Technology in Government (TIG) | Topics in Privacy (TIP)

Technology in Government (TIG) and Topics in Privacy (TIP) consist of weekly discussions and brainstorming sessions on all aspects of privacy (TIP) and uses of technology to assess and solve societal, political, and government problems (TIG). Discussions are often inspired by a real-world problems being faced by the lead discussant, who may be from industry, government, or academia. Practice talks and presentations on specific techniques and topics are also common.

Schedule Fall 2013

Date  Discussant  Topic
9/16  Murat Kantarcioglu, University of Texas at Dallas  Mining Distributed Data without Violating Privacy
9/23  Adrian Gropper, Patient Privacy Rights  Fair Information Practice for Cyber ID and Relationship Locator Services
9/30  Alex Frost, Scholarly Labs  How to Get the Best Discussions From An Online Community
10/7  Bruce Schneier, Berkman Fellow  The NSA, Snowden, and Surveillance
10/21  Holly Jacobs,  Revenge Porn and the Business of Internet Humiliation
10/28  Michael Norton, Harvard Business School  Trust Through Transparency
11/4  Raquel Loran Hill, Indiana University  Understanding the Risk of Re-identification in Behavioral Science Data
11/18  Michael Logan & Joseph Santangelo, Axis Technology  Automating the Process for Achieving Acceptable Tolerances in Data De-Identification for Analytics Purposes
12/2  Deb Hurley   Privacy, Personhood, Product, Profit
12/9  Malavika Jayaram, Berkman Fellow  Biometrics In Beta – India's Identity Experiment

Abstracts of Talks and Discussions

  1. Mining Distributed Data without Violating Privacy

    The quantity of data that is captured, collected, and stored by a wide variety of organizations is growing at an exponential rate. The potential for such data to support scientific discovery and optimization of existing systems is significant, but only if it can be integrated and analyzed in a meaningful way by a wide range of investigators. While many believe that data sharing is desirable, there are also privacy and security concerns, rooted in ethics and the law that often prevent many legitimate and noteworthy applications. In this talk, I will provide an overview on our research regarding how to integrate and mine large amounts of privacy-sensitive distributed data without violating such constraints. In doing so, I will discuss how to incentivize data sharing in privacy-preserving distributed data mining applications. This work will draw upon examples form the biomedical domain and discuss recent research on privacy-preserving mining of genomic databases.

    Murat Kantarcioglu, Ph.D. is an Associate Professor in the Computer Science Department and Director of the Data Security and Privacy Lab at the University of Texas at Dallas. He is also a visiting scholar at the Data Privacy Lab at Harvard University.

    Dr. Kantarcioglu's research focuses on creating technologies that can efficiently extract useful information from any data without sacrificing privacy or security. He has published over 100 papers in peer reviewed journals and conferences. His research has been supported by grants from NSF, AFOSR, ONR, NSA, and NIH and has received two best paper awards. He is a recipient of the NSF CAREER award and his research has been reported on in the media, including the Boston Globe and ABC News. He holds a B.S. in Computer Engineering from Middle East Technical University, and M.S. and Ph.D degrees in Computer Science from Purdue University. He is a senior member of IEEE and ACM.

  2. Fair Information Practice for Cyber ID and Relationship Locator Services

    We design databases as honeypots of private information. The mother of all honeypots is the Relationship Locator Service (RLS) - without it, assembling the rest of the database is very very difficult. The RLS can be message metadata assembled by the NSA or it can be a state health information exchange. Fair information practice for cyber ID means engineering for transparency, oversight and accountability in our relationship locator services as our relationships increasingly shift online. It requires a smooth transition from in-person relationships with our physician, to online relationship with our health records resulting from in-person relationships and finally to online relationship to RLS data brokers that have no in-person relationship to the individual. Fair information practice for Cyber ID needs to respect the sovereignty of the individual by minimizing privacy risk when possible and maximizing transparency and accountability when operating relationship locator services. This talk will use the example of Massachusetts Health Information Exchange Relationship Locator Service to frame a discussion of patient cyber ID.

