auditing privacy | SPARTA at UIowa

what is privacy auditing?

Privacy auditing refers to the process of evaluating and assessing an organization's practices, procedures, and systems to ensure compliance with privacy laws, regulations, and industry standards. It involves a systematic examination of an organization's privacy policies, data handling practices, security measures, and data protection controls to identify any gaps, vulnerabilities, or areas of non-compliance related to privacy. The goal is to ensure that personal data is collected, used, stored, and shared in a manner that respects individuals' privacy rights and maintains the confidentiality, integrity, and availability of the data.

At the SPARTA lab, we're interested in developing methodologies and policy recommendations to enable to automated detection of non-compliance with privacy regulations. The research challenge is to satisfy the need for high-quality audits while being denied access to the internals of the systems that are the focus of the audits.

researchers

Rishab Nithyanand

Head Honcho (2018 - )

Computer Science

Mihailis Diamantis

Head Honcho (2023 - )

Law

Maaz Bin Musa

Computer Science
Ph.D. student (2019 - )

Online Privacy

2022 Andreas Pftizmann Award Runner-Up

Chen Sun

Computer Science
Ph.D. student (2023 - )

Online Privacy

Lawrence Deng

Computer Science
Undergraduate researcher (2023 - )

Online Privacy

research output

Peruse the following publications from our lab to learn about our related research and findings.

The Inventory is Dark and Full of Misinformation: Understanding the Abuse of Ad Inventory Pooling in the Ad-Tech Supply Chain

Yash Vekaria, Rishab Nithyanand, and Zubair Shafiq

IEEE Symposium on Security & Privacy, 2024

Bib PDF

@article{Oakland-2024,
  title = {{The Inventory is Dark and Full of Misinformation: Understanding
               the Abuse of Ad Inventory Pooling in the Ad-Tech Supply Chain}},
  author = {Vekaria, Yash and Nithyanand, Rishab and Shafiq, Zubair},
  journal = {IEEE Symposium on Security \& Privacy},
  year = {2024},
}

Forms of Disclosure: The Path to Automated Data Privacy Audits

Mihailis Diamantis, Maaz Bin Musa, Lucas Ausberger, and Rishab Nithyanand

Harvard Journal of Law & Technology (Forthcoming), 2023

Bib PDF

@article{JOLT-2023,
  title = {{Forms of Disclosure: The Path to Automated Data Privacy Audits}},
  author = {Diamantis, Mihailis and Musa, Maaz Bin and Ausberger, Lucas and Nithyanand, Rishab},
  journal = {Harvard Journal of Law \& Technology (Forthcoming)},
  volume = {37},
  number = {3},
  year = {2023},
}

ATOM: A Generalizable Technique for Inferring Tracker-Advertiser Data Sharing in the Online Behavioral Advertising Ecosystem

[Andreas Pfitzmann Award Runner-up]

Maaz Bin Musa, and Rishab Nithyanand

Privacy Enhancing Technologies Symposium (PETS), 2022

Bib PDF

@article{pets-2022,
  title = {ATOM: A Generalizable Technique for Inferring Tracker-Advertiser Data Sharing in the Online Behavioral Advertising Ecosystem},
  author = {Musa, Maaz Bin and Nithyanand, Rishab},
  journal = {Privacy Enhancing Technologies Symposium (PETS)},
  year = {2022},
  award = {Andreas Pfitzmann Award Runner-up},
}

Inferring Tracker-Advertiser Relationships in the Online Advertising Ecosystem using Header Bidding

John Cook, Rishab Nithyanand, and Zubair Shafiq

Privacy Enhancing Technologies Symposium (PETS), 2020

Bib PDF

@article{Cook-PETS2020,
  author = {Cook, John and Nithyanand, Rishab and Shafiq, Zubair},
  journal = {Privacy Enhancing Technologies Symposium (PETS)},
  title = {Inferring Tracker-Advertiser Relationships in the Online Advertising Ecosystem using Header Bidding},
  year = {2020},
  volume = {abs/1907.07275},
}

Apps, Trackers, Privacy, and Regulators: A Global Study of the Mobile Tracking Ecosystem

Abbas Razaghpanah, Rishab Nithyanand, Narseo Vallina-Rodriguez, Srikanth Sundaresan, Mark Allman, Christian Kreibich, and Phillipa Gill

Network and Distributed System Security Symposium (NDSS), 2018

Bib PDF

@article{DBLP:conf/ndss/RazaghpanahNVSA18,
  author = {Razaghpanah, Abbas and Nithyanand, Rishab and Vallina{-}Rodriguez, Narseo and Sundaresan, Srikanth and Allman, Mark and Kreibich, Christian and Gill, Phillipa},
  title = {Apps, Trackers, Privacy, and Regulators: {A} Global Study of the Mobile
                 Tracking Ecosystem},
  journal = {Network and Distributed System Security Symposium (NDSS)},
  year = {2018},
}

Adblocking and Counter Blocking: A Slice of the Arms Race

Rishab Nithyanand, Sheharbano Khattak, Mobin Javed, Narseo Vallina-Rodriguez, Marjan Falahrastegar, Julia E. Powles, Emiliano De Cristofaro, Hamed Haddadi, and Steven J. Murdoch

6th USENIX Workshop on Free and Open Communications on the Internet (FOCI), 2016

Bib PDF

@article{DBLP:conf/uss/NithyanandKJVFP16,
  author = {Nithyanand, Rishab and Khattak, Sheharbano and Javed, Mobin and Vallina{-}Rodriguez, Narseo and Falahrastegar, Marjan and Powles, Julia E. and Cristofaro, Emiliano De and Haddadi, Hamed and Murdoch, Steven J.},
  title = {Adblocking and Counter Blocking: {A} Slice of the Arms Race},
  journal = {6th {USENIX} Workshop on Free and Open Communications on the
               Internet (FOCI)},
  year = {2016},
  crossref = {DBLP:conf/uss/2016foci},
}