Skip to main content

Event Description

The Federal Trade Commission held its second PrivacyCon conference on January 12, 2017, to bring together a diverse group of stakeholders, including whitehat researchers, academics, industry representatives, consumer advocates, and government regulators, to discuss the latest research and trends related to consumer privacy and data security. The FTC called for research to be presented at the conference.

In addition, this year, the FTC hosted a pre-conference research networking event on the afternoon of January 11, 2017, to provide a platform for government agencies and non-profits that fund or support privacy research to share information about their programs with researchers.

Videos & Slides

Poster Session

PrivacyCon included a lunch poster session in which researchers had poster displays of their work, and were available to discuss their findings.

Research Submissions

View research submitted for PrivacyCON.

Research Completed After PrivacyCON

The FTC welcomes privacy and data security researchers to inform us of their latest findings. The dialogue between researchers and policymakers must continue well after the initial PrivacyCon event.  We invite you to send in your research to if you are interested in discussing your research with us or have further questions.

  • 7:45 am


    9:00 am

    Opening Remarks
    • Edith Ramirez
      Chairwoman, Federal Trade Commission
    9:15 am

    Session 1: Internet of Things and Big Data
    Presentation of Papers

    Peder Magee
    Division of Privacy & Identity Protection, FTC

    10:20 amBreak

    10:35 am

    Session 2: Mobile Privacy
    Presentation of Papers

    • David Choffnes
      Northeastern University
      ReCon: Revealing and Controlling PII Leaks in Mobile Network Traffic
      • co-authors: Jingjing Ren (Northeastern University), Ashwin Rao (University of Helsinki), Martina Lindorfer (SBA Research), Arnaud Legout (Inria, Sophia Antipolis, France)
    • Narseo Vallina-Rodriguez
      IMDEA Networks/International Computer Science Institute
      Illuminating the Third Party Mobile Ecosystem with the Lumen Privacy Monitor
      • co-authors: Abbas Razaghpanah (Stony Brook University), Srikanth Sundaresan (International Computer Science Institute), Christian Kreibich (International Computer Science Institute/Lastline), Phillipa Gill (Stony Brook University), Mark Allman (International Computer Science Institute), Vern Paxson (International Computer Science Institute/ University of California, Berkeley)
    • Sebastian Zimmeck
      School of Computer Science, Carnegie Mellon University
      Automated Analysis of Privacy Requirements for Mobile Apps
      • co-authors: Ziqi Wang (Carnegie Mellon University), Lieyong Zou (Carnegie Mellon University), Roger Iyengar (Washington University in St. Louis), Bin Liu (Carnegie Mellon University), Florian Schaub (University of Michigan), Shomir Wilson (University of Cincinnati), Norman Sadeh (Carnegie Mellon University), Steven M. Bellovin (Columbia University), Joel Reidenberg (School of Law, Fordham University)
    • Primal Wijesekera
      University of British Columbia, Canada; University of California, Berkeley
      The Feasibility of Dynamically Granted Permissions: Aligning Mobile Privacy with User Preferences
      • co-authors: Arjun Baokar (University of California, Berkeley), Lynn Tsai (University of California, Berkeley), Joel Reardon (University of California, Berkeley), Serge Egelman (University of California, Berkeley), David Wagner (University of California, Berkeley), Konstantin Beznosov (University of British Columbia, Canada)

