Privacy Research Group

ILI Privacy Research Group Logo

The Privacy Research Group is a weekly meeting of students, professors, and industry professionals who are passionate about exploring, protecting, and understanding privacy in the digital age.

Joining PRG

Because we deal with early-stage work in progress, attendance at meetings of the Privacy Research Group is generally limited to researchers and students who can commit to ongoing participation in the group. To discuss joining the group, please contact Kathryn Taylor. If you are interested in these topics, but cannot commit to ongoing participation in PRG, you may wish to join the PRG-All mailing list.
PRG Student Fellows—Student members of PRG have the opportunity to become Student Fellows. Student Fellows help bring the exciting developments and ideas of the Research Group to the outside world. The primary Student Fellow responsibility is to maintain an active web presence through the ILI student blog, reporting on current events and developments in the privacy field and bringing the world of privacy research to a broader audience. Fellows also have the opportunity to help promote and execute exciting events and colloquia, and even present to the Privacy Research Group. Student Fellow responsibilities are a manageable and enjoyable addition to the regular meeting attendance required of all PRG members. The Student Fellow position is the first step for NYU students into the world of privacy research. Interested students should email Student Fellow Coordinator Kathryn Taylor with a brief (1-2 paragraph) statement of interest or for more information.

PRG Calendar

Fall 2022

September 21: Mark Verstraete - Adversarial Information Law

     ABSTRACT: American information privacy law has tacitly accepted anti-adversarialism in existing law and popular proposals for reform. Rather than accepting conflict between users and platforms, privacy law has both implicitly and explicitly insisted on cooperation between these two opposing groups. This Article contends that the anti-adversarial turn in information privacy law is ineffective and normatively undesirable. As political theorists have long recognized, adversarialism—or conflict between mutually opposed groups—provides important benefits. Adversarialism is necessary to create social differentiation that is foundational for the formation of political identity and, moreover, adversarialism restores passion to politics and acts as a bulwark against stagnation resignation.

September 14: Aniket Kesari - Do Data Breach Notification Laws Work?

     ABSTRACT: Over 2.8 million Americans have reported being victims identify theft in recent years, costing the U.S. economy at least $13 billion in 2020. In response to this growing problem, all 50 states have enacted some form of data breach notification law in the past 20 years. Despite their prevalence, evaluating the efficacy of these laws remains elusive. This Article fills this gap, while further creating a new taxonomy to understand when these laws work and when they do not. Legal scholars have generally treated data breach notification laws as doing just one thing—disclosing information to consumers. But this approach ignores rich variation: differences in disclosure requirements to regulators and credit monitoring agencies; varied mechanisms for public and private enforcement; and a range of thresholds that define how firms should assess the likelihood that a data breach will ultimately harm consumers. This Article leverages the Federal Trade Commission’s Consumer Sentinel database to build a comprehensive dataset measuring identity theft report rates since 2000. Using staggered adoption synthetic control – a popular method for policy evaluation that has yet to be widely applied in empirical legal studies – this Article finds that whether identify theft laws work depends on which of these different strands of legal provisions are employed. In particular, while baseline disclosure requirements and private rights of action have small effects, requiring firms to notify state regulators reduces identity theft report rates by approximately 10%. And surprisingly, laws that fail to exclude low-risk breaches from reporting requirements are counterproductive, increasing identify theft report rates by 4%. The Article ties together these results within a functional typology: namely, whether legal provisions (1) enable consumer mitigation of data breach harms, or (2) encourage organizations to invest in better data security. It explains how these results and typology provide lessons for current federal and state proposals to expand or amend the scope of breach notification laws. A new federal law that simply mimics existing baseline requirements is unlikely to have an additional effect and may preempt further innovations. At the state level, introducing private rights of action may help at the margins, but likely suffers from well-identified issues of adequately establishing standing and damages. States that close loopholes surrounding breach requirements for encrypted data see lower identity-theft report rates, which suggests that other states may be wise to tighten these requirements as well. Looking forward, states should experiment with solutions such as automatically enrolling consumers in identity theft protection services or providing direct incentives for strong data security.

Spring 2022

April 27: Stefan Bechtold - Algorithmic Explanations in the Field

     ABSTRACT: The increasing use of algorithms in legal and economic decision-making has led to calls for a "right to explanation" for decision subjects. Such explanations are desired in particular where decision-making algorithms are opaque, for example with machine learning or artificial intelligence. Even a specified right to explanation leaves open many questions, in particular how decisions made by black-box algorithms can and should be explained. In this project, we propose an organizing framework for explanations of algorithmic decision-making. Drawing on this framework, we design a controlled field experiment to produce evidence on how decision subjects perceive and respond to different types of explanations. We thereby analyze the possible behavioral effects of a right to explanation and investigate what types of explanations might be legally and ethically useful for human decision subjects.

