Constitution Center
400 7th St SW
Washington
DC
20024
Event Description
The FTC hosted its fourth annual PrivacyCon on June 27, 2019. For PrivacyCon 2019, the FTC was seeking research presentations on a wide range of consumer privacy and security issues, with a particular focus on the economics driving those issues. The call for presentations sought empirical research responding to several questions, including:
- What new privacy and security issues arise from emerging technologies such as the Internet of Things, artificial intelligence, and virtual reality?
- What are the greatest threats to consumer privacy today?
- How can one quantify the costs and benefits to consumers of keeping data about them private?
- What are the incentives for manufacturers and software developers to implement privacy and security by design in their goods or services and keep security up to date?
- Is there evidence that the market is able to provide efficient levels of privacy and data security?
Information on how to submit a presentation can be found in the call for presentations. The deadline for submissions was March 15, 2019.
PrivacyCon was free and open to the public, and will be held at the FTC’s Constitution Center Office, located at 400 7th St., SW, Washington, DC. PrivacyCon was also webcast live.
Disability accommodation
We welcome people with disabilities. The FTC will accommodate as many attendees as possible; however, admittance will be limited to seating availability. Reasonable accommodations for people with disabilities are available upon request. Requests for accommodations should be submitted to Elizabeth Kraszewski via email at ekraszewski@ftc.gov or by phone at (202) 326-3087. Such requests should include a detailed description of the accommodation needed. In addition, please allow at least five business days advance notice for accommodation requests; last minute requests will be accepted but may not be possible to accommodate.
-
8:15 am
Registration
9:15 am
Welcome and Opening Remarks
Joseph J. Simons
Chairman, 鶹ý Trade Commission9:30 am
Session 1: Privacy Policies, Disclosures, and Permissions
- Yan Shvartzshnaider, New York University and Princeton University, Privacy Policies Through the Lens of Contextual Integrity
- Co-authors: Noah Apthorpe (Princeton University), Nick Feamster (Princeton University), Helen Nissenbaum (Cornell Tech)
- Kassem Fawaz, University of Wisconsin-Madison, Polisis: Automated Analysis and Presentation of Privacy Policies Using Deep Learning
- Co-authors: Hamza Harkous (École Polytechnique Fédérale de Lausanne), Rémi Lebret (École Polytechnique Fédérale de Lausanne), Florian Schaub (University of Michigan), Kang G. Shin (University of Michigan), Karl Aberer (École Polytechnique Fédérale de Lausanne)
- Justin Brookman, Consumer Reports, Data Collection Practices of Large Online Platforms
- Christine Utz, Ruhr University Bochum, We Value Your Privacy . . . Now Take Some Cookies: Measuring the GDPR’s Impact on Web Privacy
- Co-authors: Martin Degeling (Ruhr University Bochum), Christopher Lentzsch (Ruhr University Bochum), Henry Hosseini (Ruhr University Bochum), Florian Schaub (University of Michigan), and Thorsten Holz (Ruhr University Bochum)
- Jonathan Schubauer, Indiana University, Apps, Code, Culture, and Privacy Reform: Examining Influences on Android Permissions
- Co-authors: David Argast (Indiana University), L. Jean Camp (Indiana University), and Sameer Patil (Indiana University)
Moderators:
- Mark Eichorn
Assistant Director, 鶹ý Trade Commission, Division of Privacy and Identity Protection - Jamie Hine
Attorney, 鶹ý Trade Commission, Division of Privacy and Identity Protection
10:50 am
Break
11:20 am
Session 2: Consumer Preferences, Expectations, and Behaviors
- Katie McInnis, Consumer Reports, Evaluation of Historical Data Regarding Consumers’ Understanding, Behavior, and Attitudes on Digital Privacy and Online Tracking
- Mahmood Sharif, Carnegie Mellon University, Comparing Hypothetical and Realistic Privacy Valuations
- Co-authors: Joshua Tan (Carnegie Mellon University), Sruti Bhagavatula (Carnegie Mellon University), Matthias Beckerle (Carnegie Mellon University), Michelle L. Mazurek (University of Maryland), Lujo Bauer (Carnegie Mellon University)
- Noah Apthorpe, Princeton University, Evaluating the Contextual Integrity of Privacy Regulation: Parents’ IoT Privacy Norms Versus COPPA
- Co-authors: Sarah Varghese (Princeton University), Nick Feamster (Princeton University)
- Kristen Walker, California State University Northridge, The Role of Cognitive Defense Strategies, Age, and Motivation in Children’s Privacy Protection
- Co-authors: J. Craig Andrews (Marquette University), Jeremy Kees (Villanova University)
- Yaxing Yao, Syracuse University, “What if?” Predicting Individual Users’ Smart Home Privacy Preferences and Their Changes
- Co-authors: Natã M. Barbosa (Syracuse University), Joon S. Park (Syracuse University), Yang Wang (Syracuse University).
