Cookies: Tech Security & Privacy

Does anyone actually read privacy policies? What's in them, and why can't we usually understand them? On our second season finale, we’ll talk with Professor Lorrie Cranor, director of the CyLab Usable Privacy and Security Laboratory at Carnegie-Mellon University. The lab brings together more than 100 faculty from across campus to study security and privacy and help shape public policy in those areas. One of her specialties is how humans interact with security and privacy technologies, to make sure the mechanisms we build are not just secure in theory, but are actually things that we can use. Her TED Talk about password security has been viewed more than 1.5 million times. But today, we’ll talk about another pesky aspect of our digital lives – privacy policies, those mysterious terms and conditions we sign off on – often without reading them -- before we can use an app on our smartphone or laptop. 

Annette Zimmermann makes the provocative argument that there are times it might be better to take cutting-edge artificial intelligence tools and leave them unused. Annette is a political philosopher working on the ethics of artificial intelligence and machine learning. She’s a technology and human rights fellow at the Carr Center for Human Rights Policy at Harvard University, and an assistant professor in philosophy at the University of York in the United Kingdom. Annette was previously a postdoc at Princeton’s Center for Information Technology Policy as well as at Princeton's University Center for Human Values. 

Kevin Lee recently co-wrote a fascinating study about how easy it is for an attacker to gain control of another person’s cell phone. From there, the attacker can use the phone’s multi-factor authentication tool – usually a security code provided over a text message -- to do all kinds of damage, including making unauthorized purchases. As part of the study, his research team managed to fool five wireless carriers, including Verizon Wireless, AT&T and T-Mobile, into moving a customer’s account to a different phone’s SIM card without their permission. He’s a doctoral student in computer science at Princeton, affiliated with the Center for Information Technology Policy. 

Are online learning platforms really secure? Mihir Kshirsagar co-wrote a paper that spells out in startling detail everything you’ve wondered about -- but didn’t want to know -- about how online platforms are allowing students to have their personal data exploited as the students use them for online learning. And he discusses the one mistake instructors often make that could compromise the security of their students' data. He has served at the New York Attorney General’s Bureau of Internet and Technology as the lead trial counsel on matters of consumer protection law and technology. 

How can you can improve your privacy in your everyday use of web browsers, email, text messaging and other apps? Our guest is David Sherry, the chief information security officer here at Princeton. He’s responsible for shoring up security at this Ivy League campus of more than 15,000 people. He has 20 years of experience in information security management. He can -- and often does -- speak publicly about how he manages to herd all those cats to make Princeton safer for technology. But today, he’s agreed to provide tips that anyone can use to improve their privacy in their own digital lives. 

Today’s guests have written a study about the Google Search engine, and the subtle – and not-so-subtle – ways in which it shows its bias, and in many ways perpetuates tired old stereotypes. Orestis Papakyriakopoulos is a postdoctoral research associate at Princeton’s Center for Information Technology Policy. His research showcases political issues and provides ideas, frameworks, and practical solutions towards just, inclusive and participatory algorithms. Arwa Michelle Mboya is a research assistant at the MIT Media Lab. She is a virtual reality programmer and researcher who investigates the socio-economic effects of enhanced imagination.  

As a chief computer architect at Hewlett-Packard in the 1980s, Ruby Lee was a leader in changing the way computers are built, simplifying their core instructions so they could do more. And she revolutionized the way computers use multimedia. If you’ve watched a video or streamed music on your computer or smart phone, Ruby had a lot to do with making that possible. In more recent years here at Princeton, her research has focused on security in computer architecture without sacrificing performance, which is what we’ll talk about today. And she’ll discuss why, even though it’s possible to build more secure devices, the marketplace doesn’t demand it. Ruby Lee is the Forest G. Hamrick Professor in Engineering, and Professor of Electrical and Computer Engineering.  