    Adrian Gropper, MD – Chief Technology Officer, Patient Privacy Rights. Dr. Gropper is a pioneer in patient-centered and patient-controlled health records on the Internet. He holds an engineering degree from MIT and an MD from Harvard Medical School. Early work on telemedicine and picture archiving and communications systems (PACS) with Massachusetts General Hospital also introduced him to MIT's Guardian Angel project that many consider the parent of many of today's patient-facing technologies. In 1995, Dr. Gropper founded AMICAS (NAS:AMCS) as the first Web-based radiology PACS and the first to provide direct links to diagnostic imaging in electronic health records.

    Dr. Gropper founded MedCommons in 2004 to develop software for image-enabled, patient-centered health records supporting all of a patient's caregivers. Dr. Gropper participated in many early standardization efforts including IHE, HITSP, Liberty Alliance and the Continuity of Care Record steering committee. He also serves on the Massachusetts Health Information Exchange Technology Workgroup, the Massachusetts Medical Society Committee for Information Technology and Markle Foundation panels. Currently he participates as a patient-access advocate in the NwHIN Direct Project, Blue Button Plus health information exchange, and the NSTIC / IDESG cyber ID initiative. His focus is technology that applies fair information practice to our new world of continuous surveillance and predictive analytics.

  3. How to Get the Best Discussions From An Online Community

    Can organizations improve upon traditional meetings, committees, and conferences to facilitate knowledge transfer, drive decisions, and develop policy? We examine some successes and failures in online communities and social media to look for answers, and present an optimistic vision for the focused use of online discussion environments to improve capacity. Our framework starts with the understanding that most organizations will benefit from aggregating insights from their leading edges -- but that traditional meetings involving synchronous interactions aren't a good fit to effect knowledge sharing in large groups. Examining a range of approaches to aggregate and synthesize knowledge such as traditional meetings and market research, and online communities of practice, wikis, question-and-answer systems, and other discussion fora reveals common tradeoffs among stability, activity, and bias. We consider these tradefoffs, suggest strategies and tactics to overcome common points of failure, and briefly explore some implications of effectively engaging large groups in decision making and policy development.

    Alex Frost is Founder and Chief Strategist at Scholarly Labs. Frost is a former cell biologist who has spent 20 years as a consultant and sometimes entrepreneur focusing on innovation in science communications, knowledge management, and technology adoption. Frost's current projects include metaMeeting, an approach and toolset for effecting online collaboration, and mediQA, a new effort to crowdsource best practices in healthcare.

    Frost previously served as Vice President at PSL Group, where he managed the development and growth of a global online community of over 500k physicians, and served as the first hired executive at Sermo, helping to define a pioneering online community of professionals. Frost was a Principal Investigator on the FDA's first research of social media, now a field of intense interest, and founder of the Biology Editors Company and Science Editors Company, where he led the development of science and medical communications programs, and served as a strategist on research funding and proposal development.

  4. The NSA, Snowden, and Surveillance

    Bruce Schneier is an internationally renowned security technologist, called a "security guru" by The Economist. He is the author of 12 books -- including Liars and Outliers: Enabling the Trust Society Needs to Survive -- as well as hundreds of articles, essays, and academic papers. His influential newsletter "Crypto-Gram" and his blog "Schneier on Security" are read by over 250,000 people. He has testified before Congress, is a frequent guest on television and radio, has served on several government committees, and is regularly quoted in the press. Schneier is a fellow at the Berkman Center for Internet and Society at Harvard Law School, a program fellow at the New America Foundation's Open Technology Institute, a board member of the Electronic Frontier Foundation, an Advisory Board Member of the Electronic Privacy Information Center, and the Security Futurologist for BT -- formerly British Telecom.

  5. Revenge Porn and the Business of Internet Humiliation

    The smart phone has transformed millions of people into pornographers ready to record their intimate moments. The heat of passion can turn terribly wrong after a breakup if a spurned lovers decides to share the images with the world. The talk will outline sites that seek to humiliate by posting mug shots, horrible reviews and explicit images and discuss what can be done about the business of humiliation.