    Justin Brookman

    Office of Technology Research and Investigation, FTC

    11:40 am


    11:55 am

    Session 3: Consumer Privacy Expectations
    Presentation of Papers

    Lorrie Cranor
    Chief Technologist, FTC
    1:00pmLunch and Poster Session

    2:30 pm

    Session 4: Online Behavioral Advertising
    Presentation of Papers

    Kristin Krause Cohen
    Division of Privacy & Identity Protection, FTC

    3:25 pm


    3:40 pm

    Session 5: Information Security
    Presentation of Papers

    • Amin Kharraz
      Northeastern University
      An Automated Approach to Detect Ransomware Attacks
      • co-authors: Sajjad Arshad (Northeastern University), Collin Mulliner (Northeastern University), William Robertson (Northeastern University), Engin Kirda (Northeastern University)
    • Damon McCoy
      New York University
      Investigating Commercial Pay-Per-Install and the Distribution of Unwanted Software
      • co-authors: Kurt Thomas (Google), Juan A. Elices Crespo (Google), Ryan Rasti (Google), Jean-Michael Picod (Google), Cait Phillips (Google), Marc-André Decoste (Google), Chris Sharp (Google), Fabio Tirelo (Google), Ali Tofigh (Google), Marc-Antoine Courteau (Google), Lucas Ballard (Google), Robert Shield (Google), Nav Jagpal (Google), Moheeb Abu Rajab (Google), Panayiotis Mavrommatis (Google), Niels Provos (Google), Elie Bursztein (Google)
    • Mohammad Mannan
      Concordia University, Canada
      Killed by Proxy: Analyzing Client-end TLS Interception Software
      • co-author: Xavier de Carné de Carnavalet (Concordia University, Canada)

    Mark Eichorn
    Division of Privacy & Identity Protection, FTC

    4:35 pm

    Wrap-Up Panel

    • Howard Beales
      The George Washington University
    • Deirdre K. Mulligan
      University of California, Berkeley
    • Andrew Stivers
      Deputy Bureau Director, Bureau of Economics, FTC

    Jessica L. Rich

    Director, Bureau of Consumer Protection, FTC


  • Session 1: Internet of Things and Big Data

    Noah Apthorpe is a doctoral student in the Computer Science Department and the Center for Information Technology Policy at Princeton University.  Mr. Apthorpe is advised by Professor Nick Feamster, and his research focuses on the Internet of Things, networks, and data privacy.  The research presented was funded in part by the Department of Defense through the National Defense Science and Engineering Graduate Fellowship Program, a Google Faculty Research Award, and the National Science Foundation.

    Aleksandra Korolova is a WiSE Gabilan Assistant Professor of Computer Science at University of Southern California (USC), where she does research on algorithms and technologies that enable data-driven innovation while preserving privacy. Prior to joining USC, Dr. Korolova was a Research Scientist at Google, where she co-invented RAPPOR, the first commercial deployment of differential privacy. Dr. Korolova received her Ph.D. in Computer Science from Stanford University. Her Ph.D. thesis, focused on protecting privacy when mining and sharing user data, has been recognized with the 2011-2012 Arthur L. Samuel Thesis Award for the best Ph.D. thesis in the Computer Science department at Stanford. Dr. Korolova is also a co-winner of the 2011 PET Award for exposing privacy violations of microtargeted advertising and a runner-up for the 2015 PET Award for RAPPOR.

    Alethea Lange is a Senior Policy Analyst on the Center for Democracy & Technology’s (CDT) Privacy & Data Project. Her work focuses on empowering users to control their digital presence and working with institutions to use data responsibly. Ms. Lange leads CDT's Digital Decisions project, which is focused on instilling a culture of understanding and awareness of civil rights implications of technology throughout the product design process. Ms. Lange has an M.A. in Applied Economics from Johns Hopkins and B.A. degrees in Political Science and English from the University of Chicago. The research presented was funded by the Center for Technology, Society & Policy and the Center for Long-Term Cybersecurity.

    Peder Magee is a senior attorney in the Division of Privacy and Identity Protection in the Federal Trade Commission’s (FTC) Bureau of Consumer Protection, and he works on a variety of privacy litigation and policy matters. Mr. Magee is the principal author of the March 2012 FTC Report, Protecting Consumer Privacy in an Era of Rapid Change, which sets forth the Commission’s new privacy framework. He is also the principal author of the staff report on the FTC’s self-regulatory principles for online behavioral advertising. From September 2015 to November 2016, Peder was on detail with the U.S. Senate Commerce Committee. Peder received his J.D. from George Washington University and his B.A. from the University of Wisconsin.

    Dillon Reisman is a research engineer with Princeton University's Center for Information Technology Policy (CITP). His research focuses on issues relating to data privacy, web privacy measurement, and technology policy. Before joining CITP, Mr. Reisman was a software engineer on the Google privacy team, where he advised product teams on how to design with privacy in mind and developed infrastructure to better protect user data.  The research presented was funded in part by the Department of Defense through the National Defense Science and Engineering Graduate Fellowship Program, a Google Faculty Research Award, and the National Science Foundation.

