formally the scope and nature of privacy-expectations of stakeholders as well as those of key regulations, such as HIPAA, GLBA, COPPA, BASEL 2, and Sarbanes-Oxley (SOX). It incorporates the diverse perspectives and areas of expertise of its multidisciplinary research team, which includes three computer scientists, one philosopher, and collaborating researchers from IBM. This industry connection facilitates interaction with product teams that have served complex organizations concerned with business process integrity, information security, privacy, and information risk management. The research builds on "contextual integrity" (a philosophical account of privacy) as well as language and risk-based methods for privacy policy specification and enforcement. Extensive training and educational opportunities are provided to undergraduate and graduate students and research results integrated into courses at CMU, NYU, Stanford, and UPenn.
Modern organizations, such as businesses, non-profits, government agencies, and universities, collect and use personal information from a range of sources, shared with specific expectations about how it will be managed and used. Accordingly, they must find ways to comply with expectations, which may be complex and varied, as well as with relevant privacy laws and regulations, while they minimize operational risk and carry out core functions of the organization efficiently and effectively. Designing organizational processes to manage personal information is one of the greatest challenges facing organizations, with far-reaching implications for every individual whose personal information is available to modern organizations, i.e., all of us. This project responded to these challenges by developing methods, algorithms and prototype tools for integrating privacy, compliance, and risk evaluation into complex organizational processes. This project supported research on formal analysis of protocols and processes. The project explored, articulated and characterized formally the scope and nature of privacy-expectations of stakeholders as well as those of key regulations. It incorporated the diverse perspectives such as business process integrity, information security, privacy, and information risk management. Key outcomes include fundamental results in computational complexity of the planning problem in collaborative systems and as a special case, the secrecy problem for cryptographic protocols. Other key outcomes include a reduction based toolkit for formal analysis of large inter-domain routing systems and comprehensive toolkit for analyzing and implementing routing policies. Key outcomes also include computer-aided analysis of cryptographic assumptions in generic group models. Key outcomes also include a new mathematical framework that captures the semantics of information, making the quantification of information leakage independent of the syntactic representation of secret information. PI Scedrov's work on collaborative systems and on declarative privacy policies are contributions to foundations of information confidentiality and privacy. Scedrov and coauthors are exploring applications to health informatics in the form of 1) an automated assistant for clinical trials reporting compliance and 2) a mechanism developed by Scedrov, co-PI Mitchell and collaborators, which shuld prove useful for hospital information exchanges (HIE), placing medical research data on servers for download by researchers, and other "meaningful use" purposes. Regarding a proposed automated assistant for clinical trials reporting complicance, Scedrov and coautors Carolyn Talcott and Vivek Nigam are communicating with a commercial firm that specializes in health informatics products. Scedrov's work on operational semantics of distributed logic programs is a contribution to foundations of cloud computing.