(Press-News.org) PITTSBURGH—Web services companies, such as Facebook, Google and Microsoft, all make promises about how they will use personal information they gather. But ensuring that millions of lines of code in their systems operate in ways consistent with privacy promises is labor-intensive and difficult. A team from Carnegie Mellon University and Microsoft Research, however, has shown these compliance checks can be automated.
The researchers developed a prototype automated system that is now running on the data analytics pipeline of Bing, Microsoft's search engine. According to Saikat Guha, researcher at Microsoft, it's the first time automated privacy compliance analysis has been applied to the production code of an Internet-scale system and is a reflection of Microsoft's commitment to creating the technology necessary to further safeguard the privacy of customers.
Employing a new, lawyer-friendly language to specify privacy policies and using a data inventory to annotate existing programs, the researchers showed that a team of just five people could manage a daily compliance check on millions of lines of code written by several thousand developers.
They presented their research findings at the 35th IEEE Symposium on Security & Privacy, May 18-21, in San Jose, Calif.
"Companies in the United States have a legal obligation to declare how they use personal information they gather and it's also good business to establish a bond of trust with customers," said Anupam Datta, associate professor of computer science and electrical and computer engineering. "But these systems are constantly evolving and their scale can be daunting. The manual methods typically used for checking compliance are labor intensive, yet too often fail to catch all violations of policy."
"Tens of millions of lines of code are already in the pipeline," noted Shayak Sen, a Ph.D. student in computer science who interned at Microsoft Research India and the lead student author on the study. "And during our implementation on Bing, we found that more than 20 percent of the code was changing on a daily basis." At these large scales, automated methods offer the best hope of verifying compliance.
"One reason that gaps exist between policies set by a company's privacy team and the code written by software developers is that the two groups don't speak the same language," Datta said. Lawyers and privacy champions typically have little experience in programming and developers attempting to translate policies into code can get tripped up by ambiguities in the language of the privacy policies.
So the researchers developed a language – Legalease – that could be easily learned and used by privacy advocates. It employs allow-deny rules with exceptions, a structure that is found in many privacy policies and laws, such as the Health Insurance Portability and Accountability Act (HIPAA), and is expressive enough to capture the real policies of an industrial-scale system such as Bing.
In preliminary usability testing, a dozen Microsoft employees were given a one-page document explaining Legalease and spent an average of under 5 minutes studying it. They then took an average of less than 15 minutes to encode nine Bing policy clauses regarding how user information can be used. "They were able to perform this task with a high degree of accuracy, which is encouraging," Sen said.
But encoding privacy policies correctly means little if it cannot be applied to large codebases written by large teams of programmers. To solve this dilemma, the researchers leveraged Grok – a data inventory that annotates existing programs written in languages typically employed by MapReduce-like systems, such as those used by Bing and Google – for their backend data analytics over user data.
Grok performs this automated annotation by combining information from different sources with varying levels of confidence. For instance, automated pattern-matching to column names can be performed across an entire database, but with low confidence, while annotations by developers have high confidence, but low coverage.
Grok had been developed by Microsoft Research and deployed by Bing for the express purpose of automating privacy compliance checking the previous year, but writing policies for Grok was cumbersome.
"Legalease was the final piece of the automated privacy compliance jigsaw puzzle," Guha said. "Developed over Sen's internship and subsequent collaboration with CMU, Legalease bridged privacy teams with Grok, and through Grok, with the developers."
Datta said automating the process of compliance checks could push the industry to adopt stronger privacy protection policies.
"Sometimes, companies want to make their policies stronger, but hesitate because they are not sure they can ensure compliance in these large systems," he explained, noting that online privacy policy compliance is enforced in the United States by the Federal Trade Commission.
INFORMATION:
The research team included Sriram K. Rajamani of Microsoft Research in Bangalore, India; Janice Tsai of Microsoft Research, Redmond, and Jeannette Wing, corporate vice president of Microsoft Research and former head of CMU's Computer Science Department.
This research was supported, in part, by the Air Force Office of Scientific Research and the National Science Foundation.