    Maria Rerecich is the Director of Electronics Testing at Consumer Reports, where she leads a team of engineers and technicians in evaluating and rating consumer electronics products such as TVs, smartphones, and personal computers. Ms. Rerecich is involved in Consumer Reports’ initiatives to tackle privacy, security, and data issues, focusing in particular on testing Internet of Things devices. Most recently, she led a pilot test of several mobile applications which resulted in an app developer making immediate improvements to protect consumers' data and privacy. Prior to Consumer Reports, she worked for 29 years for Standard Microsystems Corporation in the semiconductor industry and was responsible for integrated circuit design, validation, and product engineering of silicon chips used in personal computers. Ms. Rerecich holds Bachelor's and Master's degrees in Electrical Engineering from Massachusetts Institute of Technology (MIT). The research presented was funded by the Ford Foundation.

    Session 2: Mobile Privacy

    Justin Brookman is Policy Director of the FTC’s Office of Technology Research and Investigation (OTECH). OTECH’s mission is to generate new research into consumer protection issues involving emerging technologies, and to help investigate potential cases involving deceptive or unfair behavior. Prior to joining the FTC, Mr. Brookman was Director of Consumer Privacy at the Center for Democracy & Technology (CDT), a digital rights advocacy organization. Mr. Brookman also previously served as Chief of the Internet Bureau of the New York Attorney General’s office, where he brought consumer protection actions on a wide range of issues, including privacy, free speech, data security, and net neutrality.

    David Choffnes is an assistant professor in the College of Computer and Information Science at Northeastern University. His research is primarily in the areas of distributed systems and networking, focusing on mobile systems and privacy. Much of his work entails crowdsourcing measurement, analysis, and evaluation of Internet systems by deploying software to users at the scale of tens or hundreds of thousands of users. He is a co-author of three textbooks, and his research has been supported by the National Science Foundation, Google, the Data Transparency Lab, M-Lab, and a Computing Innovations Fellowship. The research presented was funded in part by the Data Transparency Lab. 

    Narseo Vallina-Rodriguez is an Assistant Research Professor at IMDEA Networks and a research scientist at the Networking and Security team at the International Computer Science Institute (ICSI) in Berkeley. Narseo received his Ph.D. from the University of Cambridge in 2013. His research has been awarded with a Qualcomm Innovation Fellowship in 2012, the best short paper award at ACM CoNEXT'14, the best paper award at ACM HotMiddlebox'15 and a Data Transparency Lab grant in 2016 for characterizing mobile tracking services with the Lumen Privacy Monitor. The research presented was funded by the National Science Foundation and the Data Transparency Lab.

    Primal Wijesekera is a Ph.D. candidate in the Department of Electrical and Computer Engineering at the University of British Columbia, Canada. Mr. Wijesekera is an affiliate of the Berkeley Laboratory for Usable and Experimental Security (BLUES) at the Department of Electrical Engineering and Computer Sciences (EECS) at the University of California, Berkeley. His Ph.D. work focuses on understanding the contextuality behind user privacy decisions in the context of mobile and on finding systematic approaches to accommodate such requirements. The research presented was funded by the United States Department of Homeland Security’s Science and Technology Directorate, the National Science Foundation, and the Natural Sciences and Engineering Research Council of Canada.

    Sebastian Zimmeck is a postdoc in computer science at Carnegie Mellon University. His research interests are web privacy and security, particularly from a machine learning perspective. Before coming to Carnegie Mellon, Mr. Zimmeck studied computer science at Columbia University. He also studied information privacy and intellectual property law and practiced in these areas as an attorney with Freshfields Bruckhaus Deringer. The research presented was funded by the National Science Foundation, Defense Advanced Research Projects Agency, and the Air Force Research Laboratory.