    Adam Tanner, Fellow, Department of Government, Harvard University, author of forthcoming book on the business of personal data, and Forbes columnist.

    Dr. Holly Jacobs, Founder of End Revenge Porn and victim seeking to criminalize revenge porn.

  6. Trust Through Transparency

    How can organizations—from companies to governments—gain the trust of their key stakeholders, from customers to constituents? Customers frequently feel that they are being overcharged for services that seem costless (such as ATM machines), while citizens feel that they are overtaxed for services they believe they do not use. Michael Norton will show that by increasing operational transparency—showing the work being done on stakeholders' behalf—organizations can (re)gain trust, and increase satisfaction.

    Michael Norton is an Associate Professor at the Harvard Business School. Prior to joining HBS, Professor Norton was a Fellow at the MIT Media Lab and MIT's Sloan School of Management. He is the co-author - with Elizabeth Dunn - of the new book, Happy Money: The Science of Smarter Spending (Simon & Schuster). His research has twice been featured in the New York Times Magazine Year in Ideas, and was featured in Harvard Business Review's Breakthrough Ideas for 2009. In 2012, he was selected for Wired Magazine's Smart List as one of "50 People Who Will Change the World."

  7. Understanding the Risk of Re-identification in Behavioral Science Data

    Behavioral scientists often collect and maintain datasets that are high-dimensional (i.e. include some combination of demographic, medical, sexual, and other personal information), and this presents opportunities to characterize participants in unique ways. The conventional wisdom for protecting the privacy of such participants is to either not ask certain questions or to remove or recode potentially identifiable information. The premise of the research discussed here is that neither approach may be sufficient for preventing the (re)identification of participants in large and/or multidimensional datasets. Per human subjects guidelines, researchers need to consider all of the potential risks including whether any disclosure of the subjects' responses outside of the research could reasonably place the subjects at risk of criminal or civil liability or be damaging to the subjects' financial standing, employability, insurability, or reputation. In this work, I seek to determine whether attributes that make a participant unique within a high-dimensional social science dataset can be used to identify that individual. In addition, this work considers the possibility that new online social media (e.g., Facebook, twitter), as well as publically available datasets (e.g., voter registration) could be used to increase the probability to identify participants.

    Raquel Hill is an Associate Professor of Computer Science in the School of Informatics and Computing. Her primary research interests are in the areas of trust and security of distributed computing environments and data privacy with a specific interest in privacy protection mechanisms for medical-related datasets. Dr. Hill’s research is funded by various sources, including the National Science Foundation. She holds B.S. and M.S. degrees in Computer Science from the Georgia Institute of Technology and a Ph.D. in Computer Science from Harvard University.

  8. Automating the Process for Achieving Acceptable Tolerances in Data De-Identification for Analytics Purposes

    While analysis of health care data is expected to offer significant benefits, the use of this data comes with a requirement to protect individual privacy. Record-level data is often used but generally, the identity of the individuals is not needed in order to achieve research objectives. De-identification is a method which can provide safety to individuals as well as allow researchers to do their analysis. What are the appropriate levels of de-identification needed to achieve these results? Answering this question can be a painstaking and time consuming process. When we start with a prospective level of de-identification, how can we rapidly iterate through scenarios with our de-identification base so that we can re-assess and compare the level of useful analysis versus the chances of re-identification? If the process is easy and automated it would enable us to achieve better results in a much shorter time. Also, we will discuss other uses for de-identification.

    Michael Logan co-founded Axis Technology, LLC and is responsible for managing its proprietary data masking product DMsuiteTM and the associated data masking methodology. He is also responsible for the development and delivery of consulting services to Axis's clients as well as company operations. Mr. Logan's expertise covers software development, application and data security, high performance databases, parallel processing technology, data warehousing, business intelligence and systems architecture. At Oracle and Digital Equipment Corp, he pioneered data warehouses and web-based applications. He has worked internationally throughout the US and Europe, he has delivered large, scalable business applications for Fortune 500 companies. Mike holds a bachelor's degree from the University of Notre Dame.

