All Times on this page are UTC-10 (Honolulu)
Other timezones can be found here: UTC, UTC+1, UTC+2, UTC+3, UTC+4, UTC+5, UTC+6, UTC+7, UTC+8, UTC+9, UTC+10, UTC+11, UTC+12, UTC-1, UTC-2, UTC-3, UTC-4, UTC-5, UTC-6, UTC-7, UTC-8, UTC-9, UTC-10, UTC-11, UTC-12
Conference Schedule
3:15
Welcome to PETS Online (Rochester Room)
3:30
Opening remarks (Rochester Room) (video),
3:40
Mini-Break
3:50
Session 1A: Private Machine Learning
3:50–5:20 Scaling up Differentially Private Deep Learning with Fast Per-Example Gradient Clipping (video) DPlis: Boosting Utility of Differentially Private Deep Learning via Randomized Smoothing (video) Differentially Private Naive Bayes Classifier using Smooth Sensitivity (video) privGAN: Protecting GANs from membership inference attacks at low cost to utility (video)Session 1B: Cryptography
3:50–5:20 Faster homomorphic comparison operations for BGV and BFV (video) Controlled Functional Encryption Revisited: Multi-Authority Extensions and Efficient Schemes for Quadratic Functions (video) Private Stream Aggregation with Labels in the Standard Model (video) Mercurial Signatures for Variable-Length Messages (video)Session 1C: Privacy Policies
3:50–5:20 Automated Extraction and Presentation of Data Practices in Privacy Policies (video) Data Portability between Online Services: An Empirical Analysis on the Effectiveness of GDPR Art. 20 (video) Privacy Preference Signals: Past, Present and Future (video) Unifying Privacy Policy Detection (video)5:20
Poster Session 1 and Break
5:20–6:006:00
Session 2A: Data Privacy I
6:00–7:30 Differential Privacy at Risk: Bridging Randomness and Privacy Budget (video) Growing synthetic data through differentially-private vine copulas (video) SoK: Managing Longitudinal Privacy of Publicly Shared Personal Online Data (video) DyPS: Dynamic, Private and Secure GWAS (video)Session 2B: Multiparty Private Machine Learning I
6:00–7:30 SoK: Privacy-Preserving Collaborative Tree-based Model Learning (video) Secure Training of Decision Trees with Continuous Attributes (video) SoK: Privacy-Preserving Computation Techniques for Deep Learning (video) Falcon: Honest-Majority Maliciously Secure Framework for Private Deep Learning (video)Session 2C: Privacy Preferences
6:00–7:30 Validity and Reliability of the Scale Internet Users’ Information Privacy Concerns (IUIPC) (video) "Warn Them" or "Just Block Them"?: Comparing Privacy Concerns of Older and Working Age Adults (video) "Did you know this camera tracks your mood?": Modeling People's Privacy Expectations and Preferences in the Age of Video Analytics (video) "I would have to evaluate their objections": Privacy tensions between smart home device owners and incidental users (video)7:30
Poster Session 2 and Break
7:30–8:107:45
PETS Happy Hour 7:45–9:00
Welcome to PETS meet-and-greet Karaoke and Open Mic! Privacy-Themed Movie Night (The Great Hack) Open Unconference Sessions Games15:00
PETS After Dark (in the US) Poster Session & Mingle
Ask Me Anything (AMA) with Ian Goldberg! Privacy-Themed Movie Night (The Great Hack) Open Unconference Sessions PETS Rewind and Poster Session Games3:30
Session 3A: Data Privacy II
3:30–5:00 Privacy-Preserving Multiple Tensor Factorization for Synthesizing Large-Scale Location Traces with Cluster-Specific Features (video) Face-Off: Adversarial Face Obfuscation (video) FoggySight: A Scheme for Facial Lookup Privacy (video) On the (Im)Practicality of Adversarial Perturbation for Image Privacy (video)Session 3B: Multiparty Private Machine Learning II
3:30–5:00 SoK: Efficient Privacy-preserving Clustering (video) Scalable Privacy-Preserving Distributed Learning (video) Efficient homomorphic evaluation of k-NN classifiers (video) Privacy-Preserving Approximate k-Nearest-Neighbors Search that Hides Access, Query and Volume Patterns(video)Session 3C: Privacy Behaviors
3:30–5:00 The Role of Privacy in Digitalization – Analyzing Perspectives of German Farmers (video) Digital inequality through the lens of self-disclosure (video) "We, three brothers have always known everything of each other": A Cross-cultural Study of Sharing Digital Devices and Online Accounts (video) The Motivated Can Encrypt (Even with PGP) (video)5:00
