RECENT NEWS

April 2022: Justin Cranshaw defends his dissertation. Congrats, Justin!

Justin Cranshaw, "Depicting Places in Information Systems: Closing the Gap Between Representation and Experience", PhD Dissertation, School of Computer Science technical report CMU-ISR-22-106, May 2022.

October 2022: Keynote at ACM CIKM Workshop on Privacy Algorithms in Systems

Just gave a keynote at the 1st International Workshop on "Privacy Algorithms in Systems."  My talk focused on "Privacy in the Age of AI and the Internet of Things".

July 2022: iOS Privacy Labels Miss the Mark - Paper Presentation at PoPETS'2022

Here's a CyLab press release summarizing the result of a study conducted with my PhD student, Aerin Zhang,  Yuanyuan Feng, Yaxing Yao and Lorrie Cranor on the usability of iOS Privacy Labels in their current form.

This research was presented at PoPETS 2022 earlier this month.

The full article is available here

This research is taking place under the umbrella of our Usable Privacy Policy Project

June 2022: Our work on a tool to help iOS app developers create more accurate privacy labels presented at IWPE'2022 and PEPR'2022

Helping Mobile App Developers Create Accurate Privacy Labels. by Jack Gardner, Akshath Jain, Yuanyuan Feng, Kayla Reiman, Zhi Lin and Norman Sadeh. In this work we discuss the design and evaluation of a tool to help iOS developers generate privacy labels. The tool combines static code analysis to identify likely data collection and use practices with interactive functionality designed to prompt developers to elucidate analysis results and carefully reflect on their applications’ data practices. We conducted semi-structured interviews with iOS developers as they used an initial version of the tool. We discuss how these results motivated us to develop an enhanced software tool, Privacy Label Wiz, that more closely resembles interactions developers reported to be most useful in our semi-structured interviews. We present findings from our interviews and the enhanced tool motivated by our study. We also outline future directions for software tools to better assist developers communicating their mobile app’s data practices to different audiences.

June 2022: Aerin Zhang presents our work on the acceptance of COVID-19 vaccination mandates and certificates at ACM's FAccT2022 Conference

Stop the Spread: A Contextual Integrity Perspective on the Appropriateness of COVID-19 Vaccination Certificates

Shikun Zhang, Yan Shvartzshnaider, Yuanyuan Feng, Helen Nissenbaum, and Norman Sadeh

We present an empirical study exploring how privacy influences the acceptance of vaccination certificate (VC) deployments across different realistic usage scenarios. The study employed the privacy framework of Contextual Integrity, which has been shown to be particularly effective to capture people's privacy expectations across different contexts. We use a vignette methodology, where we selectively manipulate salient contextual parameters understood to potentially impact people's attitudes towards VCs. We surveyed 890 participants from a demographically-stratified sample of the US population to gauge the acceptance and overall attitudes towards possible VC deployments to enforce vaccination mandates and the different information flows VCs might entail. Analysis of results collected at part of this study are used to derive general normative observations about different possible VC practices and to provide guidance for the possible VC deployments in different contexts.

Here's a video of Aerin's presentation

June 2022: Our Research in the Context of "Livehoods" Honored with ICWSM 2022 Test of Time Award

Honored to see our work on Livehoods, mining public social media data to understand the dynamics of cities, selected for the test of time award at AAAI's 16th International Conference on Web and Social Media.

Here's CMU's School of Computer Science press release.

May 2022: Keynote at Cyburgh 2022

Gave a keynote at Cyburgh 2022 on "Privacy as a New Tech Sector".

April 2022, Panelist, Privacy Symposium

Panelist at Privacy Symposium in Venice.

My talk focused on "Making Privacy Humanly Tractable".

March 11, 2022: Recent interview on Midwest Moxie (NPR) with Pulitzer Prize-winning journalist, Kathleen Gallagher

Interviewed by Pulitzer-winner Kathleen Gallagher as she launches her "Midwest Moxie' podcast, which features interviews with entrepreneurs.

February 2022: Keynote at ICISSP 2022 (International Conference on Information Systems Security and Privacy)

My ICISSP keynote focused on "Why Usability Has Become Privacy's Biggest Challenge and What We Can Do About It".

See below for a copy of my slides.

January 2022: Honored to have our paper selected for FPF "Privacy Papers for Policymakers" Award

Our paper about people’s perceptions of advanced video analytics has been selected to receive the prestigious Future of Privacy Forum’s annual Privacy Papers for Policymakers Award.

The paper titled “‘Did you know this camera tracks your mood? Understanding Privacy Expectations and Preferences in the Age of Video Analytics,” was originally published and presented at the 2021 Privacy Enhancing Technologies Symposium.

Click on the link below for the CyLab/S3D press release.

December 2021: Keynote at BIGS 2021 on "Security and Privacy: Reconciling the Strengths and Limitations of Human and Artificial Intelligence"

Reflections on the limitations and strengths of human and artificial intelligence and how our work in user-oriented security and privacy aims to develop practical solutions where both forms of intelligence are deployed to best complement one another. The presentation builds on our anti-phishing work, including work at Wombat Security Technologies, as well as research at CMU in the context of the Usable Privacy Policy Project and the Personalized Privacy Assistant Project.

October 2021: First cohort of students complete our Privacy Engineering Certificate Program

In response to increased demand from industry, we launched a new certificate program in privacy engineering earlier this Fall semester. The program is remote but involves live lectures and interactions with our faculty as well as both individual and group exercises. The program is delivered over 4 consecutive weekends. We will be running 4 cohorts per year.

Survey of the students who completed the program indicate they all felt they learned a ton and really enjoyed the live interactions and group exercises.

October 2021: Grateful to receive a "Google Privacy-Related Faculty Research Award" for our work on Mobile App Privacy Nutrition Labels

Following our 2013 proposing the adoption of mobile app privacy labels, both Apple (Fall 2020) and Google (Spring 2021) have now announced the introduction of such labels in their app stores - see our 2013 CHI article with Patrick Gage Kelley and Lorrie Cranor here.

It appears however that in the form in which they have been introduced, these labels are not fully delivering on their promises - with anecdotal evidence suggesting that both developers and end-users struggle to fully understand what these labels mean and how to use them. As part of this project, we will be conducting an in-depth study of the usability of current iOS mobile app privacy labels (joint work with my PhD student, Aerin Zhang, and with Lorrie Cranor) and will also be developing tools to help mobile app developers create more accurate privacy labels.

September 2021: Daniel Smullen defends his dissertation. Congrats, Daniel!

D. Smullen, "Informing the Design and Refinement of Privacy and Security Controls", Ph.D. Thesis, Software Engineering PhD Program, Technical Report CMU-ISR-21-111, School of Computer Science, Carnegie Mellon University, Pittsburgh, PA. September 2021.

August 2021: A few quotes in recent Pittsburgh Post Gazette article on privacy in the Internet of Things

A few quotes related to our work on a privacy infrastructure for the Internet of Things. Our infrastructure is now hosting descriptions of about 150,000 IoT data collection systems and devices.