    Session 3: Consumer Privacy Expectations

    Lorrie Cranor joined the US Federal Trade Commission as Chief Technologist in January 2016. She is on leave from Carnegie Mellon University where she is a Professor of Computer Science and of Engineering and Public Policy, Director of the CyLab Usable Privacy and Security Laboratory (CUPS), and Co-director of the MSIT-Privacy Engineering masters program. She also co-founded Wombat Security Technologies, an information security awareness training company. Cranor has authored over 150 research papers on online privacy and usable security, and has played a central role in establishing the usable privacy and security research community, including her founding of the Symposium on Usable Privacy and Security. She was previously a researcher at AT&T Labs-Research. Cranor holds a doctorate in Engineering and Policy from Washington University in St. Louis. She is a Fellow of the ACM and IEEE.

    Jens Grossklags is a faculty member at Penn State where he directs the Security, Privacy and Information Economics Lab, and served as the Haile Family Early Career Professor. Beginning in January 2017, he will be a Professor for Cyber Trust in the Computer Science Department of Technical University of Munich. Previously, he was also a Postdoctoral Research Associate at the Center for Information Technology Policy and a Lecturer of Computer Science at Princeton University.​ In 2009, he completed his doctoral dissertation at the University of California Berkeley’s School of Information. He is following a cross-disciplinary research agenda investigating privacy and security challenges with analytic, empirical, and experimental methodologies. The research presented was funded by Penn State. 

    Chanda Phelan is a Ph.D. student at the University of Michigan School of Information (UMSI), where she studies decision making in human-computer interaction. She has a Masters of Information, also from UMSI. The research presented was funded by Google’s Social Interactions Focused Program. 

    Yu Pu is a 4th-year Ph.D. student in the College of Information Sciences and Technology at the Pennsylvania State University (Penn State). Previously, she received a Bachelors degree in Economics and a Master’s degree in Information Sciences and Technology. Her research has tackled issues related to human behavior and behavioral economics, usable privacy and security, third-party apps’ privacy issues, online anonymity, and privacy enhancing technologies. Her work has been published in competitive venues such as the Privacy Enhancing Technologies Symposium (PETS), the International Conference on Information Systems (ICIS), the International Conference on Cryptology and Network Security (CANS), and the Conference on Decision and Game Theory for Security (GameSec). The research presented was funded by Penn State. 

    Mahmood Sharif is a Ph.D. student in the Electrical and Computer Engineering Department at Carnegie Mellon University (CMU), where he is advised by Lujo Bauer and Nicolas Christin. His research interests are in the areas of computer security and privacy, machine learning, human factors, and online anonymity and censorship. Before joining CMU, he received his B.Sc. and M.Sc. degrees in computer science from the University of Haifa. The research presented was partially funded by the National Science Foundation.

    Yang Wang is an assistant professor in the School of Information Studies at Syracuse University where he co-directs the Social Computing Systems (SALT) Lab. He received his Ph.D. in information and computer science from the University of California, Irvine. His research is centered on usable privacy and security, and social computing. He has been examining privacy issues and building novel privacy-enhancing technologies in different domains, such as personalized systems, social media, online behavioral advertising, and drones. His research has been supported by the National Science Foundation, Department of Health & Human Services, Google, Alcatel-Lucent, and The Privacy Projects. The research presented was funded by the National Science Foundation. 

    Session 4: Online Behavioral Advertising

    Kristin Krause Cohen is a senior attorney in the Division of Privacy and Identity Protection in the Federal Trade Commission’s Bureau of Consumer Protection. Her work focuses primarily on enforcing federal statutes and regulations that pertain to information security and consumer privacy, including the Children’s Online Privacy Protection Act.  Ms. Cohen previously served as the Chief of the FTC’s Office of Technology Research and Investigation. She received her J.D. from the University of Virginia and her B.S. from Georgetown University.

    James C. Cooper is an Associate Professor at George Mason University’s Antonin Scalia Law School. Professor Cooper also runs the Program on Economics & Privacy, which is dedicated to promoting the sound application of economic analysis to issues surrounding the digital information economy through original research, policy outreach, and education. The Program on Economics and Privacy is a division of the Law and Economics Center, which receives support from several corporations. The full list is available at Before coming to George Mason, Professor Cooper served as Deputy and Acting Director of the Federal Trade Commission’s Office of Policy Planning, Advisor to Federal Trade Commissioner William Kovacic, and an associate in the antitrust group of Crowell and Moring, LLP. He teaches Economic Foundations of Legal Studies, Advanced Seminar on Law & Economics, and Digital Information Policy Seminar. 