Poster Session 3 and Break
5:00–5:405:40
Keynote: Shipping Privacy Enhancing Technologies to a Billion Devices (Rochester Room)
Erik Neuenschwander 5:40–7:10 Abstract: At Apple, we believe that privacy is a fundamental human right. This talk will discuss how Apple has innovated and shipped privacy enhancing technologies to a billion devices including Private Federated Learning, and the forthcoming iCloud Private Relay. Erik Neuenschwander is Apple’s Director of User Privacy, in charge of privacy engineering efforts across Apple’s products and services. Erik’s organization supports teams throughout the company to design amazing experiences with groundbreaking privacy protections, delivering features like Intelligent Tracking Prevention and Differential Privacy, as well as privacy-forward services like Apple News and Maps. The User Privacy team focuses on privacy by default, including data minimization, technical limits on data use, application of data protection, on-device processing, and privacy-preserving technologies. Erik has over eighteen years of experience in software technology including roles at Casio, Microsoft, and Apple. He holds a B.S. in Symbolic Systems and an M.A. in Philosophy from Stanford University and was a Teaching Fellow in Stanford’s Computer Science department.7:10
Break
7:30
Town Hall (Rochester Room) (video)
8:30
PETS Happy Hour
LGBTQIA+ Meet Up Karaoke and Open Mic! Virtual Escape Room Open Unconference Sessions Games15:00
PETS After Dark (in the US) Poster Session & Mingle
Ask Me Anything (AMA) with Jeremy Epstein! Open Unconference Sessions PETS Rewind and Poster Session Games3:30
Session 4A: Privacy Attacks
3:30–5:00 Genome Reconstruction Attacks Against Genomic Data-Sharing Beacons (video) DNA Sequencing Flow Cells and the Security of the Molecular-Digital Interface (video) Supervised Authorship Segmentation of Open Source Code Projects (video) Revisiting Membership Inference Under Realistic Assumptions (video)Session 4B: Applied Cryptography I
3:30–5:00 CrowdNotifier: Decentralized Privacy-Preserving Presence Tracing (video) EL PASSO: Efficient and Lightweight Privacy-preserving Single Sign On (video) SGX-MR: Regulating Dataflows for Protecting Access Patterns of Data-Intensive SGX Applications (video) Residue-Free Computing (video)Session 4C: Privacy Awareness
3:30–5:00 Exploring Mental Models of the Right to Informational Self-Determination of Office Workers in Germany (video) Awareness, Adoption, and Misconceptions of Web Privacy Tools (video) Defining Privacy: How Users Interpret Technical Terms in Privacy Policies (video) Managing Potentially Intrusive Practices In The Browser: A User-Centered Perspective (video)5:00
Poster Session 4 and Break
5:00–5:405:40
Session 5A: Web Tracking
5:40–7:10 A calculus of tracking: theory and practice (video) Déjà vu: Abusing Browser Cache Headers to Identify and Track Online Users (video) ML-CB: Machine Learning Canvas Block (video) Unveiling Web Fingerprinting in the Wild Via Code Mining and Machine Learning (video)Session 5B: Applied Cryptography II
5:40–7:10 SoK: Privacy-Preserving Reputation Systems (video) Fast Privacy-Preserving Punch Cards (video) Unlinkable Updatable Hiding Databases and Privacy-Preserving Loyalty Programs (video) You May Also Like... Privacy: Recommendation Systems Meet PIR (video)Session 5C: Internet of Things Privacy
5:40–7:10 The Audio Auditor: User-Level Membership Inference in Internet of Things Voice Services (video) Real-time Analysis of Privacy-(un)aware IoT Applications (video) Blocking Without Breaking: Identification and Mitigation of Non-Essential IoT Traffic (video) Defending Against Microphone-Based Attacks with Personalized Noise (video)7:10
Poster Session 5 and Break
7:10–7:507:50
Rump Session (Rochester Room)
7:50–9:00
9:00
PETS Happy Hour
Privacy-Themed Movie Night (The Social Dilemma) Women in PETS Accessible “Privacy Facts” Labels Karaoke and Open Mic! Open Unconference Sessions Games15:00
PETS After Dark (in the US) Poster Session & Mingle
