NSF Award
2131509
The ever-increasing use of digital devices in society is creating mounting privacy risks. Above all, complementary desires from technology companies and law enforcement to harness the vast troves of data stored on our devices are complicating privacy interests in seclusion, autonomy, and anonymity. Though data privacy has received significant attention from both technological and legal angles, the two scholarly perspectives rarely combine to expose the interdisciplinary dependencies and synergies inherent in this topic of growing significance to our society. Using the context of digital evidence collection, this project studies legal and technical angles to privacy and security concerns. From the technical side, the investigators study how the data can be searched in a more targeted fashion and how data can be kept from unauthorized alteration. From the legal side, new technical capabilities will motivate new scholarship on related topics. <br/><br/>The rise of digital evidence in criminal proceedings triggers two principal issues guiding this project. First, under the Fourth Amendment to the Constitution, judges often limit device searches to specific data relevant to the investigation, despite the complication that various types of data may be intermixed. Second, once law enforcement has collected digital evidence, they must guard against tampering and prevent privacy invasions by both “inside” and “outside” hackers. This project addresses these two sets of challenges through the following contributions: 1) Developing software that responds to legal directives (including warrant-based and consent-based restrictions governing the scope of digital searches) and retrieves only relevant evidence from a device containing intermingled data, using a combination of metadata-based analysis and natural language processing (NLP) techniques; 2) Addressing the ambiguity in natural language directives and the accuracy limitations of automatic classification, while considering legal and social consequences of violating privacy and conducting unauthorized searches; 3) Providing security mechanisms that preserve data confidentiality and detect data tampering; 4) Using blockchain technology to create immutable logs of all accesses to, and modification of, data stored by law enforcement; and 5) Further developing and applying formal verification techniques that reason about the security of the protocols implemented. In addition to enhancing digital forensics, the work is applicable to data practices in both government and industry, particularly in dealing with heterogeneous data and separating and securing data in contexts far beyond criminal proceedings. The project impacts several existing and new classes in terms of curriculum development, cutting across digital forensics, security, and data sciences.<br/><br/>This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