To kick off our second season, we’re honored to welcome Barton Gellman, Princeton Class of 1982. Bart has won multiple Pulitzer Prizes, including for his groundbreaking work with The Washington Post in 2013 to reveal widespread surveillance by the National Security Agency. The stories showed that even though they weren’t the targets, law-abiding American citizens could still find their private email, social media content, and online activity swept up by our national security apparatus. Privacy has long been a passion of Gellman’s, and today we’ll ask him for tips we can use to make our own digital lives more private, from email to text messaging to apps and the cloud. He talks about tradeoffs he’s willing to make to be a full participant in the digital revolution, as well as one popular service he distrusts so much, he vows to delete his account entirely. And we’ll as talk about his book, “Dark Mirror: Edward Snowden and the American Surveillance State.” Bart Gellman was a visiting fellow at Princeton’s Center for Information Technology Policy a few years back.

We take our mobile phones everywhere we go, and it’s become scary easy for services and apps to collect information about our movements. But there are limits to what these technologies can do; they work best outdoors. Our guests today, Yan Shvartzshnaider of NYU and Colleen Josephson, a doctoral student at Stanford, recently wrote a fascinating piece for Princeton's blog, Freedom To Tinker, about how a new technology embedded in the most recent generation of Apple iPhones, has the technology to track the owner's movements, down to the inch, indoors.

Prateek Mittal, associate professor of electrical engineering at Princeton University, is here to discuss his team's research into how hackers can use adversarial tactics toward artificial intelligence to take advantage of us and our data. In the context of self driving cars, think about a bad actor that aims to cause large-scale congestion or even accidents. In the context of social media platforms, think about an adversary that aims to propagate misinformation or manipulate elections. In the context of network systems, think about an adversary that aims to bring down the power grid or disrupt our communication systems. These are examples of using AI against us, which is a focus of Mittal's research. Later, we'll be joined by grad students in his lab, each of whom is leading fascinating research into these tactics and how we might safeguard against them.

When we use the internet, most of us don't think twice about entering our credit card numbers and we don't tend to worry that someone might be looking over our shoulder. Our guest today, Jennifer Rexford, knows better than most how the internet works and what kind of vulnerabilities exist that allow hackers to exploit its weaknesses. She's the Gordon Y.S. Wu professor in engineering, a professor of computer science and the chair of that department here at Princeton. She's won several awards for her research into the way internet traffic is routed. Jen is a 1991 graduate of Princeton with a degree in electrical engineering. She received her Ph. D. from the University of Michigan. She worked at AT&T Labs before joining the Princeton faculty in 2005.

There’s been a lot of anxiety lately about the security of the American balloting infrastructure, but Andrew Appel has been thinking about this question for years. He has research specialties in public policy and security and privacy. He’s a well-known specialist in election technology who is often quoted in the media, and has served as an expert witness on the subject before government committees. He’s famous for having once shown how easy it was to reprogram a popular voting machine to play Pac-Man. In this episode, he discusses how the pandemic has scrambled the situation for the 2020 general election, and how Americans might feel confident with the result of an election held largely by mail. He talks about which in-person voting machines are more secure than others. And he discusses the perils of Internet voting.

While we're using electronic gadgets, apps, platforms and websites, they are often using us as well, including tracking our personal data. The premiere episode of our new podcast features Arvind Narayanan, associate professor of computer science here at the Princeton University School of Engineering and Applied Science. He is a widely recognized expert in the area of information privacy and fairness in machine learning. This conversation was so good, we split it into two episodes. This is the first half of our conversation.   In this half, he discusses “cross-device tracking,” in which one electronic device (say, your work laptop) sends you ads based on your browsing activity on another device (say, your mobile phone). He talks about which web browsers are more likely to allow third-party trackers to record your activity. And he talks about steps you can take to protect yourself against these trackers.  

This is the second half of our conversation with Arvind Narayanan, associate professor of computer science here at the Princeton University School of Engineering and Applied Science. He is a widely recognized expert in the area of information privacy and fairness in machine learning, with a huge Twitter following and a knack for explaining tech privacy matters in terms anyone can understand.  In this half of our conversation, he talks about why he’s so active on Twitter, but not the Facebook platforms. He talks about his research into “over-the-top” set-top devices like Roku and Amazon Fire TV, and how they provide content that looks like television content but takes your data like the Internet apps they are. He has critical things to say about Zoom, the platform so many of us are using to work from home. And he discusses one group of people who have seen their privacy actually improve as a result of social media. 

If you've ever felt like your personal technology devices know you a little too well, this podcast is for you. Here's a short introduction to Cookies: Tech Security & Privacy, brought to you by the Princeton University School of Engineering and Applied Science.