Building and Deploying PETS Privacy-Themed Movie Night (The Social Dilemma) Karaoke and Open Mic! Open Unconference Sessions Games3:30
Session 6A: Censorship and Certificates
3:30–5:00 Too Close for Comfort: Morasses of (Anti-) Censorship in the Era of CDNs (video) A First Look at Private Communications in Video Games using Visual Features (video) Privacy-Preserving & Incrementally-Deployable Support for Certificate Transparency in Tor (video) LogPicker: Strengthening Certificate Transparency against covert adversaries (video)Session 6B: Cryptography and Cryptocurrencies
3:30–5:00 SwapCT: Swap Confidential Transactions for Privacy-Preserving Multi-Token Exchanges (video) HashWires: Hyperefficient Credential-Based Range Proofs (video) Gage MPC: Bypassing Residual Function Leakage for Non-Interactive MPC (video) Foundations of Ring Sampling (video)Session 6C: Mobile Privacy
3:30–5:00 zkSENSE: A Friction-less Privacy-Preserving Human Attestation Mechanism for Mobile Devices (video) Less is More: A privacy-respecting Android malware classifier using federated learning (video) Three Years Later: A Study of MAC Address Randomization In Mobile Devices And When It Succeeds (video) Who Can Find My Devices? Security and Privacy of Apple's Crowd-Sourced Bluetooth Location Tracking System (video)5:00
Poster Session 6 and Break
5:00–5:405:40
Session 7A: Website Fingerprinting
5:40–6:50 Website Fingerprinting in the Age of QUIC (video) GANDaLF: GAN for Data-Limited Fingerprinting (video) Domain name encryption is not enough: privacy leakage via IP-based website fingerprinting (video)Session 7B: Secure Multiparty Computation
5:40–6:50 Fortified Multi-Party Computation: Taking Advantage of Simple Secure Hardware Modules (video) Secure integer division with a private divisor (video) Multiparty Homomorphic Encryption from Ring-Learning-With-Errors (video)Session 7C: DNS and Privacy
5:40–6:50 Oblivious DNS over HTTPS (ODoH): A Practical Privacy Enhancement to DNS (video) The CNAME of the Game: Large-scale Analysis of DNS-based Tracking Evasion (video) Holes in the Geofence: Privacy Vulnerabilities in "Smart" DNS Services (video)6:50
Poster Session 7 and Break
6:50–7:307:30
Awards Session (Rochester Room) (video),
7:50
Closing Remarks (Rochester Room)
8:00
PETS Happy Hour
Ask Me Anything (AMA) with Roger Dingledine of Tor! PETS Pet Gala Open Unconference Sessions Games15:00
PETS After Dark (in the US) Poster Session & Mingle
Censorship Resistance with David Fifield PETs for defending dissent Open Unconference Sessions PETS Rewind and Poster Session Games3:30
Opening remarks (Rochester Room)
3:35
Session 1
3:35–4:50 Rochester Room Leveraging Strategic Connection Migration-Powered Traffic Splitting for PrivacyAbstract: Network-level adversaries have been developing increasingly sophisticated techniques to perform surveillance and exert control over user traffic. We present a novel Connection Migration Powered Splitting (CoMPS) framework to construct multiple new defenses against various traffic analysis attacks. CoMPS limits the amount of information a particular adversary can observe on the network by performing traffic splitting within individual sessions. CoMPS is the first to fully support mid-session traffic splitting across heterogeneous network paths and protocols, without the need for deploying additional network infrastructure. CoMPS is not only readily deployable with any protocol supporting connection migration (e.g., QUIC, WireGuard, and Mosh), but incurs very little overhead.
We implement a working prototype of CoMPS and use CoMPS to develop a novel defense against website fingerprinting attacks. To evaluate the effectiveness of our defense, we use both simulated splitting data and web traffic that is split real-time using our prototype. Our defense outperforms other state-of-the-art web fingerprinting defenses against a powerful, adaptive adversary, while incurring smaller overhead (decreasing throughput by just 7%). We also propose this framework for other network privacy use cases, such as censorship circumvention.