    Steven Englehardt is a computer science Ph.D. candidate at Princeton University and a graduate research fellow at the Center for Information Technology Policy. His research is in the area of web privacy and web security, with a focus on online tracking measurement. Mr. Englehardt is the primary maintainer of OpenWPM, an open web privacy measurement platform. In the past he worked on the security engineering team at Mozilla, and received his B.Sc. in Physics from Stevens Institute of Technology. The research presented was funded by the Data Transparency Lab, Amazon Web Services, and the National Science Foundation.

    Zubair Shafiq is an assistant professor of computer science at the University of Iowa. Dr. Shafiq's general research interests are in networking and security, with a focus on large scale measurement and performance evaluation. The research presented was funded by the Data Transparency Lab.

    Session 5: Information Security

    Mark Eichorn is an Assistant Director in the FTC Bureau of Consumer Protection’s Division of Privacy and Identity Protection (DPIP), where he supervises privacy and data security matters. He joined DPIP in 2009 after serving as an attorney advisor for FTC Chairman (and previously Commissioner) Jon Leibowitz on consumer protection issues. After joining the Commission in 1998, Mark worked for many years as an attorney in the Division of Advertising Practices and served a stint in 2003 as an attorney advisor to FTC Commissioner Leary. Mark went to law school at the University of Virginia, and later clerked for Ninth Circuit Judge Robert Beezer before joining the Seattle firm of Mundt MacGregor.

    Amin Kharraz is a research assistant at Northeastern University, Boston. He is a member of the Secure Systems Lab (SecLab). His research interests span a wide range of topics in systems security, with an emphasis on designing practical tools to help users stay secure online. His recent research involves retrofitting new techniques into operating systems to protect users against ransomware attacks. The research presented was funded by the National Science Foundation and Secure Business Austria.

    Mohammad Mannan is an Associate Professor at the Concordia Institute for Information Systems Engineering, Concordia University, Montreal. He has a Ph.D. in Computer Science from Carleton University (2009) in the area of Internet authentication and usable security. His research interests lie in the area of Internet and systems security, with a focus on solving high-impact security and privacy problems of today's Internet. He is involved in several well-known conferences (e.g., program committees: ACM CCS 2016, ACSAC 2014, USENIX Security 2010; program co-chair: ACM SPSM 2016), and journals (e.g., ACM TISSEC, IEEE TDSC, IEEE TIFS). His industrial R&D experience prior to graduate school included three years in large-scale software design. The research submitted was funded by the Vanier Canada Graduate Scholarship, a Natural Sciences and Engineering Research Council of Canada (NSERC) Discovery Grant, and the Office of the Privacy Commissioner of Canada (Contributions Program).

    Damon McCoy is an assistant professor at the New York University Tandon School of Engineering. His research focuses on empirically measuring the security and privacy of technology systems and their intersections with society. Some of his current projects explore the socio-economics of e-crime, censorship evasion, anonymous communication, and cyber-physical systems. The research presented was funded by the National Science Foundation.

    Wrap-Up Panel

    Howard Beales teaches in the School of Business at the George Washington University, where he has been since 1988.  From 2001 through 2004, he was the Director of the Bureau of Consumer Protection at the Federal Trade Commission. As Director, he was instrumental in establishing the national Do Not Call Registry, obtained the largest redress orders in FTC history, and attacked high volume frauds. From 1977 to 1987, Dr. Beales served as a staff economist and in various positions in the Bureau of Consumer Protection at the FTC. In 1987-88, he was a Branch Chief in the Office of Information and Regulatory Affairs. He received his Ph.D. in economics from the University of Chicago in 1978, after graduating magna cum laude from Georgetown University in 1972.