August 2021: Breaking Down Walls of Text: How Can NLP Benefit Consumer Privacy? (ACL/IJNLP presentation)

Abhilasha Ravichander presents our research at the 59th Annual Meeting of the Association for Computational Linguistics and the 11th International Joint Conference on Natural Language Processing (ACL/IJCNLP). Here's the abstract:

Privacy plays a crucial role in preserving democratic ideals and personal autonomy. The dominant legal approach to privacy in many jurisdictions is the “Notice and Choice” paradigm, where privacy policies are the primary instrument used to convey information to users. However, privacy policies are long and complex documents that are difficult for users to read and comprehend. We discuss how language technologies can play an important role in addressing this information gap, reporting on initial progress towards helping three specific categories of stakeholders take advantage of digital privacy policies: consumers, enterprises, and regulators. Our goal is to provide a roadmap for the development and use of language technologies to empower users to reclaim control over their privacy, limit privacy harms, and rally research efforts from the community towards addressing an issue with large social impact. We highlight many remaining opportunities to develop language technologies that are more precise or nuanced in the way in which they use the text of privacy policies.

July 2021: Peter Story defends his dissertation. Congrats, Peter!

P. Story, "Design and Evaluation of Security and Privacy Nudges: From Protection Motivation Theory to Implementation Intentions", CMU-ISR-21-107, School of Computer Science, Carnegie Mellon University. August 2021.

July 2021: Managing Potentially Intrusive Practices in the Browser

Presentation of our research by my PhD student, Daniel Smullen, at PoPETS2021:

"Browser users encounter a broad array of potentially intrusive practices: from behavioral profiling, to crypto-mining, fingerprinting, and more. We study people’s perception, awareness, understanding, and preferences to opt out of those practices..."

July 2021: Misconceptions plague security and privacy tools: CyLab article on research conducted with my PhD student, Peter Story

People hold a myriad of misconceptions about the tools meant to help them protect their privacy and security. Here is a recent CyLab article on research that was presented by Peter Story at this week’s Privacy Enhancing Technologies Symposium.

Peter Story, Daniel Smullen, Yaxing Yao, Alessandro Acquisti, Lorrie Faith Cranor, Norman Sadeh, and Florian Schaub, Awareness, Adoption, and Misconceptions of Web Privacy Tools. Proceedings on Privacy Enhancing Technologies Symposium (PoPETS 2021), 3, Jul 2021

July 2021: Did you know this camera tracks your mood?


S Zhang, Y Feng, L Bauer, LF Cranor, A Das, and N Sadeh, “Did you know this camera tracks your mood?”: Understanding Privacy Expectations and Preferences in the Age of Video Analytics Proceedings on Privacy Enhancing Technologies, 2, 1, Apr 2021.

Cameras are everywhere, and are increasingly coupled with video analytics software that can identify our face, track our mood, recognize what we are doing, and more. We present the results of a 10-day in-situ study designed to understand how people feel aboutt hese capabilities, looking both at the extent to which they expect to encounter them as part of their everyday activities and at how comfortable they are with the presence of such technologies across a range of realistics cenarios. Results indicate that while some widespread deployments are expected by many (e.g., surveillance in public spaces), others are not, with some making people feel particularly uncomfortable. Our results further show that individuals’ privacy preferences and expectations are complicated and vary with a number of factors such as the purpose for which footage is captured and analyzed, the particular venue where it is captured, and whom it is shared with. Finally, we discuss the implications of people’s rich and diverse preferences on opt-in or opt-out rights for the collection and use (including sharing) of data associated with these video analytics scenarios as mandated by regulations. Because of the user burden associated with the large number of privacy decisions people could be faced with, we discuss how new types of privacy assistants could possibly be configured to help people manage these decisions.

March 2021 CyLab press release on the adoption of our work as part of the California Consumer Protection Act (CCPA).

Adoption of our recommended logo and text for CCPA's opt-out, following work where our group considered and systematically evaluated a number possible designs. This research will also be presented at CHI'2021 in May.

Hana Habib, Yixin Zou, Yaxing Yao, Alessandro Acquisti, Lorrie Cranor, Joel Reidenberg, Norman Sadeh, Florian Schaub, "Toggles, dollar signs, and triangles: How to (in) effectively convey privacy choices with icons and link texts" to appear in Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems.


May 2021: CyLab press release on our study of the "Design Space for Privacy Choices" which was presented at CHI'2021.

Y Feng, Y Yao, N Sadeh, "A Design Space for Privacy Choices: Towards Meaningful Privacy Control in the Internet of Things." Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems, May 2021.

“Notice and choice” is the predominant approach for data privacy protection today. There is considerable user-centered research on providing effective privacy notices but not enough guidance on designing privacy choices. Recent data privacy regulations worldwide established new requirements for privacy choices, but system practitioners struggle to implement legally compliant privacy choices that also provide users meaningful privacy control. We construct a design space for privacy choices based on a user-centered analysis of how people exercise privacy choices in real-world systems. This work contributes a conceptual framework that considers privacy choice as a user-centered process as well as a taxonomy for practitioners to design meaningful privacy choices in their systems. We also present a use case of how we leverage the design space to finalize the design decisions for a real-world privacy choice platform, the Internet of Things (IoT) Assistant, to provide meaningful privacy control in the IoT.

Heading

What’s a Rich Text element?

The rich text element allows you to create and format headings, paragraphs, blockquotes, images, and video all in one place instead of having to add and format them individually. Just double-click and easily create content.

Static and dynamic content editing

A rich text element can be used with static or dynamic content. For static content, just drop it into any page and begin editing. For dynamic content, add a rich text field to any collection and then connect a rich text element to that field in the settings panel. Voila!

How to customize formatting for each rich text

Headings, paragraphs, blockquotes, figures, images, and figure captions can all be styled after a class is added to the rich text element using the "When inside of" nested selector system.

Heading

What’s a Rich Text element?

The rich text element allows you to create and format headings, paragraphs, blockquotes, images, and video all in one place instead of having to add and format them individually. Just double-click and easily create content.

Static and dynamic content editing

A rich text element can be used with static or dynamic content. For static content, just drop it into any page and begin editing. For dynamic content, add a rich text field to any collection and then connect a rich text element to that field in the settings panel. Voila!

How to customize formatting for each rich text

Headings, paragraphs, blockquotes, figures, images, and figure captions can all be styled after a class is added to the rich text element using the "When inside of" nested selector system.

Heading

What’s a Rich Text element?

The rich text element allows you to create and format headings, paragraphs, blockquotes, images, and video all in one place instead of having to add and format them individually. Just double-click and easily create content.

Static and dynamic content editing

A rich text element can be used with static or dynamic content. For static content, just drop it into any page and begin editing. For dynamic content, add a rich text field to any collection and then connect a rich text element to that field in the settings panel. Voila!

How to customize formatting for each rich text

Headings, paragraphs, blockquotes, figures, images, and figure captions can all be styled after a class is added to the rich text element using the "When inside of" nested selector system.

Heading

What’s a Rich Text element?

The rich text element allows you to create and format headings, paragraphs, blockquotes, images, and video all in one place instead of having to add and format them individually. Just double-click and easily create content.

Static and dynamic content editing

A rich text element can be used with static or dynamic content. For static content, just drop it into any page and begin editing. For dynamic content, add a rich text field to any collection and then connect a rich text element to that field in the settings panel. Voila!

How to customize formatting for each rich text

Headings, paragraphs, blockquotes, figures, images, and figure captions can all be styled after a class is added to the rich text element using the "When inside of" nested selector system.

Heading

What’s a Rich Text element?