Honest-but-Curious Nets: Sensitive Information about Private Inputs can be Secretly Coded into the Outputs of Machine Learning ClassifiersAbstract: It is known that deep neural networks, trained for the classification of a non-sensitive target attribute, can reveal sensitive attributes of their input data; through features of different granularity extracted by the classifier. We, taking a step forward, show that deep classifiers can be trained to secretly encode a sensitive attribute of users' input data, at inference time, into the classifier's outputs for the target attribute. An attack that works even if users have a white-box view of the classifier, and can keep all internal representations hidden except for the classifier's estimation of the target attribute. We introduce an information-theoretical formulation of such adversaries and present efficient empirical implementations for training honest-but-curious (HBC) classifiers based on this formulation: deep models that can be accurate in predicting the target attribute, but also can utilize their outputs to secretly encode a sensitive attribute. Our evaluations on several tasks in real-world datasets show that a semi-trusted server can build a classifier that is not only perfectly honest but also accurately curious. Our work highlights a vulnerability that can be exploited by malicious machine learning service providers to attack their user's privacy in several seemingly safe scenarios; such as encrypted inferences, computations at the edge, or private knowledge distillation. We conclude by showing the difficulties in distinguishing between standard and HBC classifiers and discussing an extension of this attack to a more general setting where, by allowing a few more queries, an attacker cannot only infer a sensitive attribute, but it also can (approximately) reconstruct the whole private input.
Adversarial Detection Avoidance Attacks: Evaluating the robustness of perceptual hashing-based client-side scanningAbstract: End-to-end encryption (E2EE) in messaging platforms enable people to securely and privately communicate with one another. Its widespread adoption has however raised concerns that illegal content might now be shared undetected. Following the global pushback against key escrow systems, client-side scanning based on perceptual hashing has been recently proposed by governments and researchers to detect illegal content in E2EE communications. In this talk, we will present what is to the best of our knowledge the first framework to evaluate the robustness of perceptual hashing-based client-side scanning. We will describe a new class of detection avoidance attacks and show current systems to not be robust.
More specifically, we will present a general black-box attack against any perceptual hashing algorithm and two white-box attacks for discrete cosine-based algorithms. We show perceptual hashing-based client-side scanning mechanisms to be highly vulnerable to detection avoidance attacks in a black-box setting. We show in a large-scale evaluation that more than 99.9% of images can be successfully attacked while preserving the content of the image. Furthermore, we show our attack to generate diverse perturbations, strongly suggesting that straightforward mitigation strategies would be ineffective. Finally, we show that the larger thresholds necessary to make the attack harder would probably require more than one billion images to be flagged and decrypted daily, raising strong privacy concerns. Taken together, our results shed serious doubts on the robustness of perceptual hashing-based client-side scanning mechanisms currently proposed by governments, organizations, and researchers around the world.
4:50
Break
5:15
PETs and DPAs: perfect is the enemy of good
Marit Hansen 5:15–6:15 Rochester Room Abstract: The European General Data Protection Regulation (GDPR) has changed the data protection regime throughout Europe, and, in a globalised world, it also affects data controllers outside the EU. Article 25 of the GPDR demands data protection by design and by default. Is now everybody legally required to use PETs? Will there be sanctions for those who ignore Article 25? Are data controllers obliged to go for the perfect solution with the highest data protection guarantees? In her talk, Marit will answer those questions and show which role PETs play in the daily work of Data Protection Authorities (DPAs). Obviously, today's IT is still lacking built-in data protection: How can this change? Marit will give some insight from the perspective of DPAs to point out what (else) is needed to effectively promote the idea of data protection by design and what other instruments could complement the endeavors of the different stakeholders to put PETs into practice.Marit Hansen has been the State Data Protection Commissioner of Land Schleswig-Holstein and Chief of Unabhängiges Landeszentrum für Datenschutz (ULD) since 2015. Before being appointed Data Protection Commissioner, she had been Deputy Commissioner for seven years. Within ULD she established the “Privacy Technology Projects” Division and the “Innovation Centre Privacy & Security”.
Since her diploma in computer science in 1995 she has been working on privacy and security aspects. Marit's focus is on “data protection by design” and “data protection by default” from both the technical and the legal perspectives. She often gives talks and has been lecturing at various universities and academies.
