Author Archive

IAPP Hosts Inaugural Privacy Engineering Section Forum

Wednesday, March 21st, 2018

The Privacy Place’s Prof. Annie Antón announced the inaugural International Association of Privacy Professionals (IAPP) Privacy Engineering Section Forum by noting the following:

We are only just beginning to define this emerging field and we want you to be a part of that process. Today, roughly 40 percent of IAPP membership are lawyers who may want to join the Privacy Bar Section. For the remaining majority, we hope a large number will find a home in the Privacy Engineering Section. If your work in any way engages you in either developing, assessing or using methodologies, tools and techniques that seek to engineer privacy into systems, the IAPP Privacy Engineering Section is for you.

Check out this sample job description for privacy engineers. If there’s overlap with your current responsibilities or if you are interested in helping to define or better understand Privacy Engineering, the IAPP Privacy Engineering Section Forum is a great opportunity.  You may also be interested in joining the IAPP or learning more about the IAPP Privacy Engineering Section.

Prof. Antón appointed to the President’s Commission on Enhancing National Cybersecurity

Thursday, April 14th, 2016

President Obama has appointed Professor Annie Antón to be one of twelve members of the Commission on Enhancing National Cybersecurity.  The announcement describes the Commission’s task as follows:

The Commission is tasked with making detailed recommendations on actions that can be taken over the next decade to enhance cybersecurity awareness and protections throughout the private sector and at all levels of Government, to protect privacy, to ensure public safety and economic and national security, and to empower Americans to take better control of their digital security.

She will be serving with an extremely distinguished non-partisan group of experts:

General Keith Alexander, USA (Ret) –  Chairman and CEO of IronNet, and former director of the National Security Agency.

Ajay Banga – president and CEO of MasterCard.

Steven Chabinsky – general counsel and chief risk officer for the cybersecurity technology firm CrowdStrike.

Patrick Gallagher – Chancellor and CEO of the University of Pittsburgh.

Peter Lee – corporate vice president of Microsoft Research.

Herbert Lin – Senior Research Scholar for Cyber Policy and Security at the Center for International Security and Cooperation and a Research Fellow at the Hoover Institution, both at Stanford University.

Heather Murren – private investor and member of the Board of Trustees of the Johns Hopkins University and the Johns Hopkins University Applied Physics Laboratory.

Joe Sullivan – chief security officer at Uber.

Maggie Wilderotter – Chief Executive Officer of Frontier Communications from 2004 to 2015, and then Executive Chairman of the company until April 1, 2016.

Georgia as the Next Cybersecurity Hub

Friday, May 8th, 2015

This week Prof. Annie Antón was a guest on Georgia Public Broadcasting’s On Second Thought to discuss the state of cybersecurity research and the cybersecurity industry in Georgia. You can listen to her segment alone or to the whole program.

Data Privacy Day in Atlanta

Saturday, January 24th, 2015

This Wednesday, January 28th, is data privacy day. The National Cyber Security Alliance is bringing together experts from industry, government, and academia to discuss the implications of future developments in technology for healthcare privacy. The event will be hosted on campus at Georgia Tech and it is titled: Health Privacy in a Fully Connected World: The Loss of Autonomy or Increased Opportunity for Longevity? If you’re interested in attending, tickets are available now.

Editorial on Healthcare Privacy

Saturday, January 24th, 2015

Professors Antón and Swire have an op-ed in the Atlanta Journal Constitution about the increasing importance of protecting healthcare data. It’s difficult to summarize an issue as complex as protecting privacy in healthcare information technologies, but this op-ed does it well.

NSF Grant on Regulatory Compliance Software Engineering

Friday, August 10th, 2012

The National Science Foundation recently awarded researchers from The Privacy Place a grant to work on Regulatory Compliance Software Engineering with UCON_LEGAL! You can read the abstract below. More details are available at

Abstract: Software engineers need improved tools and methods for translating complex legal regulations into workable information technology systems. Compliance with legal requirements is an essential element in trustworthy systems. The research proposed herein will advance the cutting edge for creating more accurate, efficient, and reliable RCSE (Regulatory Compliance Software Engineering), resulting in compliant software systems. System specifications typically concentrate on system-level entities, whereas legal discussions emphasize fundamental rights and obligations discursively. This work bridges three cultures of scholarship and research: software specification, law, and access control. By empowering software developers and policy makers to better understand regulatory texts and the access controls specified within these texts, current and future software systems will be better aligned with the law.

There are three main expected results of this work: (1) Framework, methodology and heuristics to identify UCONLEGAL components in legal texts; (2) extended TLA (Temporal Logic of Actions) rules from UCONABC and mapping of predicates, actions, states, variables and obligations between UCONLEGAL and UCONABC; (3) validated and extended role-based access controls to meet healthcare and financial legal requirements through further development of UCONLEGAL. The impacts of this work are expected to be far reaching; law and regulations govern the collection, use, transfer and removal of information from software systems in many sectors of society, and this research explicitly calls for models and theories for analyzing and reasoning about security and privacy in a regulatory and legal context.

