Thank you for sharing this! I took a class on surveillance and privacy last semester, so I already have basic knowledge about this subject. I agree that it’s important to reject false tradeoffs. Personally, my contribution to this area would be in formulating a theory of privacy that can be used to assess surveillance schemes in this context.
Shafi Goldwasser at Berkeley is currently working on some definitions of privacy and their applicability for law. See this paper or this talk. In a talk she gave last month she talked about how to formalize some aspects of law related to cryptographic concepts to formalize “the right to be forgotten”. The recording is not up yet, but in the meantime I paste below my (dirty/partial) notes from the talk. I feel somewhat silly for not realizing the possible connection there earlier, so thanks for the opportunity to discover connections hidden in plain sight!
Shafi is working directly with judges, and this whole program is looking potentially promising. If you are seriously interested in pursuing this, I can connect you to her if that would help. Also, we have someone in our research team at EA Israel doing some work into this (from a more tech/crypto solution perspective) so it may be interesting to consider a collaboration here.
The notes-
“What Crypto can do for the Law?”—Shafi Goldwasser 30.12.19:
There is a big language barrier between Law and CS, following a knowledge barrier.
People in law study the law of governing algorithms, but there is not enough participation of computer scientists to help legal work.
But, CS can help with designing algorithms and formalizing what these laws should be.
Shafi suggests a crypto definition for “The right to be forgotten”. This should help
Privacy regulation like CCPA and GDPR have a problem—how to test whether one is compliant?
Do our cryptographic techniques satisfy the law?
that requires a formal definition
A first suggestion:
after deletions, the state of the data collector and the history of the interaction with the environment should be similar as to the case where information was never changed. [this is clearly inadequate—Shafi aims at starting a conversation]
Application of cryptographic techniques
History Oblivious Data Structure
Data Summarization using Differential Privacy leaves no trace
Thank you for sharing this! I took a class on surveillance and privacy last semester, so I already have basic knowledge about this subject. I agree that it’s important to reject false tradeoffs. Personally, my contribution to this area would be in formulating a theory of privacy that can be used to assess surveillance schemes in this context.
Shafi Goldwasser at Berkeley is currently working on some definitions of privacy and their applicability for law. See this paper or this talk. In a talk she gave last month she talked about how to formalize some aspects of law related to cryptographic concepts to formalize “the right to be forgotten”. The recording is not up yet, but in the meantime I paste below my (dirty/partial) notes from the talk. I feel somewhat silly for not realizing the possible connection there earlier, so thanks for the opportunity to discover connections hidden in plain sight!
Shafi is working directly with judges, and this whole program is looking potentially promising. If you are seriously interested in pursuing this, I can connect you to her if that would help. Also, we have someone in our research team at EA Israel doing some work into this (from a more tech/crypto solution perspective) so it may be interesting to consider a collaboration here.
The notes-
“What Crypto can do for the Law?”—Shafi Goldwasser 30.12.19:
There is a big language barrier between Law and CS, following a knowledge barrier.
People in law study the law of governing algorithms, but there is not enough participation of computer scientists to help legal work.
But, CS can help with designing algorithms and formalizing what these laws should be.
Shafi suggests a crypto definition for “The right to be forgotten”. This should help
Privacy regulation like CCPA and GDPR have a problem—how to test whether one is compliant?
Do our cryptographic techniques satisfy the law?
that requires a formal definition
A first suggestion:
after deletions, the state of the data collector and the history of the interaction with the environment should be similar as to the case where information was never changed. [this is clearly inadequate—Shafi aims at starting a conversation]
Application of cryptographic techniques
History Oblivious Data Structure
Data Summarization using Differential Privacy leaves no trace
ML Data Deletion
The talk is here