The rich text element allows you to create and format headings, paragraphs, blockquotes, images, and video all in one place instead of having to add and format them individually. Just double-click and easily create content.

Static and dynamic content editing

A rich text element can be used with static or dynamic content. For static content, just drop it into any page and begin editing. For dynamic content, add a rich text field to any collection and then connect a rich text element to that field in the settings panel. Voila!

How to customize formatting for each rich text

Headings, paragraphs, blockquotes, figures, images, and figure captions can all be styled after a class is added to the rich text element using the "When inside of" nested selector system.

December 2020: CyLab researchers design privacy icon to be used by California law

The California Office of the Attorney General (“Cal AG”) just announced they would rely on icons and text we designed and evaluated for the new California Consumer Privacy Act (CCPA). Here’s the CyLab’s press release summarizing the work we conducted to inform and refine the design. And here’s the official March 2021 press release from the Cal AG acknowledging our contribution.


December 2020: IoT Privacy Infrastructure and IoT Assistant app

Just released new version of our IoT Privacy Infrastructure and IoT Assistant app. The infrastructure enables people to publicize the presence of IoT data collection processes at different locations and the IoT Assistant app enables people to discover them. Check it out!


November 2020: Announcing two new options in our privacy engineering program

November 2020: Just announced two new options in our privacy engineering program Both options are designed for working professionals interested in getting privacy engineering training without having to leave their existing jobs.

Here's the CyLab press release


November 2020: Top 15 most cited papers in the 50 year history of its Decision Sciences Journal

November 2020 The Decision Sciences Institute announced that our 1998 article on Modeling Supply Chain Dynamics: A Multiagent Approach is one of the 15 most cited papers in the 50 year history of its Decision Sciences Journal. This was joint work with my former PhD student Jay Swaminathan and my colleague Steve Smith At the time, people were relying on monolithic models that failed to capture the effects of information exchange policies or the competitive nature of the market places in which supply chain entities operate. The icons and accompanying text can be downloaded from the Cal AGs site.


October 2020: USENIX Privacy Engineering Practice and Respect Conference (PEPR’20)

Presenting our work on the Design of a Privacy Infrastructure for the Internet of Things at 2020 USENIX Privacy Engineering Practice and Respect Conference (PEPR’20).


August 2020: From Intent to Actions: Nudging Users Towards Secure Mobile Payments

August 2020 Peter Story presents our work on From Intent to Actions: Nudging Users Towards Secure Mobile Payments at the 2020 Symposium on Usable Privacy and Security.


July 2020: Federal Trade Commission’s Privacy Con

Our group presents three articles at the annual Federal Trade Commission’s Privacy Con conference

• -Zhang, Feng, Das, Bauer, Cranor and Sadeh, Understanding People’s Privacy Attitudes Towards Video Analytics

• Habib, Zou, Jannu, Sridhar, Swoopes, Acquisti, Cranor, Sadeh, Schaub, An Empirical Analysis of Data Deletion and Opt-Out Choices on 150 Websites

• Habib, Pearman, Wang, Zou, Acquisti, Cranor, Sadeh, Schaub, ‘It’s a Scavenger Hunt’: Usability of Websites’ Opt-Out and Data Deletion Choices

Here's a CyLab press release.

July 2020: 20th Privacy Enhancing Technologies Symposium

July 2020“ Daniel Smullen presents our work on The Best of Both Worlds: Mitigating Accuracy and User Burden in Capturing People’s Mobile App Privacy Preferences the 20th Privacy Enhancing Technologies Symposium. Here’s the CyLab press release

June 2020: Apple iOS14 introduces mobile app privacy nutrition labels, as advocated in our 2013 CHI paper.

Apple iOS14 introduces mobile app privacy nutrition labels similar to those proposed in the CHI’2013 “Privacy as Part of the App Decision Making Process” paper I co-authored with Patrick Gage Kelley and Lorrie Cranor – Apple informed us a little before the announcement…

June 2020: Privacy Law Scholar Conference

Our paper on “Evaluating How Global Privacy Principles Answer Consumers’ Questions About Mobile App Privacy“ (Joel R. Reidenberg, Norman Sadeh, Thomas Norton, and Abhilasha Ravichander) will be discussed by Kevin Moriarty (FTC) at the 2020 Privacy Law Scholar Conference

May 2020: IoT Privacy in the Age of CCPA and GDPR

Online Privacy+Security Forum panel on IoT Privacy in the Age of CCPA and GDPR with Achim Klabunde (Advisor to the European Data Protection Supervisor) and Gabriela Zanfir-Fortuna (Senior Policy Counsel, Future of Privacy Forum)

April 2020: Launching our Opt-Out Easy Browser Extension in Conjunction with paper presentation at 2020 Web Conference

Vinay Kumar and Roger Iyengar remotely present our paper on , Finding a Choice in a Haystack: Automatic Extraction of Opt-Out Statements from Privacy Policy Text at the 2020 Web Conference. Concurrently, we are releasing our "Opt-Out Easy" browser extension, which enables people to quickly access opt-out links otherwise buried deep in the text of privacy policies. We rely on machine learning to automatically identify and classify opt-out choices with precision and recall above 90%. The extension is available in the Chrome Store and the Firefox Store. Here's a CyLab press release on this work ("What If Opting Out of Data Collection Were Easy?"). Detailed instructions on how to install and use the extension are available here.

Here's the paper citation:

Vinayshekhar Bannihatti Kumar, Roger Iyengar, Namita Nisal, Yuanyuan Feng, Hana Habib, Peter Story, Sushain Cherivirala, Margaret Hagan, Lorrie Faith Cranor, Shomir Wilson, Florian Schaub, Norman Sadeh, "Finding a Choice in a Haystack: Automatic Extraction of Opt-Out Statements from Privacy Policy Text", WWW ’20, Apr 2020 [pdf]

February 2020: The Launch of our IoT Privacy Infrastructure and IoT Assistant is Garnering Press Coverage

The launch of our IoT Privacy Infrastructure and our IoT Assistant App is garnering media coverage. Here are a few recent articles:

CNET article "This app lets you see IoT devices around you and what data they’re taking"

Gizmodo article, "This App Tells You When Nearby Smart Devices Are Snooping on You" where a journalist plays with our IoT Assistant app in Manhattan.

Other articles in Engadget, BoingBoing, Vice, etc.

February 2020: Launching an IoT Privacy Infrastructure to Help Publicize the Presence of IoT Devices and Systems, the Data They Collect and Any Privacy Options They Offer.

We are launching a Privacy Infrastructure for the Internet of Things.

The Infrastructure includes a portal, where owners of IoT devices and systems as well as volunteer contributors can publicize the presence of IoT resources, the data they collect and more generally their data practices, including any privacy choices they make available to people. The infrastructure also features an IoT Assistant mobile app (available in both the iOS store and Google Play Store), which people can use to discover nearly IoT resources, their data practices as well as any available privacy options (e.g., opt-in, opt-out, deletion, access, etc.). Check out short videos about the IoT Privacy Infrastructure and our IoT Assistant app.

Check out also the CyLab press release on the infrastructure and the project's website, where you can access research articles and additional videos.

February 2020: New Faculty Highlight Videos

Our Societal Computing PhD program releases new faculty highlight videos


January 2020: Privacy Day at CMU

January 28, 2020: Come and join us as we celebrate Privacy Day at CMU

PoPETS 2019

July 2019: PoPETS 2019 article detailing how we analyzed over 1 million Android apps for potential privacy compliance issues presented in Stockholm. See also CyLab press release discussing our MAPS mobile app privacy compliance tool.