April 20: Molly de Blanc - Employing the Right to Repair to Address Consent Issues in Implanted Medical Devices

    ABSTRACT: I'll be discussing a part of my thesis project. I'm interested in the role repair (inclusive of modification and customization) could play in addressing inadequacies of consent for empowering implanted medical device patients (those with, e.g., pacemaker-defibrillators, neurostimulation/neuromodulation devices, optical implants, and various diabetes, blood glucose monitoring, and insulin control devices). These consent issues relate to the limits implanted medical device patients face in retracting or modifying consent to their devices once consent is given. In addition to a software-focused discussion on repair, I advocate for people to control their data for their own sake and for the sake of others. This project takes inspiration from the #WereNotWaiting diabetes movement, OpenAPS and Nightscout, the work of advocates like Hugo Campos, Dana Lewis, Karen Sandler, and Ben West, and lots of anecdotes.

April 13: Sergio Alonso de Leon - IP law in the data economy: The problematic role of trade secrets and database rights for the emerging data access rights

     ABSTRACT: Who has the data? Who gets access to it? The way in which we answer these questions is profoundly consequential. In the fast-evolving context of the data economy, we should deliberate on how we relate to private claims on data and information in our society. There is no specific property framework for data, yet existing instruments of IP law can help to define a zone of exclusivity. This piece asks a series of questions this much needed conversation; what data means for the law; why the law should foster data sharing, sometimes overcoming the reluctance of data holders; and whether claims over data based on instruments in the orbit of IP are legitimate. I vindicate two main ideas: data is a new, different ‘object of the law’; and trade secrets and sui generis database rights can be instrumentalised to erect ‘legal walls’ around data.

April 6: Michelle Shen – Criminal Defense Strategy and Brokering Innovation in the Digital and Scientific Era: Justice for Whom?

     ABSTRACT: As the use of science and technology increases in the US criminal justice system (CJS), scholars and CJS practitioners debate whether it promotes public safety or contributes to the mass incarceration of low-income communities of color. In assessing the impact of technological advances on the CJS, empirical studies typically focus on law enforcement or on government. This paper offers the perspective of public defender offices through mixed-methods network analysis of the DNA Unit and Digital Forensics Unit (DFU) at The Legal Aid Society. It finds: 1) public defender offices resemble collegial organizational structures, which allow for variance in structure, 2) that differences in types of science correspond to the units’ differences in their optimal patterns of legal and scientific advice exchange to distribute knowledge, and 3) greater levels of reciprocal scientific advice-seeking from attorneys correspond to greater levels of reciprocal legal advice-seeking. While attorneys specializing in the use of DNA science (DNA Unit) depended on each other for both legal and scientific advice, attorneys specializing in digital forensics (DFU) primarily depended on each other for legal advice and on on-site technologists for scientific advice. DNA Unit attorneys also exchanged greater levels of advice with each other overall. This paper theorizes that this difference is due to the differences between the development of DNA science (well-established by academic literature) and that of digital forensics (a constantly evolving field). Furthermore, the positive correlation between reciprocal scientific advice-seeking and legal advice-seeking in the DNA Unit implies that as technology and science are integrated into the legal system overall, the epistemology of the legal constructions of truth and justice itself necessarily change. However, most public defender offices do not have adequate resources to afford on-site scientists and technologists. Therefore, the increased use of technology and the deprivation of defense counsel resources raises serious concerns for amplifying mass incarceration. Michelle Shen is a current law student at The University of Chicago. This project was conducted as her MSc Sociology dissertation at The University of Oxford. She will be working at the Center for Democracy and Technology and will return to LAS this summer at the Digital Forensics Unit (the subject of the project below). She aims to contribute to socio-legal research on networks, technology, and law throughout her legal career. Accordingly, she would love any feedback on how to tighten up her research and any relevant questions in the law it may raise.

March 30: Elettra Bietti – From Data to Attention Infrastructures: Regulating Extraction in the Attention Platform Economy

     ABSTRACT: Rethinking the regulation of advertising-based platform business models such as Facebook/Meta and Google/Alphabet, which I call attention platforms, is an urgent task. Two decades of regulatory apathy and intellectual fragmentation have produced siloed approaches to the regulation of data and content that leave many urgent political, economic and environmental issues unaddressed. In this paper, I argue that current approaches to regulating data and datafication – in particular approaches that regulate personal data or approaches that focus on social data – fail to address the most pervasive forms of extraction and harm in the attention platform economy: those that stem from addiction, over-consumption, virality, and fragmentation of the public sphere. Data governance is structurally unequipped to prioritize the emergence of just attention infrastructures. Shifting priorities, I argue, requires a move toward horizontal power to shape attention infrastructures, focus on more just advertising and funding systems, and experimentation with attention minimization measures, that is friction and incentives against attention capture.

March 23: Aniket Kesari - A Computational Law & Economics Toolkit for Balancing Privacy and Fairness in Consumer Law

     ABSTRACT: Both law and computer science are concerned with developing frameworks for protecting privacy and ensuring fairness. Both fields often consider these two values separately and develop legal doctrines and machine learning metrics in isolation from one another. Yet, privacy and fairness values can conflict, especially when considered alongside the utility of an algorithm. The computer science literature often treats this problem as an “impossibility theorem" - we can have privacy or fairness but not both. Legal doctrine is similarly constrained by a focus on the inputs to a decision - did the decisionmaker intend to use information about protected attributes. Despite these challenges, there is a way forward. The law has integrated economic frameworks to consider tradeoffs in other domains, and a similar approach can clarify policymakers’ thinking around balancing utility, privacy, and fairnesss. This piece illustrates this idea by bridging the law and computer science literatures, using a law & economics lens to formalize the notion of a Privacy-Fairness-Utility frontier, and demonstrating this framework on a consumer lending dataset. An open-source Python software library and GUI will be made available to assist regulators and academics in conducting algorithmic audits using this framework.