About Carnegie Mellon University:
Carnegie Mellon is a private, internationally ranked research university with programs in areas ranging from science, technology and business, to public policy, the humanities and the arts. More than 12,000 students in the university's seven schools and colleges benefit from a small student-to-faculty ratio and an education characterized by its focus on creating and implementing solutions for real problems, interdisciplinary collaboration and innovation. A global university, Carnegie Mellon has campuses in Pittsburgh, Pa., California's Silicon Valley and Qatar, and programs in Africa, Asia, Australia, Europe and Mexico.
Carnegie Mellon, Microsoft Research automate privacy compliance for big data systems
Search engine code is moving target that eludes manual audits
2014-05-21
ELSE PRESS RELEASES FROM THIS DATE:
Funny River Fire, Alaska
2014-05-21
According to the Alaskan Division of Forestry the Funny River fire was very active overnight (May 20) because of low humidity. Currently the fire is estimated to be near 7,000 acres and has reached Tustumena Lake. It is spreading east and west along the shore, is 10 miles long, and is about a mile wide with broadening at the lake shore. There have been no evacuations or reports of any structures lost.
Early this morning (May 21), flame lengths of 125 feet with erratic fire behavior were reported. Winds for today are forecasted to remain out of the north keeping the fire ...
A faster track to the tools that track disease
2014-05-21
Radioactivity is usually associated with nuclear fallout or comic-book spider bites, but in very small amounts it can be a useful tool for diagnosing diseases.
Small molecules containing a radioactive isotope of fluorine called "18F radiotracers" are used to detect and track certain diseases in patients. Once injected into the body, these molecules accumulate in specific targets, such as tumors, and can be visualized by their radioactive tag on a positron emission tomography (PET) scan. The 18F tags quickly decay so no radioactivity remains after about a day.
But there ...
PMS may spell menopause symptoms later -- but not hot flashes
2014-05-21
CLEVELAND, Ohio (May 21, 2014)—Having premenstrual syndrome (PMS) before menopause does not mean women will be troubled by hot flashes afterward. But they may face more menopause complaints other than hot flashes, such as trouble with memory and concentration, finds a new study published online in Menopause, the journal of The North American Menopause Society (NAMS).
The research team at the Helsinki University Central Hospital and Folkhälsan Research Institute in Helsinki, Finland, are the first to show a link between PMS and a worse quality of life after menopause. They ...
Scientist uncovers links connecting environmental changes with spike in infectious disease
2014-05-21
National Museum of Natural History scientist Bert Van Bocxlaer and an international team of researchers revealed that anthropogenic changes in Africa's Lake Malaŵi are a driving force behind the increase of urogenital schistosomiasis, a debilitating tropical disease caused by parasitic flatworms. Scientists estimate that 250 million people are affected by schistosomiasis worldwide, and 600 million more are at risk of contracting it. In some villages along the shorelines of Lake Malaŵi, 73 percent of the people and up to 94 percent of the schoolchildren are infected ...
Scaly gem discovered in South American cloudforests
2014-05-21
Field and laboratory work by Omar Torres-Carvajal from Museo de Zoología QCAZ, Pontificia Universidad Católica del Ecuador, and his former undergraduate student Simón Lobos has resulted in the discovery of a gem-looking new species of shade lizard from the cloudforests in northwestern Ecuador. This region is part of the 274,597 km2 Tumbes-Chocó-Magdalena hotspot that lies west of the Andes. The study was published in the open access journal ZooKeys.
Shade lizards (genus Alopoglossus) are widely distributed across tropical South America. They differ from most other lizards ...
Shattering past of the 'island of glass'
2014-05-21
A tiny Mediterranean island visited by the likes of Madonna, Sting, Julia Roberts and Sharon Stone is now the focus of a ground-breaking study by University of Leicester geologists.
Pantelleria, a little-known island between Sicily and Tunisia, is a volcano with a remarkable past: 45 thousand years ago, the entire island was covered in a searing-hot layer of green glass.
Volcanologists Drs Mike Branney, Rebecca Williams and colleagues at the University of Leicester Department of Geology have been uncovering previously unknown facts about the island's physical history.
And ...
The interruption of biological rhythms during chemotherapy worsen its side effects
2014-05-21
Patients receiving chemical treatment for cancer often suffer fatigue and body weight loss, two of the most worrying effects of this therapy linked to the alteration of their circadian rhythms.