100k award from Mozilla

June 2019: Honored to receive $100k award from Mozilla for our work on personalized privacy assistants.

(Image Credit: Wallpaper Access)

Expert Address at Hong Kong University:

May 2019: What if Computers Understood Privacy Policies? A Look at Advances in Natural Language Processing through the Lens of Privacy


IAPP Global Privacy Summit

May 2019: Presenting our Privacy Infrastructure for IoT and our work on Personalized Privacy Assistant at IAPP Global Privacy Summit in DC.

Gizmodo: The Terrible Truth About Alexa

April 2019: Quoted in recent Gizmodo piece on privacy risks associated with the widespread adoption of smart speakers

AAAI Spring Symposium on Privacy-Enhancing AI and Language Technologies

March 2019: Co-organizing AAAI Spring Symposium on Privacy-Enhancing AI and Language Technologies (PAL2019) at Stanford.

Cybersecurity Commercialization Founders and Funders Workshop

March 2019: Panelist, Cybersecurity Commercialization Founders and Funders Workshop Schwarz Center for Entrepreneurship, Tepper School of Business, Carnegie Mellon University


Technology to automatically read privacy policies

March 2019: CyLab article discusses our work on technology to automatically read privacy policies


Congress: Make Privacy the Rule – Not the Exception

Feb 1, 2019: Op-ed in the Hill: Congress: Make Privacy the Rule – Not the Exception


Privacy Day Celebration at CMU

Feb 1, 2019 : Co-Organizing Privacy Day Celebration at CMU


Wombat Security Technologies: How We Got to a $225M Exit by Phishing our Customers,

November 29, 2018: Wombat Security Technologies: How We Got to a $225M Exit by Phishing our Customers, TiE Pittsburgh keynote, Schwartz Center for Entrepreneurship, Carnegie Mellon University


This Belgian authority in artificial intelligence sold his company for 225 million dollars

November 2018 Nice article in Trends about me (here’s the Google Translation from Dutch into English)


Debating Ethics: Dignity and Respect in Data-Driven Life, 40th International Conference of Data Protection and Privacy Commissioners

October 24, 2018: Panelist, Debating Ethics: Dignity and Respect in Data-Driven Life, 40th International Conference of Data Protection and Privacy Commissioners, European Parliament, Brussels. A CyLab Q&A, following the panel can be found here . You can watch a video of my initial remarks here or watch the full panel here , or you can read the conference report


Awarded new $1.2M NSF grant

August 2018: Awarded new $1.2M NSF grant for collaboration with Serge Egelman and Helen Nissenbaum to inform the development of privacy controls in mobile and IoT using contextual integrity


Which Apps have Privacy Policies?

Article at the Annual Privacy Forum in Barcelona:

Story, Zimmeck, Sadeh, Which Apps have Privacy Policies?

Towards a Roadmap for Privacy Technologies and the General Data Protection Regulation: A transatlantic initiative

Article at the Annual Privacy Forum in Barcelona:

Schiffner, Berendt et al. Towards a Roadmap for Privacy Technologies and the General Data Protection Regulation: A transatlantic initiative


Keynote at NSF Workshop

June 2018: Keynote at NSF Workshop on Security Assured Cyberinfrastructure in Pennsylvania (SAC-PA2), Pittsburgh, PA, June 2018


Artificial Intelligence, the Internet of Things and Privacy: Are We Doomed?

May 2018: Expert Address at Hong Kong University, “Artificial Intelligence, the Internet of Things and Privacy: Are We Doomed?”


2018 Pittsburgh Venture Capital Association (PVCA) Outstanding Entrepreneur award

May 15, 2018: Honored to receive the 2018 Pittsburgh Venture Capital Association (PVCA) Outstanding Entrepreneur award together with Joe Ferrara. PVCA’s awards recognize “remarkable entrepreneurs…for their extraordinary contributions to innovation and the region’s entrepreneurial vitality”. Here’s a list of earlier honorees


Interview: Facebook and the Cambridge Analytica fiasco

April 2018: Interviewed on local KDKA TV news channel about Facebook and the Cambridge Analytica fiasco

Image: Inc.Magazine

App Permissions Don't Tell Us Nearly Enough About Our Apps

April 2018: Quoted in Wired article discussing the limitations of app permissions, including the way in which permission bundling forces users to make impossible decisions – as shown in our research.


Panelist at IAPP

March 29, 2018: Panelist at IAPP’s Inaugural Privacy Engineering Section Forum IAPP Global Summit, Washington DC. I’m on the panel titled: “The Regulators View: Engineering Mitigation Efforts”.


Carnegie Mellon researchers create an AI to help us make sense of privacy policies

March 1, 2018: Check out article and video on our technology to automatically interpret statements found in privacy policies. The article is based on the new release of our explore.usableprivacy.org website. Here’s also an article in Fast Company/Co-Design


Wombat Security Technologies acquired by Proofpoint

March 1, 2018: After an amazing 10 years, Wombat Security Technologies, the CMU spinoff I co-founded with Jason Hong and Lorrie Cranor to commercialize results of our research on combating phishing attacks was acquired by Proofpoint for $225M. Here is the CMU press release. The original Proofpoint press release is here. This is also covered in news articles abroad (e.g., here’s a French article in Le Monde Informatique).


FTC Privacy Conference

Feb. 28, 2018: Our research group presents two papers and several posters at the FTC’s annual Privacy Conference. I’ll be presenting our work on privacy assistants to help users keep up with the broad deployment of cameras and computer vision algorithms – see our article here


Privacy Day Celebration at CMU

Jan 26, 2018: Co-Organizing Privacy Day Celebration at CMU. See also CyLab announcement here.


Usableprivacy.org

Jan 26, 2018: Announcing the release of new interactive website showcasing machine-generated annotations of a little over 7,000 privacy policies

Wombat Security Technologies ranked 135th fastest growing company in North America

November 2017: Wombat Security Technologies ranked 135th fastest growing company in North America in Deloitte’s 2017 Technology Fast 500. See Wombat’s press release including other recent accomplishments.


Wombat Security Technologies

October 2017: Wombat Security Technologies is clear leader for 4th consecutive year in Gartner’s 2017 Magic Quadrant in Security Awareness Computer-Based Training


3 Rivers Venture Fair

October 2017: Panelist at 3 Rivers Venture Fair (Pittsburgh) – Panel on Cybersecurity


From Big Data, to Machine Learning, to AI

October 2017: Panelist at Privacy + Security Forum (Washington, DC) – Panel titled “From Big Data, to Machine Learning, to AI


Privacy Preferences and Expectations in an IoT World

August 2017: Our 2017 SOUPS article on Privacy Preferences and Expectations in an IoT World discussed on the CyLab website

Assisting Users in a World Full of Cameras: A Privacy-aware Infrastructure for Computer Vision Applications

July 2017: Anupam Das presents our article on Assisting Users in a World Full of Cameras: A Privacy-aware Infrastructure for Computer Vision Applications at workshop on the Bright and Dark Sides of Computer Vision: Challenges and Opportunities for Privacy and Security IEEE Conference on Computer Vision and Pattern Recognition Workshops (CVPRW)


Best paper award at ACM MMSys Conference

June 2017: Best paper award at ACM MMSys Conference for our article on A Scalable and Privacy-Aware IoT Service for Live Video Analytics


ConPro’17

May 2017: Invited Speaker at FTC Technology and Consumer Protection Workshop (ConPro’17) in San Jose (co-located with 38th IEEE Symposium on Security & Privacy Conference)


MIT Technology Review

May 2017: MIT Technology Review article on our Privacy Assistant work – Personal AI Privacy Watchdog Could Help you Regain Control of Your Data


Google faculty research award

May 2017: I am the recipient of a Google faculty research award for my work on a privacy infrastructure for the Internet of Things.