Moderators:- Andrea Arias
Attorney, 鶹ý Trade Commission, Division of Privacy and Identity Protection - Yan Lau
Economist, 鶹ý Trade Commission, Bureau of Economics
12:40 pm
Lunch
1:40 pm
Session 3: Tracking and Online Advertising
- Anupam Das, North Carolina State University, The Web’s Sixth Sense: A Study of Scripts Assessing Smartphone Sensors
- Co-authors: Gunes Acar (Princeton University), Nikita Borisov (University of Illinois at Urbana-Champaign), Amogh Pradeep (Northeastern University)
- Alessandro Acquisti, Carnegie Mellon University, Tracking Technologies and Publishers Revenues: An Empirical Analysis
- Co-authors: Veronica Marotta (University of Minnesota), Vibhanshu Abhishek (University of California Irvine)
- Catherine Han, U.C. Berkeley, Do You Get What You Pay For? Comparing the Privacy Behaviors of Free vs. Paid Apps
- Co-authors: Irwin Reyes (International Computer Science Institute (“ICSI”)), Amit Elazari Bar On (U.C. Berkeley), Joel Reardon (University of Calgary), Álvaro Feal (IMDEA Networks Institute/Universidad Carloss III de Madrid), Kenneth A. Bamberger (U.C. Berkeley), Serge Egelman (U.C. Berkeley/ICSI), Narseo Vallina-Rodriguez (ICSI/IMDEA Networks Institute)
- Garrett Johnson, Boston University, Regulating Privacy Online: The Early Impact of the GDPR on European Web Traffic & E-Commerce Outcomes
- Co-authors: Samuel Goldberg (Northwestern University), Scott Shriver (University of Colorado Boulder)
- Cristobal Cheyre, Carnegie Mellon University, The Impact of GDPR on the Ad-Supported Content Providers
- Co-authors: Vincent Lefrere (University of Paris Sud), W. Logan Warberg (Carnegie Mellon University), Veronica Marotta (University of Minnesota), Alessandro Acquisti (Carnegie Mellon University)
Moderators:
- Jamie Hine
Attorney, 鶹ý Trade Commission, Division of Privacy and Identity Protection - James Thomas
Economist, 鶹ý Trade Commission, Bureau of Economics
3:00 pm
Break
3:30 pm
Session 4: Vulnerabilities, Leaks, and Breach Notifications
- Sasha Romanosky, RAND Corporation, Improving Vulnerability Remediation Through Better Exploit Prediction
- Co-Authors: Jay Jacobs (Cyentia), Idris Adjerid (Virginia Tech), Wade Baker (Virginia Tech)
- Elleen Pan, Northeastern University, Panoptispy: Characterizing Audio and Video Exfiltration from Android Applications
- Co-authors: Jingjing Ren (Northeastern University), Martina Lindorfer (TU Wien), Christo Wilson (Northeastern University), David Chofnes (Northeastern University)
- Serge Egelman, U.C. Berkeley/ICSI, 50 Ways to Leak Your Data: An Exploration of Apps’ Circumvention of the Android Permissions System
- Co-authors: Joel Reardon (University of Calgary), Álvaro Feal (IMDEA Networks), Primal Wijesekera (U.C. Berkeley/ICSI), Amit Elazari Bar On (U.C. Berkeley), Narso Vallina Rodriguez (IMDEA Networks/ICSI)
- Yixin Zou, University of Michigan, Lengthy, Vague, and Inactionable: Issues with Data Breach Notifications and Implications for Public Policy
- Co-authors: Shawn Danino (University of Michigan), Kaiwen Sun (University of Michigan), Abraham H. Mhaidli (University of Michigan), Austin McCall (University of Michigan), Florian Schaub (University of Michigan)
Moderators:
- Andrea Arias
Attorney, 鶹ý Trade Commission, Division of Privacy and Identity Protection - Lerone Banks
Technologist, 鶹ý Trade Commission, Division of Privacy and Identity Protection
FileAgenda (206.59 KB) - Yan Shvartzshnaider, New York University and Princeton University, Privacy Policies Through the Lens of Contextual Integrity
- FileSpeaker Bios (193.03 KB)
-
Event Materials
-
Transcript - Files
FileFull Transcript of PrivacyCon 2019, Session 1 (261.83 KB)File
-
Location