March 9: Gabriel Nicholas - Administering Social Data: Lessons for Social Media from Other Sectors

     ABSTRACT: As the problems of competition, misinformation, and heightened political polarization grow more salient for social media companies, there is increased pressure on these companies to grant certain outsiders access to social data. Granting access has several benefits: it can aid understanding of the dynamics of online communication, further social scientific research, develop robust independent analysis of algorithmic decision-making, and guide effective regulation. Yet access is not without controversy. Privacy advocates raise concerns over the sensitivity of social data held by companies and the spotty track record of governments and researchers in using access to such data responsibly. In addition, companies that gather and hold this data raise concerns over trade secrecy: social data is a key component of how companies maintain a competitive advantage, allowing them to develop better algorithmic products and reap the benefits of network effects. Navigating the Scylla and Charybdis of privacy and trade secrecy poses a notable challenge to realizing the benefits of social data sharing. This year, I am working on two projects that relate to giving researchers access to social media data. The first is an inchoate law review article with Salome Viljoen and Chris Morten on what lessons can be learned from the data governance mechanisms around sharing medical data. The other is a research paper I am working on at the Center for Democracy & Technology about lessons social media can learn from how other sectors share data with researchers. These are very early stage products so I look forward to your feedback and inspiration!

March 2: Jiaying Jiang - Central Bank Digital Currencies and Consumer Privacy Protection

February 23: Aileen Nielsen & Karel Kubicek - How Does Law Make Code? The Timing and Content of Open Source Responses to GDPR and CCPA

     ABSTRACT: How does law make its way into code? Concrete and richly textured examples of how law creates or modifies computer code could provide crucial feedback to legislators and policymakers on the dynamics of how and when law shapes computer code. With the advent of recent data protection laws alongside substantial gains in the size, scope, and relevance of open source software, there is a novel opportunity to study the dynamics of how and when law shapes code. We will present an early stage study to construct a novel data set to address questions relating to the behavioral and temporal dynamics of how open source communities have responded to recent data protection statutes.

February 16: Stein - Unintended Consequences: How Data Protection Laws Leave our Data Less Protected

     ABSTRACT: Over the past two decades, regulators have enacted hundreds of measures to prevent and mitigate the harms of data breaches. Yet the frequency, scope, and harm of data breaches continue to rise steadily. Most policymakers and commentators agree: the law doesn’t hold firms sufficiently accountable when they fail to protect their user’s data, resulting in private under-investment in data security. This article presents an alternative explanation for the apparent failure of data breach laws. Rather than failing to induce the right _level_ of investment, this paper argues that current laws encourage the wrong _allocation_ of resources.

This explanation builds on three observations:

First, the ability to detect breaches depends on the relative sophistication of the attacker and defender. On average, a breach eludes detection for over half a year, not counting the unknown number of never-discovered breaches. Current laws focus on preventing breaches entirely or mitigating the costs of discovered breaches. The duration and detectability of breaches—major areas of focus in cybersecurity practice—are conspicuously absent from the literature on data policy. Second, the shift to “cloud” and mobile computing in the late ‘00s triggered a wave of specialization and reliance on community-maintained infrastructure. The most severe failures of data protection in the past decade originated from failures in these communal infrastructures. Policy and scholarship almost exclusively focus on the efforts and discoveries of individual firms; when a firm discovers a breach, they assume responsibility for mitigating it. The increased cost of taking responsibility for shared infrastructure exacerbates an already problematic collective action problem. Finally, there is a massive labor shortage in information security. The recent exponential growth of data use creates a similar growth in the need for trained security engineers. Yet no vocational or university training pipeline exists, and apprenticeship-based training has failed to meet demand. For some important classes of data protection work, the number of experienced security experts is essentially fixed. These observations combine to paint a dire picture. The current legal regime directs much of the limited supply of skilled security expertise _away_ from the parts of the internet most in need of protection, leaving common infrastructure more likely to face undetectable attacks. Consumers may never find out how they lost control of their data, leaving no opportunity for mitigation or redress. While these dynamics are new to the internet, they are not unique to data and software. Drawing on lessons from environmental and aircraft safety regulations, this paper suggests that augmenting current data breach laws with strategic infrastructure investment and public-private partnerships could mitigate these failures.