Many apps fail to disclose the collection and sharing of sensitive data

April 2017: Our mobile app privacy compliance work featured on CyLab website


Expert address at Hong Kong University

March 2017: IoT Security and Privacy: What Can We Learn from the Mobile App Stores? Expert address at Hong Kong University


What If Computers Understood Privacy Policies? And, What If They Knew What We Care About?

February 2017: What If Computers Understood Privacy Policies? And, What If They Knew What We Care About? is the title of my Cylab Distinguished Seminar on February 20. Here’s a link to the video


Privacy Assistant in the Google Play store.

February 2017: Just released first version of our Privacy Assistant in the Google Play store. For the time being, it’s only available for rooted Android phones. Hoping that over time we can make it available to everyone. The launch is also getting some nice press coverage, including The Verge, PC Magazine and the Boston Globe


How app makers increasingly track your every move

February 2017: Christian Science Monitor mentions our research

Privacy Day at CMU

January 2017: Co-organizing Privacy Day at CMU with Lorrie Cranor


Helping the visually impaired identify phishing emails

January 2017: Project by Amanda Holt, Thomas Koike and Roykrong Sukkerd to help the visually impaired identify phishing emails. See also CyLab article here featured on CyLab webpage. The project was conducted in my Information Security and Privacy class this past Fall semester


Automated Analysis of Privacy Requirements for Mobile Apps

January 2017: Sebastian Zimmeck to present our paper on Automated Analysis of Privacy Requirements for Mobile Apps at the FTC’s PrivacyCon conference


Conceiving and Running Center-Scale Frontier Projects

January 2017: As lead PI of our Usable Privacy Policy Project Frontier project, participated in panel on Conceiving and Running Center-Scale Frontier Projects at NSF’s Secure and Trustworthy Cyberspace (SaTC) Principal Investigators’ Meeting


AAAI Fall Symposium on Privacy and Language Technologies

November 2016: I’ll be giving the opening keynote at the AAAI Fall Symposium on Privacy and Language Technologies DC. Our Usable Privacy Policy Project will also be presenting four papers at the Symposium.

Mobile App Behavior Often Appears at Odds With Privacy Policies

November 2016: CMU press release on our mobile app compliance tool and our work with the California AG


Wombat Security Technologies ranked 144th fastest growing company in North America

November 2016: Wombat Security Technologies ranked 144th fastest growing company in North America in Deloitte’s 2016 Technology Fast 500 and also fastest growing company in Pennsylvania for second year in a row


California AG’s Office has been piloting our Mobile App Privacy Compliance tool

October 2016: The California AG’s Office has been piloting our Mobile App Privacy Compliance tool for the past several months. See recent press release from the Cal AG’s Office This is research funded under our Usable Privacy Policy Project and our Personalized Privacy Assistant project

FTC Chairwoman Ramirez mentions Personalized Privacy Assistant

October 2016: FTC Chairwoman Ramirez mentions our privacy assistant for the Internet of Things in interview with MIT Technology Review


Magic quadrant for cybersecurity training for Wombat Security Technologies

October 2016: Gartner Group positions Wombat Security Technologies as Leader in its magic quadrant for cybersecurity training for 3rd consecutive year

CIO Magazine: 'Carnegie Mellon University helps you control your privacy'

September 2016: Our privacy work is featured in CIO Magazine


FTC and the Personalized Privacy Assistant Project

August 2016: FTC Chairwoman Edith Ramirez mentions our Personalized Privacy Assistant project in her keynote address at the Technology Policy Institute Aspen Forum


Ed Tech: 'Internet of Things: Coming to Your Campus Soon'

August 2016: Recent coverage in Ed Tech article focusing on security and privacy in IoT

Personalized Privacy Assistant

July 2016: Our Personalized Privacy Assistant is featured on CMU’s home page and also in Tech Crunch, Science Daily, Quartz, TribLive, Campus Technology, etc.


Usable Privacy Policy Project’s newsletter

June 2016: Our Usable Privacy Policy Project’s newsletter is now available


IAPP SOUPS Privacy Award

June 2016: Our article on Personalized Privacy Assistants for Mobile App Permissions, “Follow My Recommendations: A Personalized Assistant for Mobile App Permissions” received the IAPP SOUPS Privacy Award


Deciphering Websites’ Privacy Policies

June 2016: Kiplinger publishes an article on our Explore.UsablePrivacy.Org website


Privacy in the Age of IoT: New Technologies to Help Users and Regulator

June 2016: Expert address at Hong Kong University on Privacy in the Age of IoT: New Technologies to Help Users and Regulators


SOUPS 2016

May 2016: Three articles on our research have been accepted for presentation at the 12th USENIX Symposium on Usable Privacy and Security (SOUPS 2016)

  • Follow My Recommendations: A Personalized Assistant for Mobile App Permissions
    Bin Liu, Mads Schaarup Andersen, Florian Schaub, Hazim Almuhimedi, Shikun (Aerin) Zhang, Norman Sadeh, Yuvraj Agarwal, and Alessandro Acquisti, Carnegie Mellon University
  • How Short Is Too Short? Studying Privacy Notice Design for Wearables
    Joshua Gluck, Florian Schaub, Amy Friedman, Hana Habib, Norman Sadeh, Lorrie Faith Cranor, and Yuvraj Agarwal, Carnegie Mellon University
  • Expecting the Unexpected: Understanding Mismatched Privacy Expectations Online
    Ashwini Rao, Florian Schaub, Norman Sadeh, and Alessandro Acquisti, Carnegie Mellon University; Ruogu Kang, Facebook

Crowdsourcing Annotations of Websites’ Privacy Policies: Can It Really Work?

April 2016: Our WWW2016 article titled “Crowdsourcing Annotations of Websites’ Privacy Policies: Can It Really Work?“ was nominated for the best paper award


New website showcasing a corpus of 23,000 privacy policy annotations

March 11, 2016: We have released a new website showcasing a corpus of 23,000 privacy policy annotations. The site features color-coded navigation functionality that enables users to interactively explore privacy practice statements for nearly 200 different websites. This is research conducted under our Usable Privacy Policy project. See CyLab press release and also articles in Consumerist and LifeHacker


2016 Privacy Day event at CMU

January 28, 2016: Hosting Ed Felten, US Deputy Chief Technology Officer (White House), as part of 2016 Privacy Day event at CMU – more details available here.