    Deirdre K. Mulligan is an Associate Professor in the School of Information at the University of California, Berkeley (UC Berkeley), a faculty Director of the Berkeley Center for Law & Technology, and a PI on the new Hewlett funded Berkeley Center for Long-Term Cybersecurity. Mulligan’s research explores legal and technical means of protecting values such as privacy, freedom of expression, and fairness in emerging technical systems. Her book, Privacy on the Ground: Driving Corporate Behavior in the United States and Europe, a study of privacy practices in large corporations in five countries, conducted with UC Berkeley Law Professor Kenneth Bamberger was recently published by MIT Press. She is Chair of the Board of Directors of the Center for Democracy & Technology, a leading advocacy organization protecting global online civil liberties and human rights; a founding member of the standing committee for the AI 100 project, a 100-year effort to study and anticipate how the effects of artificial intelligence will ripple through every aspect of how people work, live and play; and a founding member of the Global Network Initiative, a multi-stakeholder initiative to protect and advance freedom of expression and privacy in the information and communications technology (ICT) sector, and in particular to resist government efforts to use the ICT sector to engage in censorship and surveillance in violation of international human rights standards.

    Jessica L. Rich has been the Director of the FTC’s Bureau of Consumer Protection (BCP) since June 2013. In that capacity, she oversees over 450 attorneys, investigators, and administrative personnel working to protect consumers from deceptive and unfair practices in the commercial marketplace. During her over 25-year tenure at the agency, Ms. Rich has served in a number of different positions, including Deputy Director of BCP, Associate Director of the Division of Financial Practices, and Acting Associate Director of the Division of Privacy and Identity Protection. Ms. Rich is widely regarded as one of the nation’s experts on consumer protection, data privacy, and consumer technology issues, having started and led many significant programs and initiatives during her FTC tenure. Her accomplishments include: launching the FTC’s very first privacy and data security work, and building the FTC privacy program from a small team to the signature program it is today; initiating and leading the FTC’s policy and enforcement work in the tech sector; establishing the FTC’s Tech Lab and Office of Technology Research and Investigation; and overseeing development of hundreds of precedent-setting cases against companies large and small that have violated the nation’s consumer protection laws. Ms. Rich started her career in privacy practice in New York City, and is a graduate of New York University Law School and Harvard College.

    Andrew Stivers is the Deputy Director for Consumer Protection in the Bureau of Economics at the U.S. Federal Trade Commission. Dr. Stivers has a Ph.D. in Economics from the University of Texas at Austin and has published on the role, and regulation, of information in the marketplace. After working in academia at Oregon State University, Dr. Stivers joined the economics staff of the U.S. Food and Drug Administration (FDA), where he led the economic analysis and input for major regulations, including food package labeling and calorie labeling in restaurants. He stayed on at FDA as Director of the food program’s consumer, public health, and statistical research division. In 2014 Dr. Stivers was appointed to his current post at the FTC, where he works to ensure the integration of sound and useful economic analysis into the FTC’s policies and enforcement actions.  Since his appointment, Dr. Stivers has worked on many key enforcement and policy issues, including: establishing frameworks for understanding consumer injury; educating stakeholders on the economics of protecting consumer privacy; leading a discussion of reputation mechanisms in the “sharing” economy; and working on numerous enforcement matters in privacy, substantiation, disclosure, and marketing practices.

FTC Privacy Policy

Under the Freedom of Information Act (“FOIA”) or other laws, we may be required to disclose to outside organizations the information you provide when you pre-register for events that require registration. The Commission will consider all timely and responsive public comments, whether filed in paper or electronic form, and as a matter of discretion, we make every effort to remove home contact information for individuals from the public comments before posting them on the FTC website.

The FTC Act and other laws we administer permit the collection of your pre-registration contact information and the comments you file to consider and use in this proceeding as appropriate. For additional information, including routine uses permitted by the Privacy Act, see the Commission’s Privacy Act system for public records and comprehensive privacy policy.

This event will be open to the public and may be photographed, videotaped, webcast, or otherwise recorded.  By participating in this event, you are agreeing that your image — and anything you say or submit — may be posted indefinitely at or on one of the Commission's publicly available social media sites.