Conference on Security and Privacy for the Internet of ThingsA CITP Conference
Date: Friday, October 21, 2016
Time: 9 a.m. – 4 p.m.
Location: Friend Center Convocation Room, Princeton University
This conference will be videotaped and livestreamed.
Conference on Security and Privacy of the Internet of Things
Panel 1 – Consumer Security and Protection
Panel 2 – Security and Privacy in Real-World IoT Deployment
Panel 3 – Data Collection and Sharing
Panel 4 – Toward a Robust and Secure IoT
Please be advised that seating will be on a first come first serve basis, and once the room is filled, we will be directing attendees to an overflow room to watch the livestream. For lunch and a name tag, please register here by Monday, October 17, 2016. If you register after October 17th, you will not be included in the food counts, but please feel free to still attend the conference. (There will not be any food or drinks in the overflow room.)
The Internet of Things (IoT) presents opportunities for innovation in domains ranging from smart homes to smart cities.
Yet, many IoT devices ship with security flaws that put citizens and consumers at risk and create broader security, privacy, and robustness issues. In some cases, for example, IoT vendors have stopped supporting the devices entirely, resulting in malfunctioning (or even non-functioning) IoT devices. Additionally, the proliferation of IoT devices, many of which are controlled from cloud services, allows device vendors to collect—and potentially share—an unprecedented amount data about consumers.
Solutions to these emerging security, privacy, and robustness challenges around IoT will require perspectives, input, and collaboration from technologists and policymakers.
Some of the topics and questions that the conference plans to address include:
- How long can consumers expect to receive software updates and security patches for the devices that they purchase?
- How should manufacturers communicate end-of-life expectations to consumers? What are reasonable end-of-life expectations?
- What are the best ways to guarantee robust device operation in the face of network failures and other network disconnection events?
- What are the possible approaches for addressing “trolley problems” in IoT settings, where software has been programmed to make a particular choice that encodes ethics?
- What are the best technical and policy mechanisms to ensure the security of private data?
- How can IoT technologies best provide users with transparency, control, and choice over how the data from IoT devices are collected, shared, and retained?
- How can we provide better visibility into and control over how their devices communicate with cloud service providers and other third parties?
- To what extent can consumers maintain control over how data from IoT devices is collected, shared, and retained?
- Who should bear the liability or responsibility for ensuring that connected IoT devices remain secure and up-to-date?
- Given that many IoT devices may ship with software vulnerabilities that will never be patched, what are the appropriate ways to deal with these devices?
This conference is co-sponsored by the Center for Information Technology Policy and the Woodrow Wilson School
8:30 a.m. – 9 a.m. – Continental breakfast
9 a.m. – 9:30 a.m. – Welcome: Nick Feamster, Princeton University
9:30 a.m. – 10:45 a.m. – Panel 1: Consumer Security and Protection
Moderator: Margaret Martonosi, Princeton University
Michelle De Mooy, Center for Democracy and Technology
Cora Han, Federal Trade Commission
Ben Zorn, Microsoft
Brett Frischmann, Princeton University and Cardozo Law School
10:45 a.m. – 11 a.m. – Break
11 a.m. – 12:15 p.m. – Panel 2: Security and Privacy in Real-World IoT Deployment
Moderator: Nick Feamster, Princeton University
Jay Dominick, Princeton University
Ben Zevenbergen, Princeton University and Oxford Internet Institute
Ajay Kulkarni, iobeam
Mike Glenn, CableLabs
12:15 p.m. – 1:15 p.m. – Lunch
1:15 p.m. – 2:30 p.m. – Panel 3: Data Collection and Sharing
Moderator: Kyle Jamieson, Princeton University
Seda Gürses, KU Leuven
Travis Hall, National Telecommunications and Information Administration (NTIA)
Arvind Narayanan, Princeton University
Helen Nissenbaum, New York University
2:30 p.m. – 4 p.m. – Panel 4: Toward a Robust and Secure IoT
Moderator: Miguel Centeno, Princeton University
Alissa Cooper, Cisco
Vyas Sekar, Carnegie Mellon University
Keith Winstein, Stanford University
Joe Calandrino, Federal Trade Commission
There will be a short reception immediately following the conference.
If you park on campus, you probably will want to park in Lot 21 and take a Princeton shuttle to the Friend Center; the East Line/East Commuter Line and Campus Circulator run between those stops. Shuttles may be tracked online or through a mobile app with TigerTracker.