FTC Privacy Conference

Towards Personalized Privacy Assistants - Norman Sadeh

November 2015: Notice and Choice for IoT: Why We Need Personalized Privacy Assistants UC Irvine, Informatics Seminar speaker. See also our project’s website

Wombat Security Technologies 104th fastest growing company

November 2015: Wombat Security Technologies ranked 104th fastest growing company in North America in Deloitte’s 2015 Technology Fast 500 – and the fastest growing company in Pennsylvania

DARPA Brandeis Grant

October 2015: Awarded a DARPA Brandeis grant to work on personalized privacy assistants for the Internet of Things and Big Data – work in collaboration with Alessandro Acquisti, Lujo Bauer, Lorrie Cranor and Anupam Datta at CMU and teams at UC Irvine and Honeywell.

Wombat Security Technologies

October 2015: Wombat Security Technologies named a clear leader in 2015 Gartner Magic Quadrant for Security Awareness Computer-Based Training Vendors

National Science Foundation grant on personalized privacy assistants for smartphone apps

September 2015: National Science Foundation grant on personalized privacy assistants for smartphone apps with a particular focus on user behavior – work in collaboration with Yuvraj Agarwal and Lorrie Cranor.


Summer 2015 Google Research Award

September 2015: I’m the lucky recipient of a Summer 2015 Google Research Award for my work on learning people’s mobile app privacy preferences

Keynote at Soups 2015

July 2015: Giving closing keynote at 2nd annual workshop on Privacy Personas and Segmentation at SOUPS 2015


CMU Leads Google Expedition To Create Technology for “Internet of Things”

July 2015: We have been selected to lead the development of novel privacy technologies for Google’s new Web of Things initiative – see CMU press release and a few other articles in the press (e.g., Pittsburgh Post Gazette , Campus Technology)


Research in privacy featured in The Link

July 2015: Our research in privacy and our master’s program in privacy engineering are featured in The Link


Presentation of findings to FTC

July 2015: Invited to present our research findings to FTC Commissioner Julie Brill and her staff


Future of Privacy Forum

July 2015: Invited to present our privacy work at event organized by the Future of Privacy Forum


2015 International Workshop on Privacy Engineering (IWPE’15)

May 2015: Jose M. del Alamo and I are co-chair of the 2015 International Workshop on Privacy Engineering (IWPE’15) (collocated with the 36th IEEE Symposium on Security and Privacy)


Apps Track Users—Once Every 3 Minutes

March 2015: Nice article in the Wall Street Journal on our mobile app privacy research. The full study will be presented at CHI’2015 next month. Here’s also the CMU press release. Around 50 news articles have been published in the past few days (including articles in the US, UK, Germany, France, India, Brazil, China, Vietnam, Netherlands and more). Here is the one in Wired and here’s a cool blog post in futurity that also talks about our work on personalized privacy assistants. See also project website here

FTC Commissioner Julie Brin at Privacy Day at CMU

January 28, 2015: FTC Commissioner Julie Brin will join us to celebrate Privacy Day at CMU – I will be participating in the panel on Privacy Research and Public Policy (here are also some photos and here’s a video the panel)

SBIR Success Panel

January 14, 2015: Sharing our experience at Wombat Security Technologies on “SBIR Success Panel“ at 2015 Government Cybersecurity SBIR Workshop in DC.

Bin Liu, is awarded a Yahoo! InMind fellowship

January 2015: My PhD student, Bin Liu, is awarded a Yahoo! InMind fellowship for work to develop a personalized privacy assistant for the InMind Project


Mobile App Privacy Nudging accepted at CHI2015

December 2014: Our paper on on Mobile App Privacy Nudging has been accepted for publication at CHI2015 – H. Almuhimedi, F. Schaub, N. Sadeh, I. Adjerid, A. Acquisti, J. Gluck, L. Cranor and Y. Agrawal, Your Location has been Shared 5,398 Times! A Field Study on Mobile App Privacy Nudging


An app developed at Microsoft by my PhD student, Justin Cranshaw

November 2014: An app developed over the summer at Microsoft by my PhD student, Justin Cranshaw, is featured on CMU’s homepage. The Microsoft Garage “Journeys & Notes” app connects people with similar commutes. Congrats Justin!


SOUPS 2014

October 2014: Our Ubicomp2012 and SOUPS 2014 work on modeling user privacy preferences is the basis for a cool new website grading mobile apps based on their privacy practices:

-J. Lin, B. Liu, N. Sadeh, and J.I. Hong, Modeling Users’ Mobile App Privacy Preferences: Restoring Usability in a Sea of Permission Settings , 2014 – SOUPS 2014

-J. Lin, S. Amini, J. Hong, N. Sadeh, J. Lindqvist, J. Zhang, Expectation and Purpose: Understanding Users’ Mental Models of Mobile App Privacy through Crowdsourcing – Ubicomp2012


Gartner Group positions Wombat Security Technologies as “Leader” in its magic quadrant for cybersecurity training

October 2014

New course: Exploring applications of IBM Watson’s cognitive technology

August 2014: Partnering with Eric Nyberg and Alan Black to offer a new mobile app development course exploring applications of IBM Watson’s cognitive technology. (See also CMU Students Get to Work, Play with Computer Jeopardy! Champion Watson in Pittsburgh Tribune or IBM’s Watson is Going to College in Venture Beat)


Fei Liu presents

August 2014:

F. Liu, R. Ramanath, N. Sadeh, and N.A. Smith, A Step Towards Usable Privacy Policy: Automatic Alignment of Privacy Statements in Proc. of the 25th International Conference on Computational Linguistics, Dublin, August 2014.

Graduating first cohort of students in our Master’s Program in Privacy Engineering

July 2014


Wombat Security Technologies closes $6.7M series B round of funding to accelerate growth

July 2014


Soups 2014

July 2014:

  • Jialiu Lin presents: J. Lin, B. Liu, N. Sadeh, and J.I. Hong, Modeling Users’ Mobile App Privacy Preferences: Restoring Usability in a Sea of Permission Settings , 2014 ACM Symposium on Usable Security and Privacy (SOUPS 2014), July 2014.

One of our two posters also wins the best poster award

Future of Privacy Notice and Choice at CMU

June 2014: Co-organizing workshop on the Future of Privacy Notice and Choice at CMU

Annual Meeting of the Association for Computational Linguistics

June 2014: Rohan Ramanath presents Unsupervised Alignment of Privacy Policies Using Hidden Markov Models in Proc. of the Annual Meeting of the Association for Computational Linguistics (ACL’14), Baltimore, MD, June 2014


Expert address at Hong Kong University

May 2014: Mobile App Privacy: How Bad Is It & What Can We Do About It?

CHI2014 in Toronto

April 2014: two papers at CHI2014 in Toronto

Reconciling Mobile App Privacy and Usability on Smartphones: Could User Privacy Profiles Help?

April 2014: WWW2014: Bin Liu presents our paper on Reconciling Mobile App Privacy and Usability on Smartphones: Could User Privacy Profiles Help?


Justin Cranshaw Disseration Proposal

April 2014: Justin Cranshaw successfully presents his dissertation proposal


Mobile & Pervasive Computing Services Project Fair

February 2014: Mobile & Pervasive Computing Services Project Fair: 16 projects from my Mobile & Pervasive Computing Services course compete for top prize.

WEF's Top 10 Emerging Technologies List Cites CMU Research

February 2014: Our Livehoods project listed among top 10 emerging technologies at Davos World Economic Forum


Data Privacy Day

Jan 2014: Co-hosting White House Chief Privacy Officer, Nicole Wong, at CMU as part of Data Privacy Day – see also event webpage and an article in the Pittsburgh Post Gazette, a video of the keynote , and some photos

Reconciling Mobile App Privacy and Usability on Smartphones: Could User Privacy Profiles Help?

