Not too long ago, I had the pleasure of attending the 3rd Annual Symposium on Applications of Contextual Integrity alongside my colleagues Tyler Zhu and Isra Hussain, hosted by the University of Chicago.
First, thank you to the Symposium Chairs, Program Committee, speakers and panelists, and other conference organizers for an incredibly insightful program, which fostered discussion around using Contextual Integrity to reason about privacy, privacy regulation, and formal logics for privacy. While I was unable to attend in-person, the fact that it was partially in-person made it even better (shout-out to Tyler who made it!).
In reflecting on the symposium, there were a few discussion areas that stood out to me and my colleagues:
(1) A panel of experts (Rachel Cummings from Columbia University in the City of New York, Ero Balsa from Cornell Tech, Alexandra Wood from The Berkman Klein Center at Harvard University, and Michael Tschantz from ICSI and University of California, Berkeley) discussed opportunities to apply both Contextual Integrity (CI) and Differential Privacy (DP) to build privacy solutions. DP, which is designed to be context-agnostic, does not by itself determine the appropriate privacy trade-offs for specific contexts. In this discussion, what stood out to us was how CI can inform choice of parameters and decisions around legitimate data use in specific contexts, before the application of DP to a data set.
At Keystone Strategy, we apply both theories across our work and have strong relationships with thought leaders in both communities. We are struck by opportunities for synthesis or collaboration across the two frameworks in how we view practical application of CI and DP moving forward.
(2) Another highlight was the presentation led by Lior Strahilevitz from University of Chicago Law School and Lisa Yao Liu from Columbia Business School on the chilling effects of data breaches. The presented study explored the notion of privacy injury as the distortion of consumer behavior that results in tangible economic losses. This approach is in line with CI’s tenet that inappropriate flow of information creates harm by disrupting the integrity of social domains.
The insights and empirical results are highly interesting, and definitely broadened our thinking at Keystone Strategy when assessing economic implications of privacy matters.
(3) Additionally, we learned from the symposium how Contextual Integrity is being applied to design privacy rules and systems in different domains. Of particular interest is the Transmission Principle (TP) parameter, which refers to the conditions under which information may be transferred or collected. The symposium presenters highlight the challenges of finding and implementing the appropriate TP for each context. Compared to the other CI parameters such as actors and information type, TP is more complex. For example, TPs such as ‘confidentiality,’ ‘ephemerality,’ ‘trust,’ etc., are themselves abstract concepts that may not have clear self-evident definitions, and are also difficult to transcribe from natural language into formal computer systems. Nevertheless, we are excited to see many different perspectives from across disciplines being used to approach this challenge.
Overall, our team left the conference inspired by the critical thought being given to CI applications that directly affect our work at Keystone. We look forward to continuing to engage and further the conversation on practical applications of CI.