There are also metered parking spots and parking garages on campus and nearby in downtown Princeton. The closest parking is usually along William St., Olden St., and Prospect Ave., but you may also reference this parking map.
The closest major airports are Newark Liberty International Airport (EWR) and Philadelphia International Airport (PHL). Trenton-Mercer Airport (TTN) is also nearby but serves a limited number of routes, all flown by Frontier Airlines.
Once you land, please follow the driving or train directions to reach Princeton.
The Princeton Junction is the closest major train stop and is on both the NJ Transit Northeast Corridor Line and the Amtrak Keystone Service and Northeast Regional. These lines all serve New York Penn Station and Newark Airport (if you are flying out of EWR, be sure to get a ticket to Newark Airport, not Newark Penn Station). They also connect to the SEPTA at Trenton Station, and you can take the SEPTA to Philadelphia or other parts of southeastern Pennsylvania.
To reach the Princeton campus from Princeton Junction, you may take a 15-minute cab ride, take a Princeton TigerPAWW bus, or transfer to a small train (the “Dinky”). From TigerPAWW or the Dinky, you may either walk about a mile across campus or take a Princeton shuttle to the Friend Center; the West/West Extension Line, Stanworth Line, and Campus Circulator will take you from Princeton Station (or University Place) to the Friend Center.
It takes about two hours to travel from Princeton to Philadephia, New York Penn Station, or Newark Airport. If you are traveling to Newark Airport, be sure to get a ticket to the airport stop, not to Newark Penn Station.
Local hotels sometimes offer discounted rates for Princeton guests and visitors. If you do not have a car, you also may wish to confirm whether the hotel will have shuttle service to campus when you are staying. Additional information and hotels can be found on the Princeton travel site.
Ten Palmer Square East, Princeton, NJ 0854
The Nassau Inn is within walking distance to campus. Click here for walking directions and a map to the conference from the Nassau Inn.
Residence Inn Princeton at Carnegie Center
3563 US Route 1, Princeton, NJ 08540
Hyatt Place Princeton
3565 US Route 1, Princeton, NJ 08540
Please contact Jean Butcher at email@example.com should you have any questions or require further information.
Miguel Angel Centeno (http://www.princeton.edu/~cenmiga) is Professor of Sociology and International Affairs at Princeton University. From 2003 to 2007, he served as the founding Director of the Princeton Institute for International and Regional Studies. From 1997-2004 he also served as Master of Wilson College at Princeton. He has published many books as author or editor including Democracy within Reason: Technocratic Revolution in Mexico (2nd. 1997), Blood and Debt: War and Statemaking in Latin America (2002), The Other Mirror: Grand Theory and Latin America, (2000), and Essays in Latin American Military History (2006). His latest books are Global Capitalism (Polity 2010) and Discrimination in an Unequal World (Oxford UP 2010). He is currently working on several book projects including: Paper Leviathans: Liberalism in the Iberian World (Penn State Press), and War and Society (Polity). Through the Mapping Globalization project (http://qed.princeton.edu/index.php/MG) he has worked on improving the quantitative scholarship available on globalization. In 2000, he founded the Princeton University Preparatory Program, which provides intensive supplemental training for lower income students in three local high schools. For this work, he was recently awarded the Jefferson Award for Public Service and the Bonner Foundation Award. From 1980 to 1985 he worked in advertising and private marketing consulting dealing with the US Hispanic Market.
He obtained his BA in History in 1980, his MBA in 1987 and his Ph.D. in Sociology in 1990, all from Yale University. He has received grants from the Harry Frank Guggenheim Foundation, the National Science Foundation, the National Endowment for the Humanities, and the Woodrow Wilson Foundation, and has been a Fulbright scholar in Russia and Mexico. He has also been a Visiting Professor in Buenos Aires, Seoul, and the University of Salamanca. In 1997 he was awarded the Presidential Teaching Prize at Princeton University. In 2005 he was elected to the Sociological Research Association as well as the Comparative Historical Section Council of the ASA.
Dr. Alissa Cooper is a Distinguished Engineer in the Collaboration Technology Group at Cisco Systems, where she is responsible for driving privacy and policy strategy within the company’s portfolio of real-time collaboration products, including voice and video conferencing, messaging, and web conferencing. Alissa focuses on ensuring that Cisco’s collaboration products meet high standards for privacy, data protection, and data sovereignty and accommodate regulatory and compliance requirements across a variety of industry verticals and geographies.
