Post on 29-Dec-2015
Knowledge Transfer - Policy
Deirdre K. Mulligan
School of Law
School of Information
University of California, Berkeley
Policy Audiences
• Colleagues and students• TRUST; other academics; other disciplines
• Policy makers• Legislative; regulatory; administrative• Federal; state; local
• Private Sector• Entities and individuals
• Technologists• Private and public sector
Privacy Workshop
“Exploring the Privacy Implications of Trustworthy Systems” - October 2006
Two-day workshop for TRUST graduate students from Berkeley, Stanford, Cornell
Students and post docs presented their work to TRUST faculty and nationally-recognized privacy-policy experts
– Kevin Bankston, Electronic Frontier Foundation– Janlori Goldman, Health Privacy Project– Jim Dempsey, Center for Democracy
Workshop identified privacy issues within students’ research, and brainstormed on future interdisciplinary collaborations.
– Several papers resulted, additional joint work in progress
Visual Privacy Symposium
“Unblinking: New Perspectives on Visual Privacy in the 21st Century”
Symposium discussed the implications of increased network surveillance, cameras in public places, and public policy responses to this technology
Participants included US and international experts in art, law, engineering, psychology, architecture, urban planning, sociology, human rights – Wiki, several forthcoming papers, collaborations
Coding for Policy & Regulating Design
New reading group includes TRUST students Considers whether, when and how to embed
policy in technical systems Emboding Values in technical design Considering entry points available for
influencing technology design When technology design should be viewed as
policy-making Who should be responsible for identifying and
addressing
Private Sector: understanding and creating incentives
Organizational Behavior Effects of Security Breach laws
– More information Absent legal requirement only 20% of firms will report serious breaches
(FBI/CSI 2005)– Broad reach -- electronic data– Privacy laws highly fragmented, sectoral, difficult to adjust– Security process focused lacking performance metrics.– Put a price tag on failure
Two studies underway– Theoretical, role of light-weight information disclosure as
regulation model can play in raising security investment and practices (comparison to environmental sector)
– Empirical analyzing breach type, relationship to consumer, remedial measures, disclosure practices. Which state provisions are more effective? Classifying breach types and feasible technology or policy solutions.
Private sector controls 85% of critical infrastructure Research underway to understand private sector
officials (Chief Privacy Officers and Chief Security Officers) processes around privacy and security:
– Policy development and implementation– Investment decisions– Relation to reputation and risk management
Extent to which decisions are influenced by:– External factors
Market, law, standard setting orgs, insurance– Internal factors
Position, access, background– Technology
Availability, price, standards
Private Sector: understanding and creating incentives
Government: managing policy-significant technology change
How have agencies identified and managed policy significant technological change?
Case studiesRFID Epassport Study
How does government approach shapeUnderstanding of security/privacy issues adoption of security/privacy mechanisms
Remotely available court records
Comparative (Germany/US)
Engagement with DHS, DOS, CA legRFIDVideo
Theoretical => practical
Policy-makers
Federal Trade Commission– Participated in “Protecting Consumers in multiple sessions of the Next Tech-ade”– Presented at “Negative Options Workshop” regarding effect of “short-notices” for
consumers before installing software Department of Homeland Security
- Testified before DHS Security Data Privacy and Integrity Advisory Committee. - Ongoing work on video surveillance with DHS and PIAC- Upcoming nprm-related workshop on REAL ID- Policy framework for information and network security research
California Energy Commission– Held seminar for Commissioner Rosenfeld on security and privacy concerns re:
“demand response” energy systems– Working with CEC to facilitate their access to data for energy forecasting &
conservation in a way that protects privacy San Francisco, Fresno
– Video surveillance assessment and policy development Anti-spyware coalition
– Input into best practices– Input into litigation and enforcement
Policy-makers, cont’d
Invited to testify before Senate Subcommittee on Terrorism, Technology & Homeland Security
Briefed House and Senate on TRUST – Offices of Senators Feinstein, Boxer, Rockefeller, Webb– Senate and House Committees on the Judiciary– Offices of Representatives Lofgren, Lee, Eschoo
Participated in the Congressional Internet Caucus’s “State of the Net” conference.
– This summer state of the net west– Workshops on social networking and privacy and behavioral
targeting Ongoing work with Federal and State legislatures Initial groundwork for TRUST researcher briefings at
FTC and with Internet caucus