February 9: Stav Zeitouni - Propertization in Information Privacy

     ABSTRACT:  After lying dormant for some years, the information privacy propertization debates are upon us again. In both the past and the present, much is made of the question of whether information privacy should be propertized in these discussions. By contrast, I argue that the way information privacy has been legislated, propertization is, in several important ways, a descriptive fact. Supporting this claim requires an exploration of what legislated information privacy entails, along with an elucidation of the meaning of propertization. Therefore, I begin by examining three prominent data protection laws (the EU’s GDPR, California’s CCPA, and China’s PIPL), focusing on two of the main loci of these kinds of laws: individual control and personal data. From here it is easier to explore the question of what it means for an area of law to be “propertized”. In particular, I identify three facets of propertization that show that information privacy is well on its way to being propertized. First, propertization occurs when the language and discourse of ownership and property becomes more prevalent in relation to information privacy. Calls for protecting “my data” or, even more pointedly, assigning property rights in data, are the most relevant examples of this discourse. It is sometimes difficult, however, to gauge what kind of entitlements these calls contemplate. To clarify these, and to assess whether they comport with typical property entitlements, another level of analysis is needed. The second facet wrestles with several theories regarding the structure and core of property (bundle of rights, new essentialism, pluralism, etc.) Even without settling this debate, it is possible to identify several general entitlements which are commonly (though not always) found in property and which are increasingly found in information privacy as well. Finally, the third facet of propertization draws connections between specific entitlements as legislated in data protection laws and particular property entitlements legislated in other laws. Through a series of concrete examples I hope to show how a particular kind of control links property entitlements to existing data protection entitlements.

February 2: Ben Sundholm - AI in Clinical Practice: Reconceiving the Black-Box Problem

     ABSTRACT: Today, data is being collected and analyzed on a massive scale to enhance healthcare and medicine. This phenomenon affords many benefits, but it also poses significant challenges. The so-called “black-box problem” is among the most serious of such challenges. The black-box problem refers to the fact that the opaque nature of some artificial intelligence (AI) systems means clinicians cannot fully understand the cascade of calculations producing certain outputs. When clinicians rely on AI outputs to treat patients, but they cannot fully understand how the AI technology arrived at the conclusion it did, who is responsible when an AI recommendation results in an injury to a patient? I propose that we consider whether common enterprise liability (CEL) can address the concerns raised by the black-box problem. Although there are several available justifications for CEL (e.g., placing liability in the hands of the cheapest cost avoider), I propose a rational justification for applying CEL to the black-box problem. My proposal draws heavily from Alan Gewirth’s principle of generic consistency. I intend my suggestions to be conversation starters rather than definitive claims.

January 26: Mark Verstraete - Probing Personal Data

     ABSTRACT: Personal data is an essential concept within privacy law. As Schwartz and Solove suggest in their groundbreaking paper on personal information, the boundaries of privacy are fixed by personal data. That is, personal data is required for privacy claims and, by contrast, without personal data any claims are not “privacy” claims. While personal data marks the boundaries of privacy and offers a triggering condition for privacy claims, the boundaries of personal data remain contested. We argue that merely analyzing the connection between a person and information does not capture what is unique about data. Instead, we argue that personal data as a coherent concept depends on how data is used. To account for the role of use, we introduce the philosophical concept separability in order to make determinations about which uses are connected to the person and which are not. We argue that separability provides a desirable foundation for crafting a theory of personal data that captures individual interests in data. Separability marks an improvement both conceptually and normatively over earlier theories of personal data. Conceptually, separability allows us to better identify when a person’s interest are at stake which is the foundational question for determining when information should be treated as personal data. Normatively, separability provides a rigorous philosophical foundation to privacy law that better incorporates autonomy and dignity values thus better offsetting modern privacy harms like manipulation.

Fall 2021

December 1: Ira Rubinstein & Tomer Kenneth - Health Misinformation, Online Platforms, and Government Action
November 17: Aileen Nielsen - Can an algorithm be too accurate?
November 10: Thomas Streinz - Data Capitalism
November 3: Barbara Kayondo - A Governance Framework for Enhancing Patient’s Data Privacy Protection in Electronic Health Information Systems
October 27: Sebastian Benthal - Fiduciary Duties for Computational Systems
October 20: Jiang Jiaying -  Technology-Enabled Co-Regulation as a New Regulatory Approach to Blockchain Implementation
October 13: Aniket Kesari - Privacy Law Diffusion Across U.S. State Legislatures
October 6: Katja Langenbucher - The EU Proposal for an AI Act – tested on algorithmic credit scoring
September 29: Francesca Episcopo - PrEtEnD – PRivate EnforcemenT in the EcoNomy of Data
September 22: Ben Green - The Flaws of Policies Requiring Human Oversight of Government Algorithms
September 15: Ari Waldman - Misinformation Project in Need of Pithy

Spring 2021

April 16:Tomer Kenneth — Public Officials on Social Media
April 9: Thomas Streinz — The Flawed Dualism of Facebook's Oversight Board
April 2: Gabe Nicholas — Have Your Data and Eat it Too: Bridging the Gap between Data Sharing and Data Protection
March 26: Ira Rubinstein  — Voter Microtargeting and the Future of Democracy
March 19: Stav Zeitouni
March 12: Ngozi Nwanta
March 5: Aileen Nielsen
February 26: Tom McBrien
February 19: Ari Ezra Waldman
February 12: Albert Fox Cahn
February 5: Salome Viljoen & Seb Benthall — Data Market Discipline: From Financial Regulation to Data Governance
January 29: Mason Marks  — Biosupremacy: Data Protection, Antitrust, and Monopolistic Power Over Human Behavior

