Cookies: Tech Security & Privacy

Does anyone actually read privacy policies? What's in them, and why can't we usually understand them? On our second season finale, we’ll talk with Professor Lorrie Cranor, director of the CyLab Usable Privacy and Security Laboratory at Carnegie-Mellon University. The lab brings together more than 100 faculty from across campus to study security and privacy and help shape public policy in those areas. One of her specialties is how humans interact with security and privacy technologies, to make sure the mechanisms we build are not just secure in theory, but are actually things that we can use. Her TED Talk about password security has been viewed more than 1.5 million times. But today, we’ll talk about another pesky aspect of our digital lives – privacy policies, those mysterious terms and conditions we sign off on – often without reading them -- before we can use an app on our smartphone or laptop. 

Annette Zimmermann makes the provocative argument that there are times it might be better to take cutting-edge artificial intelligence tools and leave them unused. Annette is a political philosopher working on the ethics of artificial intelligence and machine learning. She’s a technology and human rights fellow at the Carr Center for Human Rights Policy at Harvard University, and an assistant professor in philosophy at the University of York in the United Kingdom. Annette was previously a postdoc at Princeton’s Center for Information Technology Policy as well as at Princeton's University Center for Human Values. 

Kevin Lee recently co-wrote a fascinating study about how easy it is for an attacker to gain control of another person’s cell phone. From there, the attacker can use the phone’s multi-factor authentication tool – usually a security code provided over a text message -- to do all kinds of damage, including making unauthorized purchases. As part of the study, his research team managed to fool five wireless carriers, including Verizon Wireless, AT&T and T-Mobile, into moving a customer’s account to a different phone’s SIM card without their permission. He’s a doctoral student in computer science at Princeton, affiliated with the Center for Information Technology Policy. 

Are online learning platforms really secure? Mihir Kshirsagar co-wrote a paper that spells out in startling detail everything you’ve wondered about -- but didn’t want to know -- about how online platforms are allowing students to have their personal data exploited as the students use them for online learning. And he discusses the one mistake instructors often make that could compromise the security of their students' data. He has served at the New York Attorney General’s Bureau of Internet and Technology as the lead trial counsel on matters of consumer protection law and technology. 

How can you can improve your privacy in your everyday use of web browsers, email, text messaging and other apps? Our guest is David Sherry, the chief information security officer here at Princeton. He’s responsible for shoring up security at this Ivy League campus of more than 15,000 people. He has 20 years of experience in information security management. He can -- and often does -- speak publicly about how he manages to herd all those cats to make Princeton safer for technology. But today, he’s agreed to provide tips that anyone can use to improve their privacy in their own digital lives. 

Today’s guests have written a study about the Google Search engine, and the subtle – and not-so-subtle – ways in which it shows its bias, and in many ways perpetuates tired old stereotypes. Orestis Papakyriakopoulos is a postdoctoral research associate at Princeton’s Center for Information Technology Policy. His research showcases political issues and provides ideas, frameworks, and practical solutions towards just, inclusive and participatory algorithms. Arwa Michelle Mboya is a research assistant at the MIT Media Lab. She is a virtual reality programmer and researcher who investigates the socio-economic effects of enhanced imagination.  

As a chief computer architect at Hewlett-Packard in the 1980s, Ruby Lee was a leader in changing the way computers are built, simplifying their core instructions so they could do more. And she revolutionized the way computers use multimedia. If you’ve watched a video or streamed music on your computer or smart phone, Ruby had a lot to do with making that possible. In more recent years here at Princeton, her research has focused on security in computer architecture without sacrificing performance, which is what we’ll talk about today. And she’ll discuss why, even though it’s possible to build more secure devices, the marketplace doesn’t demand it. Ruby Lee is the Forest G. Hamrick Professor in Engineering, and Professor of Electrical and Computer Engineering.

To kick off our second season, we’re honored to welcome Barton Gellman, Princeton Class of 1982. Bart has won multiple Pulitzer Prizes, including for his groundbreaking work with The Washington Post in 2013 to reveal widespread surveillance by the National Security Agency. The stories showed that even though they weren’t the targets, law-abiding American citizens could still find their private email, social media content, and online activity swept up by our national security apparatus. Privacy has long been a passion of Gellman’s, and today we’ll ask him for tips we can use to make our own digital lives more private, from email to text messaging to apps and the cloud. He talks about tradeoffs he’s willing to make to be a full participant in the digital revolution, as well as one popular service he distrusts so much, he vows to delete his account entirely. And we’ll as talk about his book, “Dark Mirror: Edward Snowden and the American Surveillance State.” Bart Gellman was a visiting fellow at Princeton’s Center for Information Technology Policy a few years back.