Alissa also represents Cisco externally in technical and policy fora. She currently serves as Applications and Real-Time (ART) area director within the Internet Engineering Task Force (IETF), where she manages the standardization and maintenance of key real-time technologies, including WebRTC, SIP, and XMPP. She was also the chair of the IANA Stewardship Transition Coordination Group (ICG), which coordinated the transition of of oversight of key Internet resource management functions.
Prior to joining Cisco in 2013, Alissa served as the Chief Computer Scientist at the Center for Democracy and Technology, where she was a leading public interest advocate and technologist on issues related to privacy, net neutrality, and technical standards. Alissa holds a PhD from the Oxford Internet Institute and MS and BS degrees in computer science from Stanford University.
Michelle De Mooy
Michelle De Mooy is Acting Director, Privacy & Data Project at the Center for Democracy & Technology. She advocates for data privacy rights and protections in legislation and regulation, works closely with industry and other stakeholders to investigate good data practices and controls, as well as identifying and researching emerging technology that impacts personal privacy. She leads CDT’s health privacy work, chairing the Health Privacy Working Group and focusing on the intersection between individual privacy, health information and technology. Michelle’s current research is focused on ethical and privacy-aware internal research and development in wearables, the application of data analytics to health information found on non-traditional platforms, like social media, and the growing market for genetic data. She has testified before Congress on health policy, spoken about native advertising at the Federal Trade Commission, and written about employee wellness programs for US News & World Report’s “Policy Dose” blog. Michelle is a frequent media contributor, appearing in the New York Times, the Guardian, the Wall Street Journal, Vice, and the Los Angeles Times, as well as on The Today Show, Voice of America, and Government Matters TV programs.
Before CDT, Michelle worked as a political campaign consultant for M+R Strategic Services, as a development and communications director at a capacity building organization aimed at nonprofits, and in the tech sector in product management and software engineering.
Jay Dominick is Vice President for Information Technology and CIO at Princeton University. He is responsible for information technology infrastructure, administrative computing, academic and research computing and he oversees IT planning for the University. Prior to joining Princeton in 2012, he was CIO at the University of North Carolina at Charlotte. His career in Higher Ed IT began at Wake Forest University where he started as the Network Manager in 1992, becoming the University’s first CIO in 1996. He has particular interests in regional high speed networking, mobile computing and electronic textbook systems. Dr. Dominick holds a Ph.D. in Information Science and a BS in Mathematical Sciences from UNC Chapel Hill, an MBA from Wake Forest University and an MA from Georgetown University.
Nick is currently serving as the acting director of CITP from June 1, 2015 to December 31, 2016. Nick is also a professor in the Computer Science Department at Princeton University. Before joining the faculty at Princeton, he was a professor in the School of Computer Science at Georgia Tech. He received his Ph.D. in Computer science from MIT in 2005, and his S.B. and M.Eng. degrees in Electrical Engineering and Computer Science from MIT in 2000 and 2001, respectively. He received the Presidential Early Career Award for Scientists and Engineers (PECASE), the Technology Review “TR35” award, a Sloan Fellowship, and the SIGCOMM Rising Star Award for his contributions to cybersecurity, notably spam filtering. His research focuses on many aspects of computer networking and networked systems, with a focus on network operations, network security, and censorship-resistant communication systems. His research interests overlap with technology policy in the areas of censorship, broadband access networks, and network security and privacy.
Michael is VP of Cybersecurity and leads the security program at CableLabs, a non-profit innovation and R&D consortium for the global cable industry. Michael and his team work on a wide variety of security projects and specifications including DOCSIS, PKI, IoT security, NFV, home networking, carrier and community Wi-Fi, blockchain technologies, DDoS architectures, botnet mitigation, BGP security, and a variety of other projects. Prior to joining CableLabs, Michael was the Director of Cyber Defense at CenturyLink, a global tier 1 ISP. Previously, Michael was the CISO for Qwest Communications, a Fortune 200 telecommunications service provider. He has over 30 years experience in information security, network architecture, software development, operations and engineering.
Seda Gürses is currently a visiting research collaborator at CITP. She was a postdoctoral research associate with CITP from 2015-2016. She works on privacy and requirements engineering, privacy enhancing technologies and surveillance. Prior to her time here she was a post-doctoral fellow at the Media, Culture and Communications Department at NYU Steinhardt and at the Information Law Institute at NYU Law School, where she was also part of the Intel Science and Technology Center on Social Computing. She completed her Ph.D. at the University of Leuven, where she was a member of the Privacy and Identity Management Group at COSIC in the Department of Electrical Engineering.