6:15
Break
7:15
Session 2
7:15–8:30 Rochester Room CVEs from CNNAbstract: Sometimes ads and analytics libraries behave more in line with malware, doing things like actively circumventing operating system protections, doing home network scans, and encrypting all their strings to be decrypted at runtime. And these libraries are included in apps with hundreds of millions of installs! In this talk, we'll look at sample set of these more extreme behaviours we've found over time and look at what they are doing, and the steps we followed to actually figure out what they are doing.
(Un)clear and (In)conspicuous: The right to opt-out of sale under CCPAAbstract: The California Consumer Privacy Act (CCPA)---which began enforcement on July 1, 2020---grants California users the affirmative right to opt-out of the sale of their personal information. In this work, we perform a series of observational studies to understand how websites implement this right and how this implementation has evolved over the first year. We perform manual analyses of the top 500 U.S. websites and classify how each site implements this new requirement; e also perform automated analyses of the Top 5000 U.S. websites. We find that the vast majority of sites that implement opt-out mechanisms do so with a Do Not Sell link rather than with a privacy banner, and that many of the linked opt-out controls exhibit features such as nudging and indirect mechanisms (e.g., fillable forms). We then perform a pair of user studies with 4357 unique users (recruited from Google Ads and Amazon Mechanical Turk) in which we observe how users interact with different opt-out mechanisms and evaluate how the implementation choices we observed---exclusive use of links, prevalent nudging, and indirect mechanisms---affect the rate at which users exercise their right to opt-out of sale. We find that these design elements significantly deter interactions with opt-out mechanisms---including reducing the opt-out rate for users who are uncomfortable with the sale of their information---and that they reduce users' awareness of their ability to opt-out. Our results demonstrate the importance of regulations that provide clear implementation requirements in order empower users to exercise their privacy rights.
Harm reduction for cryptographic backdoorsAbstract: When law enforcement agencies (LEAs) ask for backdoors in end-to-end encryption systems, most information security professionals' reaction is wholesale rejection. This pushes law LEAs to use zero-day exploits instead, which is harmful to security overall. Perhaps it would be better to have an explicit backdoor mechanism that ensures accountability, and which has safeguards to prevent it being used for mass surveillance.
I propose the following: a provider of a communication service (e.g. Facebook) maintains a publicly readable transparency log, similar to Certificate Transparency, containing all of the law enforcement intercept orders they have received and accepted. Each log entry contains the jurisdiction of the warrant, a code indicating the reason (terrorism, child sexual abuse, etc.), validity start and end date, and a cryptographic commitment to a single device ID that is the target of the warrant. Thus, anybody can see how many warrants are being issued in which jurisdiction and for which reason, but not who their targets are.
To intercept a device, the communication service provider must first add the entry to the log, then send a message to the device that reveals the device ID in the commitment, and a proof that the entry is included in the log. The software on the user's device checks whether the log entry is for its own device ID, and if it is valid, the software silently uploads a cleartext copy of the requested data to the appropriate LEA. This upload feature is essentially identical to the cloud backup feature that is already built into otherwise encrypted messaging apps such as WhatsApp and iMessage; the only effect of the backdoor is to enable this backup, even if it had been disabled by the user.
Additionally, in each jurisdiction there is a trusted oversight board. The service provider reveals the target of each log entry to the oversight board in the appropriate jurisdiction; the board checks that each log entry has a corresponding warrant, and that the warrant is genuine and legal. If the board determines that the system is being abused, it has legal powers to stop it.
Unlike key escrow and other backdoor proposals, this approach ensures the backdoor cannot be used without leaving a public audit trail, and it does not involve any weakening of the cryptographic protocols. There is no single "golden key" that can decrypt all communications. Service providers are forced to be explicit about the jurisdictions in which they will accept warrants. The number of targeted users is public, which gives us reassurance that the system is not being used for mass surveillance.
Moreover, the system is simple enough that non-technical people can understand it. It places more faith in established democratic structures (e.g. the judiciary and our democratically elected representatives) and less trust in unaccountable tech companies. LEAs have a democratic mandate to investigate crimes, and I believe this proposal enables LEAs to do their job, while also protecting the civil liberties that form the foundation of a democratic society.