The circadian system, better known as our biological clock, is responsible for coordinating all the processes that take place in our organism.
If it does not function correctly, what is known as a circadian disruption or chronodisruption, has for years been linked to an increased incidence of cancer, obesity, diabetes, depression, cognitive problems or cardiovascular diseases.
"Also, ...
New tide gauge uses GPS signals to measure sea level change
2014-05-21
A new way of measuring sea level using satellite navigation system signals, for instance GPS, has been implemented by scientists at Chalmers University of Technology in Sweden. Sea level and its variation can easily be monitored using existing coastal GPS stations, the scientists have shown.
Measuring sea level is an increasingly important part of climate research, and a rising mean sea level is one of the most tangible consequences of climate change. Researchers at Chalmers University of Technology have studied new ways of measuring sea level that could become important ...
Dam removal improves shad spawning grounds, may boost survival rate
2014-05-21
Research from North Carolina State University finds that dam removal improves spawning grounds for American shad and seems likely to improve survival rates for adult fish, juveniles and eggs – but for different reasons.
The researchers focused on a small tributary in North Carolina called the Little River, where three dams were removed in the late 1990s and early 2000s. American shad (Alosa sapidissima) spend the bulk of their adult lives in saltwater, but return to freshwater rivers like this one to spawn. While in these freshwater environments, the adult shad do not ...
Breakthrough: Nasal spray may soon replace the pill
2014-05-21
Every time we have an infection or a headache and take a pill, we get a lot more drugs than our body actually needs. The reason is that only a fraction of the drugs in a pill reaches the right places in the body; the rest never reaches its destination and may cause unwelcome side effects before they are flushed out of the body again. This kind of major overdosing is especially true when doctors treat brain diseases, because the brain does not easily accept entering drugs.
"People with brain diseases are often given huge amounts of unnecessary drugs. During a long life, ...
LAST 30 PRESS RELEASES:
NASA’s Parker Solar Probe makes history with closest pass to Sun
Are we ready for the ethical challenges of AI and robots?
Nanotechnology: Light enables an "impossibile" molecular fit
Estimated vaccine effectiveness for pediatric patients with severe influenza
Changes to the US preventive services task force screening guidelines and incidence of breast cancer
Urgent action needed to protect the Parma wallaby
Societal inequality linked to reduced brain health in aging and dementia
Singles differ in personality traits and life satisfaction compared to partnered people
President Biden signs bipartisan HEARTS Act into law
Advanced DNA storage: Cheng Zhang and Long Qian’s team introduce epi-bit method in Nature
New hope for male infertility: PKU researchers discover key mechanism in Klinefelter syndrome
Room-temperature non-volatile optical manipulation of polar order in a charge density wave
Coupled decline in ocean pH and carbonate saturation during the Palaeocene–Eocene Thermal Maximum
Unlocking the Future of Superconductors in non-van-der Waals 2D Polymers
Starlight to sight: Breakthrough in short-wave infrared detection
Land use changes and China’s carbon sequestration potential
PKU scientists reveals phenological divergence between plants and animals under climate change
Aerobic exercise and weight loss in adults
Persistent short sleep duration from pregnancy to 2 to 7 years after delivery and metabolic health
Kidney function decline after COVID-19 infection
Investigation uncovers poor quality of dental coverage under Medicare Advantage
Cooking sulfur-containing vegetables can promote the formation of trans-fatty acids
How do monkeys recognize snakes so fast?
Revolutionizing stent surgery for cardiovascular diseases with laser patterning technology
Fish-friendly dentistry: New method makes oral research non-lethal
Call for papers: 14th Asia-Pacific Conference on Transportation and the Environment (APTE 2025)
A novel disturbance rejection optimal guidance method for enhancing precision landing performance of reusable rockets
New scan method unveils lung function secrets
Searching for hidden medieval stories from the island of the Sagas
Breakthrough study reveals bumetanide treatment restores early social communication in fragile X syndrome mouse model
[Press-News.org] Carnegie Mellon, Microsoft Research automate privacy compliance for big data systemsSearch engine code is moving target that eludes manual audits