December 2013: Our WWW2014 article on Reconciling Mobile App Privacy and Usability on Smartphones: Could User Privacy Profiles Help? is now available as a Tech Report (CMU-CS-13-128/CMU-ISR-13-114)


People at the FTC tell us that our mobile app privacy research influenced their decision to go after Brightest Flashlight.

December 2013: A settlement has now been reached – see the FTC consent order


CyLab seminar: Mobile App Security and Privacy: An Overview of Recent Research Results and their Implications

November 2013


Our Usable Privacy Policy Project is featured on CMU’s homepage

October 2013


Jialiu Lin defends her dissertation on “Understanding and Capturing People’s Mobile App Privacy Preferences”. Congrats Jialiu!

October 2013


Privacy Manipulation and Acclimation in a Location Sharing Application at Ubicomp2013

September 2013: Shomir Wilson presents our joint paper on Privacy Manipulation and Acclimation in a Location Sharing Application at Ubicomp2013 in Zurich.


Our new NSF Frontier project on Usable Privacy Policies is featured in IAPP’s Privacy Advisor

September 2013


First cohort of students enter our new Master’s Program in Privacy Engineering

August 2013


Carnegie Mellon Leads NSF Project To Help People Understand Web Privacy Policies

August 2013: CMU press release about our new NSF Frontier project on Usable Privacy Policies and nice articles in the Pittsburgh Post Gazette and the Pittsburgh Business Times


Awarded one of three large “Frontier” research projects under NSF’s Secure and Trustworthy Computing program

August 2013: See NSF’s press release

Paper at KDD2013

August 2013:
B. Fu, J. Lin, Lei Li, C. Faloutsos, J. Hong, N. Sadeh. Why People Hate Your App – Making Sense of User Feedback in a Mobile App Store


$180,000 research gift from Google

July 2013: The Mobile Commerce Lab receives $180,000 research gift from Google under its “Privacy and Security Focused Program” for our work on “Smart privacy profiles for mobile apps”.


Attending Dagstuhl Seminar on My Life Shared: Trust and Privacy in the Age of Ubiquitous Experience Sharing

July 2013


Expert address on Using Mobile Social Media to Understand the Dynamics of Cities, Hong Kong University

May 2013


Graduating Patrick Gage Kelley (co-advised with Lorrie Cranor): Congrats Patrick!

May 2013


Two papers at CHI’2013 in Paris:

May 2013:

  • P. Gage Kelley, L. Cranor, N. Sadeh, Privacy as Part of the App Decision-Making Process
  • Sleeper, Manya, Justin Cranshaw, Patrick Gage Kelley, Blase Ur, Alessandro Acquisti, Lorrie Cranor, Norman Sadeh. I read my Twitter the next morning and was astonished: A conversational perspective on Twitter regrets

Awarded patent on User-Controllable Learning of Policies

April 2013


The shortage of privacy engineers

March/April 2013: Our article on the shortage of privacy engineers is featured in IEEE Security and Privacy

Awarded a Google app engine

Feb. 2013: Our group was just awarded a Google app engine grant for our work on Livehoods and our Twitter nudging research. Thank you, Google!


Tweets Are Forever: A Large-Scale Quantitative Analysis of Deleted Tweets

Feb. 2013: CSCW2013 presentation by Hazim Almuhimedi of our joint paper Tweets Are Forever: A Large-Scale Quantitative Analysis of Deleted Tweets


Moderating Data Privacy Day Panel on Will the Mobile Web and Social Networking Mark the End of Privacy?

January 28, 2013


Did Your Smartphone Flashlight Rat You Out? Crowdsourcing Privacy Concerns of Mobile Apps

January 2013: CMU press release on our Mobile App Privacy work: Did Your Smartphone Flashlight Rat You Out? Crowdsourcing Privacy Concerns of Mobile Apps . A nice piece in The Red Tape Chronicles and one in the Pittsburgh Tribune Review

Talk at TEDx Yale City 2.0

October 2012

Participating in CyLab Panel Discussion on Cyber Crime and Security organized in conjunction with screening of CODE 2600 documentary film

October 2012

Launching a new inter-disciplinary master’s program to train future Privacy Engineers and Privacy Technology Managers

October 2012

New Master's for Privacy Engineers

CMU press release and a nice article in the Pittsburgh Post Gazette presenting new Privacy Engineering Masters Program

Patrick Gage Kelley Thesis Proposal: 'Designing Privacy Notices Supporting User Understanding and Control'

September 2012: Patrick Gage Kelley (COS PhD student) defends his dissertation on Designing Privacy Notices Supporting User Understanding and Control (Thesis Committee: Lorrie Cranor, Norman Sadeh, Alessandro Acquisti and Sunny Consolvo)

'Understanding Users’ Mental Models of Mobile App Privacy through Crowdsourcing'

September 2012: Ubicomp2012 presentation of our paper on Expectation and Purpose: Understanding Users’ Mental Models of Mobile App Privacy through Crowdsourcing (authors: J. Lin, S. Amini, J. Hong, N. Sadeh, J. Lindqvist, J. Zhang)

Jialiu Lin Thesis Proposal

August 2012: Jialiu Lin (CSD PhD student) presents her thesis proposal on Understanding and Capturing People’s Mobile App Privacy Preferences (Thesis Committee: Jason Hong, Norman Sadeh, Mahadev Satyanarayanan, Sunny Consolvo)

2012 Personal Democracy Forum , Panel on “the SENSEable City”, New York

June 11, 2012

Our Sixth International AAAI Conference on Weblogs and Social Media article on urban computing wins the best paper award

June 2012: See also our livehoods website.

The TAC-SCM competition our e-Supply Chain Management Lab launched with SICS in 2002 will be running its 10th edition in Valencia, Spain

June 2012

Can We Reconcile Privacy and Usability? , Computer Science Seminar Series, HKUST.

May 2012

“Mobile Privacy: Technology and Human Considerations”, Expert Address, Hong Kong University

May 2012

Why Phish Should Not Be Treated as Spam article in Dr. Dobbs

May 2012


Our Livehoods project continues to garner media attention

May 2012: – e.g., see Pittsburgh Post Gazette article , CMU press release, CMU homepage , WTAE interview , Wall Street Journal blog and media coverage abroad (e.g. Heise Online , Wired.it and Haaretz)

Our Livehoods project featured in Atlantic Cities

“Smartphone Security and Privacy: What Should We Teach our Users and How?”, FISSEA 2012, NIST

March 2012


MIT CSAIL seminar

March 2012: User-Controllable Privacy: An Oxymoron? – Slides downloadable below


The Verge: 'How a coke dealer busted by GPS tracking is changing privacy law'

February 21, 2012: Further speculation about the implications of the US Supreme Court’s ruling in US v Jones, including some comments I made on 3rd party doctrine here. See also Wall Street Journal article on FBI turns off thousands of GPS devices after Court ruling

US Supreme Court unanimously agrees with our view...

January 23, 2012 – US Supreme Court unanimously agrees with our view that placing a GPS device under someone’s vehicle constitutes a search & that doing so without a warrant violated the defendent’s privacy. At the same time, they do not address more fundamental issues relating to expectations of privacy – See Supreme Court’s Opinion here and CDT’s statement here.