Travis is a Telecommunications Policy Analyst for the NTIA’s Office of Policy and Development. He focuses his research on surveillance and consumer privacy.
Travis received his PhD in Media, Culture and Communication from New York University. His dissertation reasearch focused on the cultural contexts and histories of state indentification programs, such as those using bodily features like biometrics or tatoos. He has furthered this research into consulting work with advocacy groups, academic institutions and private companies on the implications of identification technologies and their privacy standards.
Travis now lecturers on his research findings and has written multiple internationally recognized papers. Recently, he served as an Associate Researcher at the Humbolt Institute for Internet and Society in Berlin, Germany studying surveillance techniques of the East German government. This research was part of a larger study on identity management in global Internet Governance regulations and proposals.
Cora Han is a senior attorney in the Federal Trade Commission’s Division of Privacy and Identity Protection where she investigates and prosecutes violations of federal laws protecting the privacy and security of consumer information, and works on related policy matters. She organized the FTC’s recent seminar on Consumer Generated and Controlled Health Data, and her law enforcement actions include the Commission’s settlement with Facebook. In addition, Cora was one of the principal authors of the FTC’s Health Breach Notification Rule. Prior to joining the FTC, Cora was an attorney with WilmerHale, where her practice focused on trademark, copyright, and media law.
Kyle Jamieson is an Assistant Professor in the Department of Computer Science at Princeton University. Before joining Princeton in 2015, Kyle was on the faculty at University College London. Kyle’s research interests are in building wirelessly networked systems for the real world that cut across the boundaries of digital communications and networking. He received the B.S. (2001), M.Eng. (2002), and Ph.D. (2008) degrees in Computer Science from the Massachusetts Institute of Technology. He then received a Starting Investigator fellowship from the European Research Council in 2011, Best Paper awards at USENIX 2013 and CoNEXT 2014, and a Google Faculty Research Award in 2015. He regularly serves on the program committees of the ACM MobiCom, USENIX NSDI, and ACM SIGCOMM conferences.
Ajay Kulkarni is the CEO and Co-founder of iobeam, the first time-series database and analytics service specifically designed for connected hardware. iobeam’s team of top researchers and engineers is based in NYC, Stockholm, and LA, and is backed by top tier investors with a track record of success in the industry. Ajay’s previous startup, Sensobi, was acquired in 2011 by GroupMe/Skype/Microsoft. Ajay led the mobile team at GroupMe, which grew to millions of daily users and billions of monthly messages over a short period of time. His past experience includes roles at Microsoft, Citigroup, and several startups. He holds Bachelors, Masters degrees from MIT in Computer Science, and an MBA from the MIT Sloan School of Management.
Margaret has been on the faculty since 1994. In 2011, she served as acting director of Princeton’s Center for Information Technology Policy (CITP). She also holds an affiliated faculty appointment in Princeton EE. From 2005-2007, she served as associate dean for Academic Affairs for the Princeton University School of Engineering and Applied Science. Margaret’s research interests are in computer architecture and the hardware-software interface, with particular focus on power-efficient systems and mobile computing. Her work has included the development of the Wattch power modeling tool, the first architecture level power modeling infrastructure for superscalar processors. In the field of mobile computing and sensor networks, Martonosi led the Princeton ZebraNet project, which included two real-world deployments of tracking collars on zebras in Central Kenya. Her current research focuses on power-performance tradeoffs in parallel systems ranging from chip multiprocessors to large-scale data centers. Margaret is a fellow of both IEEE and ACM. In 2010, she received Princeton University’s Graduate Mentoring Award. In addition to many archival publications, Martonosi is an inventor on six granted US patents, and has co-authored a technical reference book on power-aware computer architecture. She serves on the Board of Directors of the Computing Research Association (CRA), CRA-W, and ACM SIGARCH. Martonosi completed her Ph.D. at Stanford University, and also holds a Master’s degree from Stanford and a bachelor’s degree from Cornell University, all in Electrical Engineering.