Fall 2020

December 4: Florencia Marotta-Wurgler & David Stein — Teaching Machines to Think Like Lawyers
November 20: Andrew Weiner
November 6: Mark Verstraete — Cybersecurity Spillovers
October 30: Ari Ezra Waldman — Privacy Law's Two Paths
October 23: Aileen Nielsen — Tech's Attention Problem
October 16: Caroline Alewaerts — UN Global Pulse
October 9: Salome Viljoen — Data as a Democratic Medium: From Individual to Relational Data Governance
October 2: Gabe Nicholas — Surveillance Delusion: Lessons from the Vietnam War
September 25: Angelina Fisher & Thomas Streinz — Confronting Data Inequality
September 18: Danny Huang — Watching loTs That Watch Us: Studying loT Security & Privacy at Scale
September 11: Seb Benthall — Accountable Context for Web Applications

Spring 2020

April 29: Aileen Nielsen — "Pricing" Privacy: Preliminary Evidence from Vignette Studies Inspired by Economic Anthropology
April 22: Ginny Kozemczak — Dignity, Freedom, and Digital Rights: Comparing American and European Approaches to Privacy
April 15: Privacy and COVID-19 Policies
April 8: Ira Rubinstein — Urban Privacy
April 1: Thomas Streinz — Data Governance in Trade Agreements: Non-territoriality of Data and Multi-Nationality of Corporations
March 25: Christopher Morten — The Big Data Regulator, Rebooted: Why and How the FDA Can and Should Disclose Confidential Data on Prescription Drugs
March 4: Lilla Montanagni — Regulation 2018/1807 on the Free Flow of Non Personal Data: Yet Another Piece in the Data Puzzle in the EU?
February 26: Stein — Flow of Data Through Online Advertising Markets
February 19: Seb Benthall — Towards Agend-Based Computational Modeling of Informational Capitalism
February 12: Yafit Lev-Aretz & Madelyn Sanfilippo — One Size Does Not Fit All: Applying a Single Privacy Policy to (too) Many Contexts
February 5: Jake Goldenfein & Seb Benthall — Data Science and the Decline of Liberal Law and Ethics
January 29: Albert Fox Cahn — Reimagining the Fourth Amendment for the Mass Surveillance Age
January 22: Ido Sivan-Sevilia — Europeanization on Demand? The EU's Cybersecurity Certification Regime Between the Rationale of Market Integration and the Core Functions of the State


Fall 2019

December 4: Ari Waldman — Discussion on Proposed Privacy Bills
November 20: Margarita Boyarskaya & Solon Barocas [joint work with Hanna Wallach] — What is a Proxy and why is it a Problem?
November 13: Mark Verstraete & Tal Zarsky — Data Breach Distortions
November 6: Aaron Shapiro — Dynamic Exploits: Calculative Asymmetries in the On-Demand Economy
October 30: Tomer Kenneth — Who Can Move My Cheese? Other Legal Considerations About Smart-Devices
October 23: Yafit Lev-Aretz & Madelyn Sanfilippo — Privacy and Religious Views
October 16: Salome Viljoen — Algorithmic Realism: Expanding the Boundaries of Algorithmic Thought
October 9: Katja Langenbucher — Responsible A.I. Credit Scoring
October 2: Michal Shur-Ofry — Robotic Collective Memory   
September 25: Mark Verstraete — Inseparable Uses in Property and Information Law
September 18: Gabe Nicholas & Michael Weinberg — Data, To Go: Privacy and Competition in Data Portability 
September 11: Ari Waldman — Privacy, Discourse, and Power

Spring 2019

April 24: Sheila Marie Cruz-Rodriguez — Contractual Approach to Privacy Protection in Urban Data Collection
April 17: Andrew Selbst — Negligence and AI's Human Users
April 10: Sun Ping — Beyond Security: What Kind of Data Protection Law Should China Make?
April 3: Moran Yemini — Missing in "State Action": Toward a Pluralist Conception of the First Amendment
March 27: Nick Vincent — Privacy and the Human Microbiome
March 13: Nick Mendez — Will You Be Seeing Me in Court? Risk of Future Harm, and Article III Standing After a Data Breach
March 6: Jake Goldenfein — Through the Handoff Lens: Are Autonomous Vehicles No-Win for Users
February 27: Cathy Dwyer — Applying the Contextual Integrity Framework to Cambride Analytica
February 20: Ignacio Cofone & Katherine Strandburg — Strategic Games and Algorithmic Transparency
February 13: Yan Shvartshnaider — Going Against the (Appropriate) Flow: A Contextual Integrity Approach to Privacy Policy Analysis
January 30: Sabine Gless — Predictive Policing: In Defense of 'True Positives'

Fall 2018

December 5: Discussion of current issues
November 28: Ashley Gorham — Algorithmic Interpellation
November 14: Mark Verstraete — Data Inalienabilities
November 7: Jonathan Mayer — Estimating Incidental Collection in Foreign Intelligence Surveillance
October 31: Sebastian Benthall — Trade, Trust, and Cyberwar
October 24: Yafit Lev-Aretz — Privacy and the Human Element
October 17: Julia Powles — AI: The Stories We Weave; The Questions We Leave
October 10: Andy Gersick — Can We Have Honesty, Civility, and Privacy Online? Implications from Evolutionary Theories of Animal and Human Communication
October 3: Eli Siems — The Case for a Disparate Impact Regime Covering All Machine-Learning Decisions
September 26: Ari Waldman — Privacy's False Promise
September 19: Marijn Sax — Targeting Your Health or Your Wallet? Health Apps and Manipulative Commercial Practices
September 12: Mason Marks — Algorithmic Disability Discrimination