    Joseph Santangelo has been a technology professional for over 20 years and has a Master of Science degree from Steven's Institute of Technology. He has focused on Privacy and Security throughout his career with a heavy emphasis while he was CIO of the Citi Private Bank in the Americas. In his current role at Axis Technology, much of his focus is on securing private data and establishing Risk, Governance and Compliance frameworks. Specific areas of focus include testing for interoperability purposes. He is a member of the Society for Information Management ("SIM"), the Information Systems Security Association ("ISSA"), the Information Systems Audit and Control Association ("ISACA") and the Healthcare Information and Management Systems Society ("HIMSS") where he is a member of the Privacy and Security Toolkit Task Force. He holds a Masters Degree from Steven's Institute.

  9. Privacy, Personhood, Product, Profit

    Privacy is a human right, with firm grounding in human rights conventions adopted by most countries and implemented in remarkably consistent laws throughout the world. Yet, personal information also has commercial applications and implications. What are the tenets of privacy as a human right? What are the “personal information as property” ideas? Are they irreconcilable? When it comes to protection of privacy and personal data, who’s in charge, who benefits, how and where do benefits flow, and who gets a piece of the pie? What lessons from other legal and social disciplines might inform protection of privacy and personal data in the ubiquitous information environment?

    Deborah Hurley received the Namur Award of the International Federation of Information Processing in recognition of outstanding contributions, with international impact, to awareness of social implications of information technology. She is the author of Pole Star: Human Rights in the Information Society, "Information Policy and Governance" in Governance in a Globalizing World, and other publications. At the Organization for Economic Cooperation and Development, in Paris, France, she was responsible for drafting, negotiation and adoption of the OECD Guidelines for the Security of Information Systems. Hurley is Chair, Board of Directors, Electronic Privacy Information Center (EPIC). She directed the Harvard University Information Infrastructure Project and carried out a Fulbright study in Korea.

  10. Biometrics In Beta – India's Identity Experiment

    India's identity juggernaut - the Unique Identity (UID) project that has registered around 450 million people and is yet to be fully realized - is already the world's largest biometrics identity scheme. Based on the premise that centralized de-duplication and authentication will establish uniqueness and eliminate fraud, it is hailed as a game changer and a silver bullet that will solve myriad problems and improve welfare delivery, yet its conception and architecture raise significant concerns. In addition to the UID project, there is a slew of "Big Brother" systems that together form a matrix of identity and surveillance schemes: the UID is intended as a common identifier across this matrix as well as other public and private databases. Indian authorities frame Big Data as a panacea for fraud, corruption and abuse, without apprehending the further fraud, corruption and abuse that joined up databases can themselves engender. The creation of a privacy-invading technology layer not simply as a barrier to online participation but to social participation writ large is not fully appreciated by policy makers. Malavika will provide an overview of the identity landscape including the implications for privacy and free speech, and more broadly, democracy and openness.

    Malavika is a Fellow at the Berkman Center for Internet and Society at Harvard, focusing on privacy, identity and free expression, especially in the context of India's biometric ID project. A Fellow at the Centre for Internet and Society, Bangalore, she is the author of the India chapter for the Data Protection & Privacy volume in the Getting the Deal Done series.
She is one of 10 Indian lawyers in The International Who's Who of Internet e-Commerce & Data Protection Lawyers directory. In August 2013, she was voted one of India's leading lawyers - one of only 8 women to be featured in the "40 under 45" survey conducted by Law Business Research, London. In a different life, she spent 8 years in London, practicing law with global law firm Allen & Overy in the Communications, Media & Technology group, and as VP and Technology Counsel at Citigroup. During 2012-2013, She was a Visiting Scholar at the Annenberg School for Communication, University of Pennsylvania.

Prior Sessions

Spring 2013 | Fall 2012 | Spring 2012 | Fall 2011

Copyright © 2012-2014. President and Fellows Harvard University.   |   IQSS   |    Data Privacy Lab