Arvind (Ph.D. 2009) is an assistant professor of Computer Science at Princeton. He studies information privacy and security and has a side-interest in technology policy. His research has shown that data anonymization is broken in fundamental ways, for which he jointly received the 2008 Privacy Enhancing Technologies Award. Narayanan leads the Princeton Web Transparency and Accountability project that aims to uncover how companies are collecting and using our personal information. He also studies the security and stability of Bitcoin and cryptocurrencies. Arvind is an affiliated faculty member at the Center for Information Technology Policy at Princeton and an affiliate scholar at Stanford Law School’s Center for Internet and Society. You can follow him on Twitter at @random_walker.
Helen Nissenbaum is Professor of Media, Culture, and Communication, and Computer Science, at New York University, where she is also Director of the Information Law Institute. Her eight books include Obfuscation: A User’s Guide for Privacy and Protest, with Finn Brunton (MIT Press, 2015), Values at Play in Digital Games, with Mary Flanagan (MIT Press, 2014), and Privacy in Context: Technology, Policy, and the Integrity of Social Life (Stanford, 2010). Her research has been published in journals of philosophy, politics, law, media studies, information studies, and computer science. Grants from the National Science Foundation, Air Force Office of Scientific Research, and the U.S. Department of Health and Human Services Office of the National Coordinator have supported her work on privacy, trust online, and security, as well as studies of values embodied in design, search engines, digital games, facial recognition technology, and health information systems.
Recipient of the 2014 Barwise Prize of the American Philosophical Association, Prof. Nissenbaum has contributed to privacy-enhancing software, including TrackMeNot (for protecting against profiling based on Web search) and AdNauseam (protecting against profiling based on ad clicks). Both are free and freely available.
Nissenbaum holds a Ph.D. in philosophy from Stanford University and a B.A. (Hons) from the University of the Witwatersrand. Before joining the faculty at NYU, she served as Associate Director of the Center for Human Values at Princeton University.
Vyas Sekar is an Assistant Professor in the ECE Department at CMU. His research interests lie at the intersection of networking, security, and systems. He received his Ph.D. from the Computer Science Department at Carnegie Mellon University in 2010. He earned his bachelor’s degree from the Indian Institute of Technology Madras, where he was awarded the President of India Gold Medal. His work has been recognized with best paper awards at ACM SIGCOMM, ACM CoNext, and ACM Multimedia.
Keith Winstein is an assistant professor at Stanford University. From 2011–2014, he completed his Ph.D. at MIT, advised by Hari Balakrishnan. Previously, he spent a year at Ksplice, Inc., a startup company (now part of Oracle Corp.) where he was the vice president of product management and business development and also cleaned the bathroom. Before that, he worked for three years as a staff reporter at The Wall Street Journal, covering health care, medicine, science and technology. He did his undergraduate work at MIT, where he received a B.S. (2004) and M.Eng. (2005) in electrical engineering and computer science. He also received an E.E. degree in 2014.
Ben Zevenbergen is a visiting research scholar at the CITP. His work is mostly multidisciplinary investigations in the ethical, social, and legal impacts of Internet technologies, and vice versa. At CITP he is working on case studies to further develop a framework and theory about the design of Internet projects that take social functional requirements into account in a meaningful way.
Ben is currently working on a Ph.D. at the Oxford Internet Institute where he uses socio-legal methods to investigate the upcoming field of privacy engineering. Next to his doctoral work, Ben been working actively with computer scientists and network engineers to develop a set of guidelines of ethics in networked systems research.
Before returning to academia, Ben was a policy advisor to a politician in the European Parliament, working on Europe’s Digital Agenda and other Internet policy. Previously, Ben worked as an ICT/IP lawyer and policy consultant in the Netherlands. Bendert holds a degree in law, specializing in Information Law.
I am a Principal Researcher and co-manager of the Research in Software Engineering (RiSE) group in Microsoft Research, Redmond Washington, a group of over 30 researchers and developers working on programming languages and software engineering. Previously, I was an Associate Professor of Computer Science at the University of Colorado from 1990-1998. I have a BS from Rensselaer Polytechnic Institute (1982) and an MS (1984) and PhD (1989) from the University of California at Berkeley. My research interests include programming language design and implementation and performance measurement and analysis.
I have served as an Associate Editor of the ACM journalsTransactions on Programming Languages and Systems and Transactions on Architecture and Code Optimization and I am currently a member of the ACM SIGPLAN Executive Committee. I have also served as the Program Chair (1999) and General Chair (2010) of PLDI and am currently serving as a member of the Computing Community Consortium (CCC) Council. For further information about my research and professional activities, please see my vita.