Spring 2018

May 2: Ira Rubinstein Article 25 of the GDPR and Product Design: A Critical View [with Nathan Good and Guilermo Monge, Good Research]
April 25: Elana Zeide — The Future Human Futures Market
April 18: Taylor Black — Performing Performative Privacy: Applying Post-Structural Performance Theory for Issues of Surveillance Aesthetics
April 11: John Nay Natural Language Processing and Machine Learning for Law and Policy Texts
April 4: Sebastian Benthall — Games and Rules of Information Flow
March 28: Yann Shvartzshanider and Noah Apthorpe Discovering Smart Home IoT Privacy Norms using Contextual Integrity    
February 28: Thomas Streinz TPP’s Implications for Global Privacy and Data Protection Law

February 21: Ben Morris, Rebecca Sobel, and Nick Vincent — Direct-to-Consumer Sequencing Kits: Are Users Losing More Than They Gain?
February 14: Eli Siems — Trade Secrets in Criminal Proceedings: The Battle over Source Code Discovery
February 7: Madeline Bryd and Philip Simon Is Facebook Violating U.S. Discrimination Laws by Allowing Advertisers to Target Users?
January 31: Madelyn Sanfilippo Sociotechnical Polycentricity: Privacy in Nested Sociotechnical Networks 
January 24: Jason Schultz and Julia Powles Discussion about the NYC Algorithmic Accountability Bill

Fall 2017

November 29: Kathryn Morris and Eli Siems Discussion of Carpenter v. United States
November 15:Leon Yin Anatomy and Interpretability of Neural Networks
November 8: Ben Zevenbergen Contextual Integrity for Password Research Ethics?
November 1: Joe Bonneau An Overview of Smart Contracts
October 25: Sebastian Benthall Modeling Social Welfare Effects of Privacy Policies
October 18: Sue Glueck Future-Proofing the Law
October 11: John Nay — Algorithmic Decision-Making Explanations: A Taxonomy and Case Study
October 4:Finn Bruton — 'The Best Surveillance System we Could Imagine': Payment Networks and Digital Cash
September 27: Julia Powles Promises, Polarities & Capture: A Data and AI Case Study
September 20: Madelyn Rose Sanfilippo AND Yafit Lev-Aretz — Breaking News: How Push Notifications Alter the Fourth Estate
September 13: Ignacio Cofone — Anti-Discriminatory Privacy

Spring 2017

April 26: Ben Zevenbergen Contextual Integrity as a Framework for Internet Research Ethics
April 19: Beate Roessler Manipulation
April 12: Amanda Levendowski Conflict Modeling
April 5: Madelyn Sanfilippo Privacy as Commons: A Conceptual Overview and Case Study in Progress
March 29: Hugo Zylberberg Reframing the fake news debate: influence operations, targeting-and-convincing infrastructure and exploitation of personal data
March 22: Caroline Alewaerts, Eli Siems and Nate Tisa will lead discussion of three topics flagged during our current events roundups: smart toys, the recently leaked documents about CIA surveillance techniques, and the issues raised by the government’s attempt to obtain recordings from an Amazon Echo in a criminal trial. 
March 8: Ira Rubinstein Privacy Localism
March 1: Luise Papcke Project on (Collaborative) Filtering and Social Sorting
February 22: Yafit Lev-Aretz and Grace Ha (in collaboration with Katherine Strandburg) Privacy and Innovation     
February 15: Argyri Panezi Academic Institutions as Innovators but also Data Collectors - Ethical and Other Normative Considerations
February 8: Katherine Strandburg Decisionmaking, Machine Learning and the Value of Explanation
February 1: Argyro Karanasiou A Study into the Layers of Automated Decision Making: Emergent Normative and Legal Aspects of Deep Learning
January 25: Scott Skinner-Thompson Equal Protection Privacy

Fall 2016

December 7: Tobias Matzner The Subject of Privacy
November 30: Yafit Lev-Aretz Data Philanthropy
November 16: Helen Nissenbaum Must Privacy Give Way to Use Regulation?
November 9: Bilyana Petkova Domesticating the "Foreign" in Making Transatlantic Data Privacy Law
November 2: Scott Skinner-Thompson Recording as Heckling
October 26: Yan Shvartzhnaider Learning Privacy Expectations by Crowdsourcing Contextual Informational Norms
October 19: Madelyn Sanfilippo Privacy and Institutionalization in Data Science Scholarship
October 12: Paula Kift The Incredible Bulk: Metadata, Foreign Intelligence Collection, and the Limits of Domestic Surveillance Reform

October 5: Craig Konnoth Health Information Equity
September 28: Jessica Feldman the Amidst Project
September 21: Nathan Newman UnMarginalizing Workers: How Big Data Drives Lower Wages and How Reframing Labor Law Can Restore Information Equality in the Workplace
September 14: Kiel Brennan-Marquez Plausible Cause

Spring 2016

April 27: Yan Schvartzschnaider Privacy and loT AND Rebecca Weinstein - Net Neutrality's Impact on FCC Regulation of Privacy Practices
April 20: Joris van Hoboken Privacy in Service-Oriented Architectures: A New Paradigm? [with Seda Gurses]

April 13: Florencia Marotta-Wurgler Who's Afraid of the FTC? Enforcement Actions and the Content of Privacy Policies (with Daniel Svirsky)

April 6: Ira Rubinstein Big Data and Privacy: The State of Play

March 30: Clay Venetis Where is the Cost-Benefit Analysis in Federal Privacy Regulation?