Wombat Security Technologies featured on CMU’s homepage

January 2012


Google Pittsburgh Seminar: ““From Today’s Android Permission System to Intelligent Security and Privacy Agents”.

December 2011: See also our USEC2012 article on A Conundrum of Permissions: Installing Applications on an Android Smartphone

Panelist APWG’s Annual e-Crime conference, San Diego

November 2011

The Pittsburgh Post Gazette publishes my op-ed on warrantless GPS tracking

November 2011: See also interview in CMU’s Piper

Joined CDT and EFF in amicus brief on warrantless GPS tracking filed with US Supreme Court

October – November 2011: . See also ComputerWorld article and CMU home page coverage

Keynote at Pitney Bowes Mobile Day Symposium

October 2011

Panelist at Qualcomm’s Contextual Awareness Symposium, San Diego

September 2011

Wombat Security Technology, selected as Finalist for Tech 50 Startup of the Year award

July 2011


“Mobile Location Privacy: Why it is Important & Challenging”, Invited lecture, Beihang University, Beijing.

July 2011


Mobile Location Privacy: Forces at Play, Attitudes and Challenges, Expert Address, Hong Kong University

June 2011

Wombat’s SBIR grants mentioned in the Wall Street Journal

June 2011

Stepping down after three years as founding CEO of Wombat Security Technologies

May 2011

EDUCAUSE webinar: Smartphone Privacy and Security: What Should We Teach Users?

April 2011

Norman asks:’ Can Social Networking and Privacy be Reconciled?', CyLab Seminar

March 2011

Michael Benisch (COS PhD student) defends his dissertation

March 2011 – Michael Benisch (COS PhD student) defends his dissertation on Using Expressiveness to Improve the Efficiency of Social and Economic Mechanisms (Thesis Committee: Norman Sadeh, Tuomas Sandholm, Geoff Gordon, Craig Boutilier)

Norman on Data Privacy Day panel at CMU –

January 2011 - See Pittsburgh Post Gazette article

Norman on “Privacy, Location and Social Networking” at Digital Privacy Forum

January 2011

Locaccino featured in MIT Technology Review: Locaccino Shows How Facebook Places Should Work

October 2010

Wombat Security Technologies secures $750,000 contract from US Air Force for Micro-Game Platform for Cyber Security Awareness

October 2010

Michael Benisch, COS Phd student co-advised by Profs. Norman Sadeh and Tuomas Sandholm awarded prestigious Siebel Scholarship

September 2010

Norman talks to TEQ about his experience at CMU and the founding of Wombat Security Technologies

September 2010

Wombat Security Technologies launches PhishGuru?

September 2010 – Using mock phishing attacks to train people to protect themselves from real attacks

NSF Awards $2.7M Grant for Multi-Disciplinary Privacy Research to Acquisti, Cranor and Sadeh

July 2010

Article by Collins, Ketter and Sadeh in Summer issue of AI Magazine reflects on lessons and accomplishments of the Supply Chain Trading Agent Competition

July 2010

Patrick Gage Kelley, COS PhD student co-advised by Profs. Cranor and Sadeh wins prestigious ACM Student Research Competition

June 2010

Norman invited to speak at Mobile Social Networking Asia

May 2010

Norman asks ‘What Will the App Store of the Future Look Like?’ in Expert Address at Hong Kong University

May 2010


Pittsburgh Post-Gazette Startup Zipano sells privacy software to control who can find you

May 2010 – Pittsburgh Post-Gazette Startup Zipano sells privacy software to control who can find you

Wombat Security Technologies Releases New Phyllis Anti-Phishing Training game

May 2010


Wall Street Journal – Locaccino mentioned in ‘As Location Sharing Services Grow, Privacy Concerns Do Too’

March 2010

“User-Controllable Security and Privacy: Lessons from the Design and Deployment of a Family of Location Sharing Applications”, Google seminar series.

March 2010


Focused Research Awards grant professors $2 million for study

February 2010

Cranor, Sadeh and Acquisti receive Google award for privacy research

February 2010 – The New York Times

TechVibe radio interview on combating phishing

November 2009

NSF awards CMU’s Norman Sadeh and Columbia’s Steven Bellovin $1.2M to research new family of user-controllable policy learning technologies for cysber security

Nov. 2009

NSF awards $3M IGERT grant for doctoral program on Usable Security and Privacy

August 2009

Expert Address in Hong Kong

June 2009

User-Controllable Security and Privacy: Are the Expectations Realistic?

May 2009

CMU Podcast on Locaccino

April 2009

Wombat Security Technologies featured as Pennsylvania success story in NewPA

April 2009

Wombat Security Technologies Awarded US Air Force SBIR grant

April 2009

Where Are you Now? – Locaccino on Carnegie Mellon’s homepage

March 2009

Wombat: The Latest CyLab Success Story – CyLab Chronicles

March 2009

Locaccino: Track Location with Privacy, Steve Baker, The Numerati

March 2009

Locaccino Enables the Watched to Watch the Watchers, CyBlog, Richard Power

March 2009

The Mobile Net – Why to Worry About Privacy Regs – BusinessWeek Blogspotting, Stephen Baker

March 2009

Now You Can Track Colleagues and Students on Your Laptop, Chronicle of Higher Education, Jeffrey R. Young

February 2009

Locaccino Now Available as a Facebook App

February 2009 - See also CMU homepage article

Our Anti-Phishing Work featured in Scientific American

December 2008

Q&A with Norman Sadeh – CyLab Chronicles

Fall 2008

“Selective Access and Obfuscation of Enterprise Data”

August 2008 –Keynote, SAP Annual North American Academic Symposium, Palo Alto.

CMieux team wins 2008 Supply Chain Trading Competition Procurement Challenge at AAAI 2008

July 2008

"Capturing and Understanding People’s Privacy Preferences in a Friend Finder Application”

June 2008 – Workshop on Opportunistic RF Localization for Next Generation Wireless Devices, Worcester Polytechnic Institute

“M-Commerce: Stripping e-Retailing to its Essence”, 2008 Internet Retailer Conference & Exhibition, June 2008

June 2008


"Combating Phishing Attacks: A Never-ending Arms Race?”

May 2008: Expert Address, Hong Kong University, May 2008

“Adaptive Supply Chain Trading”, invited speaker, SAP’s Inaugural North American Academic Symposium

June 2007

Norman speaks at ‘Location Meets Social Networking’ event organized by the Advisory Committee to the Congressional Internet Caucus

April 2007

MyCampus Project

October 2006 – MyCampus project featured in mobile commerce article in Pittsburgh Post Gazette

Mobile and Pervasive Commerce: The New Frontier

August 2006 – “Mobile and Pervasive Commerce: The New Frontier”, opening keynote, 8th International Conference on Electronic Commerce (ICEC-06), Fredericton, Canada.

Ambient Intelligence: The MyCampus Experience

*June 2006 – “Ambient Intelligence: The MyCampus Experience”, keynote speaker, 14th IT21 Conference (Theme: “U-Society”), Seoul, Korea, June 2006 – see Korea IT Times article

MyCampus: Research Overview

May 2006 -“MyCampus: Research Overview”, guest speaker, NTT DoCoMo, Yokosuka Research Park, Japan, May 2006

CMieux

April 2006 – CMieux wins Exhibition Supply Chain Trading Competition event at CS50