PUPS: Practical Usable Privacy and Security Lab
Technical privacy systems define what is being protected, from who, and under what conditions this protection will hold. We focus on developing privacy enhancing systems using human-centered design. That is, when developing technical privacy protocols, we take a wider view of privacy. We aim to develop privacy enhancing technologies informed by the end privacy goals of the entities who can be effected by whether their data is used in such systems.
People in PUPS
Currently seeking students (Masters and PhD Students) to start in Fall 2024. In particular, if you are interested in research on human-centered design of privacy-preserving machine learning, consider applying. Projects in this group include human-computer interaction (HCI) studies as well as the design and evaluation of privacy-preserving machine learning protocols.
Application instructions for the University of Alberta graduate studies program can be found here
What is PUPS?
What is practical usable privacy and security? Well, breaking it down a bit, it is made up of the following:
Practical privacy? On one side of practicality, we need to ensure that technical guarantees are enforced and that they can be done with “reasonable” time and resources requirments. A practical privacy system must also have sufficient utility. For instance, if a “privately trained” machine learning model does not achieve a certain level of success (e.g., at classification or generation) it is not able to serve its purpose.
Usable privacy? The usability of a privacy system has several facets to it. It includes aspects of what users actually do and what do they want to do. However, it also includes the accessibility of the system. Privacy tools may require additional effort (from the various participating agents) over non-privacy preserving tools and therefore require clear motivation before entities, whether individuals or companies, will choose to use them. Thus, to effective design privacy tools that users will feel encouraged to use, it is necessary to study users awareness, understanding, and motivations. While usability can include efficiency and practicality from a technical standpoint, private computation must inspire trust and match the expectations of the data subjects to ensure their continued consent to the use of their data in such computations.
Privacy and security? While privacy and security are not equivalent concepts, when speaking of technical systems, an insecure system can lead to privacy violations. Therefore, when working to design technical systems for privacy, we must also consider the security aspects of it.