March 23: Diasuke Igeta An Outline of Japanese Privacy Protection and its Problems
; Johannes Eichenhofer Internet Privacy as Trust Protection

March 9: Alex Lipton Standing for Consumer Privacy Harms

March 2: Scott Skinner-Thompson Pop Culture Wars: Marriage, Abortion, and the Screen to Creed Pipeline [with Professor Sylvia Law]

February 24: Daniel Susser Against the Collection/Use Distinction

February 17: Eliana Pfeffer Data Chill: A First Amendment Hangover

February 10: Yafit Lev-Aretz Data Philanthropy

February 3: Kiel Brennan-Marquez Feedback Loops: A Theory of Big Data Culture

January 27: Leonid Grinberg But Who BLocks the Blockers? The Technical Side of the Ad-Blocking Arms Race

Fall 2015

December 2: Leonid Grinberg But Who BLocks the Blockers? The Technical Side of the Ad-Blocking Arms Race AND Kiel Brennan-Marquez - Spokeo and the Future of Privacy Harms
November 18: Angèle Christin - Algorithms, Expertise, and Discretion: Comparing Journalism and Criminal Justice
November 11: Joris van Hoboken Privacy, Data Sovereignty and Crypto
November 4: Solon Barocas and Karen Levy Understanding Privacy as a Means of Economic Redistribution
October 28: Finn Brunton Of Fembots and Men: Privacy Insights from the Ashley Madison Hack

October 21: Paula Kift Human Dignity and Bare Life - Privacy and Surveillance of Refugees at the Borders of Europe
October 14: Yafit Lev-Aretz and co-author, Nizan Geslevich Packin Between Loans and Friends: On Soical Credit and the Right to be Unpopular
October 7: Daniel Susser What's the Point of Notice?
September 30: Helen Nissenbaum and Kirsten Martin Confounding Variables Confounding Measures of Privacy
September 23: Jos Berens and Emmanuel Letouzé Group Privacy in a Digital Era
September 16: Scott Skinner-Thompson Performative Privacy

September 9: Kiel Brennan-Marquez Vigilantes and Good Samaritan

Spring 2015

April 29: Sofia Grafanaki Autonomy Challenges in the Age of Big Data; David Krone Compliance, Privacy and Cyber Security Information Sharing; Edwin Mok Trial and Error: The Privacy Dimensions of Clinical Trial Data Sharing; Dan Rudofsky Modern State Action Doctrine in the Age of Big Data

April 22: Helen Nissenbaum Respect for Context' as a Benchmark for Privacy: What it is and Isn't
April 15: Joris van Hoboken From Collection to Use Regulation? A Comparative Perspective
April 8: Bilyana Petkova
 Privacy and Federated Law-Making in the EU and the US: Defying the Status Quo?
April 1: Paula Kift — Metadata: An Ontological and Normative Analysis

March 25: Alex Lipton — Privacy Protections for the Secondary User of Consumer-Watching Technologies

March 11: Rebecca Weinstein (Cancelled)
March 4: Karen Levy & Alice Marwick — Unequal Harms: Socioeconomic Status, Race, and Gender in Privacy Research

February 25 : Luke Stark — NannyScam: The Normalization of Consumer-as-Surveillorm

February 18: Brian Choi A Prospect Theory of Privacy

February 11: Aimee Thomson — Cellular Dragnet: Active Cell Site Simulators and the Fourth Amendment

February 4: Ira Rubinstein — Anonymity and Risk

January 28: Scott Skinner-Thomson Outing Privacy


Fall 2014

December 3: Katherine Strandburg — Discussion of Privacy News [which can include recent court decisions, new technologies or significant industry practices]

November 19: Alice Marwick — Scandal or Sex Crime? Ethical and Privacy Implications of the Celebrity Nude Photo Leaks

November 12: Elana Zeide — Student Data and Educational Ideals: examining the current student privacy landscape and how emerging information practice and reforms implicate long-standing social and legal traditions surrounding education in America. The Proverbial Permanent Record [PDF]

November 5: Seda Guerses — Let's first get things done! On division of labor and practices of delegation in times of mediated politics and politicized technologies
October 29:Luke Stark — Discussion on whether “notice” can continue to play a viable role in protecting privacy in mediated communications and transactions given the increasing complexity of the data ecology and economy.
Kristen Martin — Transaction costs, privacy, and trust: The laudable goals and ultimate failure of notice and choice to respect privacy online

Ryan Calo — Against Notice Skepticism in Privacy (and Elsewhere)