Summary of E-Verify Challenges

Wednesday, May 25th, 2011

If you didn’t get a chance to check out Dr. Antón’s testimony on E-Verify, then you might be interested in her post summarizing the main points for the Center for Democracy and Technology:

Last month, I testified before the House Ways and Means Social Security Subcommittee hearing on the Social Security Administration’s Role in Verifying Employment Eligibility. My testimony focused on the E-Verify pilot system, and the operational challenges the system faces. According to the U.S. Citizenship and Immigration Services website, E-Verify “is an Internet-based system that allows businesses to determine the eligibility of their employees to work in the United States.” The goal of E-Verify – to ensure that only authorized employees can be employed in the U.S. – is laudable. However, the E-Verify pilot system is still in need of major improvements before it should be promoted to a permanent larger-scaled system.

Read the rest on the CDT blog.

Dr. Antón testifies before Congress about E-Verify

Friday, April 15th, 2011

Yesterday afternoon, Dr. Antón testified before the Subcommittee on Social Security of the U.S. House of Representatives Committee on Ways and Means on behalf of the USACM about E-Verify. Here’s part of the official ACM press release on the testimony:

WASHINGTON – April 14, 2011 – At a Congressional hearing today on the Social Security Administration’s role in verifying employment eligibility, Ana I. Antón testified on behalf of the U.S. Public Policy Council of the Association for Computing Machinery (USACM) that the automated pilot system for verifying employment eligibility faces high-stakes challenges to its ability to manage identity and authentication. She said the system, known as E-Verify, which is under review for its use as the single most important factor in determining whether a person can be gainfully employed in the U.S., does not adequately assure the accuracy of identifying and authenticating individuals and employers authorized to use it. Dr. Antón, an advisor to the Department of Homeland Security’s Data Privacy and Integrity Advisory Committee and vice-chair of USACM, also proposed policies that provide alternative approaches to managing identity security, accuracy and scalability.

More information about the hearing, including testimony from other witnesses, is made available by the Subcommittee here, and Dr. Antón’s written testimony is available from the USACM here (PDF).

Dr. Antón previously testified before the House Ways and Means Social Security Subcommittee during the summer of 2007 about the security and privacy of Social Security Numbers.

The Evolution of Internet Users’ Privacy Concerns

Wednesday, July 29th, 2009

The Privacy Place is proud to announce the release of a new technical report by Dr. Annie I. Antón, Dr. Julia B. Earp, and Jessica D. Young detailing the evolution of Internet users’ privacy concerns since 2002. This research has been submitted to IEEE Security and Privacy Magazine, but you can read the detailed technical report on this research today by downloading the full paper here: How Internet Users’ Privacy Concerns Have Evolved Since 2002


In 2002, we established a baseline for Internet users’ online privacy values. Through a survey we found that information transfer, notice/awareness, and information storage were the top online privacy concerns of Internet users. Since this survey there have been many privacy-related events, including changes in online trends and the creation of laws, prompting us to rerun the survey in 2008 to examine how these events may have affected Internet users’ online privacy concerns. In this paper, we discuss the 2008 survey, which revealed that U.S. Internet users top three privacy concerns have not changed since 2002; however, their level of concern within these categories may have been influenced by these privacy-related events. In addition, we examine differences in privacy concerns between U.S. and international respondents.

Data Privacy Day 2009

Wednesday, January 28th, 2009

Last year on January 28th, the first annual Data Privacy Day celebration was held in the United States at Duke University. Today marks the second annual Data Privacy Day, and the celebration has grown dramatically.

Last year, Governor Easley proclaimed January 28th as Data Privacy Day for the state of North Carolina. This year, he proclaimed January Data Privacy Month. North Carolina, Washington, California, Oregon, Massachusetts, and Arizona have also declared January 28th to be state-wide Data Privacy Day. Last but certainly not least, Congressman David Price and Congressman Cliff Stearns introduced House Resolution 31 which was passed on January 26th with a vote of 402 to 0 to make today National Data Privacy Day in the United States. It is truly outstanding to see such strong support in the form of resolutions and proclamations.

The best way to support or celebrate Data Privacy Day is to take action. Since the goal of Data Privacy Day is to promote awareness and education about data privacy, one easy way to act is to check out all the great educational resources made available in conjunction with Data Privacy Day. For example, Google has posted about what it has done to protect privacy and increase awareness of privacy. Microsoft is holding an event tonight and has more information on data privacy on their website.

Here at The Privacy Place, we were once again pleased to have the opportunity to celebrate Data Privacy Day at Duke University by attending the panel discussion on Protecting National Security and Privacy. The panel discussion was extremely well-attended and well-received. This event had a number of sponsors, including Intel who has a fantastic website with extensive information on Data Privacy Day. If you weren’t able to make it to the panel, I would strongly encourage you to check out Intel’s site.

Lastly, Data Privacy Day is all about awareness and education, so be sure to spread the word!

[Update: Fixed the link to the House Resolution that passed on Monday.]