Lorrie Faith Cranor — Necessary but Not Sufficient: Standardized Mechanisms for Privacy Notice and Choice
October 22: Matthew Callahan — Warrant Canaries and Law Enforcement Responses
October 15: Karen Levy — Networked Resistance to Electronic Surveillance
October 8: Joris van Hoboken —  The Right to be Forgotten Judgement in Europe: Taking Stock and Looking Ahead

October 1: Giancarlo Lee — Automatic Anonymization of Medical Documents
September 24: Christopher Sprigman — MSFT "Extraterritorial Warrants" Issue 

September 17: Sebastian Zimmeck — Privee: An Architecture for Automatically Analyzing Web Privacy Policies [with Steven M. Bellovin]
September 10: Organizational meeting

Spring 2014

April 30: Seda Guerses — Privacy is Security is a prerequisite for Privacy is not Security is a delegation relationship
April 23: Milbank Tweed Forum Speaker — Brad Smith: The Future of Privacy
April 16: Solon Barocas — How Data Mining Discriminates - a collaborative project with Andrew Selbst, 2012-13 ILI Fellow
March 12: Scott Bulua & Amanda Levendowski — Challenges in Combatting Revenge Porn

March 5: Claudia Diaz — In PETs we trust: tensions between Privacy Enhancing Technologies and information privacy law: The presentation is drawn from a paper, "Hero or Villain: The Data Controller in Privacy Law and Technologies” with Seda Guerses and Omer Tene.

February 26: Doc Searls Privacy and Business

February 19: Report from the Obfuscation Symposium, including brief tool demos and individual impressions

February 12: Ira Rubinstein The Ethics of Cryptanalysis — Code Breaking, Exploitation, Subversion and Hacking
February 5: Felix Wu — The Commercial Difference which grows out of a piece just published in the Chicago Forum called The Constitutionality of Consumer Privacy Regulation

January 29: Organizational meeting

Fall 2013

December 4: Akiva Miller — Are access and correction tools, opt-out buttons, and privacy dashboards the right solutions to consumer data privacy? & Malte Ziewitz What does transparency conceal?
November 20: Nathan Newman — Can Government Mandate Union Access to Employer Property? On Corporate Control of Information Flows in the Workplace

November 6: Karen Levy — Beating the Box: Digital Enforcement and Resistance
October 23: Brian Choi — The Third-Party Doctrine and the Required-Records Doctrine: Informational Reciprocals, Asymmetries, and Tributaries
October 16: Seda Güerses — Privacy is Don't Ask, Confidentiality is Don't Tell
October 9: Katherine Strandburg — Freedom of Association Constraints on Metadata Surveillance
October 2: Joris van Hoboken — A Right to be Forgotten
September 25: Luke Stark — The Emotional Context of Information Privacy
September 18: Discussion — NSA/Pew Survey
September 11: Organizational Meeting

Spring 2013

May 1: Akiva Miller — What Do We Worry About When We Worry About Price Discrimination
April 24: Hannah Block-Wheba and Matt Zimmerman — National Security Letters [NSL's]

April 17: Heather Patterson — Contextual Expectations of Privacy in User-Generated Mobile Health Data: The Fitbit Story
April 10: Katherine Strandburg — ECPA Reform; Catherine Crump: Cotterman Case; Paula Helm: Anonymity in AA

April 3: Ira Rubinstein — Voter Privacy: A Modest Proposal
March 27: Privacy News Hot Topics — US v. Cotterman, Drones' Hearings, Google Settlement, Employee Health Information Vulnerabilities, and a Report from Differential Privacy Day

March 6: Mariana Thibes — Privacy at Stake, Challenging Issues in the Brazillian Context
March 13: Nathan Newman — The Economics of Information in Behavioral Advertising Markets
February 27: Katherine Strandburg — Free Fall: The Online Market's Consumer Preference Disconnect
February 20: Brad Smith — Privacy at Microsoft
February 13: Joe Bonneau  — What will it mean for privacy as user authentication moves beyond passwo
February 6: Helen Nissenbaum — The (Privacy) Trouble with MOOCs
January 30: Welcome meeting and discussion on current privacy news

Fall 2012

December 5: Martin French — Preparing for the Zombie Apocalypse: The Privacy Implications of (Contemporary Developments in) Public Health Intelligence
November 7: Sophie Hood — New Media Technology and the Courts: Judicial Videoconferencing
November 14: Travis Hall — Cracks in the Foundation: India's Biometrics Programs and the Power of the Exception

November 28: Scott Bulua and Catherine Crump — A framework for understanding and regulating domestic drone surveillance

November 21: Lital Helman — Corporate Responsibility of Social Networking Platforms
October 24: Matt Tierney and Ian Spiro — Cryptogram: Photo Privacy in Social Media
October 17: Frederik Zuiderveen Borgesius — Behavioural Targeting. How to regulate?

October 10: Discussion of 'Model Law'

October 3: Agatha Cole — The Role of IP address Data in Counter-Terrorism Operations & Criminal Law Enforcement Investigations: Looking towards the European framework as a model for U.S. Data Retention Policy
September 26: Karen Levy — Privacy, Professionalism, and Techno-Legal Regulation of U.S. Truckers
September 19: Nathan Newman — Cost of Lost Privacy: Google, Antitrust and Control of User Data