Le séminaire du groupe de travail Protection de la Vie Privée du GDR Sécurité  est un évènement périodique en ligne.  Ce séminaire est à destination des membres de la communauté au sens large. Il a en particulier comme objectif de palier au manque de séminaires et de conférences causé par l’épidémie.

Appel à participation pour les prochaines itérations de ce séminaire :
– présentations longues (30 mins)
– présentations courtes (5 mins)

Propositions à envoyer à benjamin.nguyen@insa-cvl.fr et

Behind the Anonymity in Distributed Ledgers, Nesrine Kaaniche (Telecom SudParis, SAMOVAR) — 28/04/22 14:00

This talk aims to stress the tension existing between anti-money laundering and data protection requirements applied to “private-ledgers”. On one hand, anti-money laundering regulation requires service providers to be able to identify their clients and track their transactions while, on the other hand, the implementation of data protection requirements strongly induces the use of anonymization-techniques to prevent the permanent recording of personal data (public/private keys and transactional data) within the Distributed Ledger Technology (DLT). In this context, designing DLTcs, which are able to meet both requirements, pose certain challenges. I will first introduce privacy-preserving technologies that are proposed to enforce privacy in distributed ledgers. Then, I will focus on de-anonymization while introducing a novel label graph networks to improve identification results. Finally, I will discuss auditing mechanisms to comply with laws and regulations. 

Bio: Nesrine Kaaniche is an Associate Professor in Cybersecurity at Télécom SudParis, Polytechnic Institute of Paris and an associate active member of the interdisciplinary chair Values and Policies of Personal Information of Institute Mines Télécom, France. Previously, she was a lecturer in Cybersecurity at the Department of Computer Science, the University of Sheffield, UK, a Post-Doc researcher at Télécom SudParis, France and an International Fellow at SRI International, San Francisco, CA, USA. Her major research interests include privacy enhancing technologies, applied cryptography for distributed systems, and decentralized architectures, i.e., IoT, fog and clouds.

Latest Advances in Location Privacy Attacks and Protection Mechanisms, Sonia Ben Mokhtar (CNRS & LIRIS) — 03/03/22 14:00

The widespread adoption of continuously connected smartphones and tablets drove the proliferation of mobile applications, among which many use location to provide a geolocated service. The usefulness of these services is no more to be demonstrated; getting directions to work in the morning, leaving a check-in at a restaurant at noon and checking next day’s weather in the evening is possible from any mobile device embedding a GPS chip. In these applications, locations are sent to a server often hosted on untrusted cloud platforms, which uses them to provide personalized answers. However, nothing prevents these platforms from gathering, analyzing and possibly sharing the collected information. This opens the door for many threats, as location information allows to infer sensitive information about users, among which one’s home, workplace or even religious/political preferences. For this reason, many schemes have been proposed these last years to enhance location privacy while still allowing people to enjoy geolocated services. During this presentation, I will present the latest advances in location privacy attacks and protection mechanisms and give some insights on open challenges and under-explored questions.

Bio: Sonia Ben Mokhtar is a CNRS research director at the LIRIS laboratory  (UMR 5205) and the head of the distributed systems and information retrieval group (DRIM). She received her PhD in 2007 from Université  Pierre et Marie Curie before spending two years at University College  London (UK). Her research focuses on the design of resilient and privacy-preserving distributed systems. Sonia has co-authored 70+ papers in peer-reviewed conferences and journals and has served on the editorial board of IEEE Transactions on Dependable and Secure Computing and co-chaired major conferences in the field of distributed systems (e.g., ACM Middleware, IEEE DSN). Sonia has served as chair of ACM SIGOPS France and is currently the vice-chair of GDR RSD a national academic network of researchers in distributed systems and networks.

Towards safe online political advertising. — Oana Goga (LIG, CNRS) — 16/12/2021 14:00

Abstract :  In this presentation I will talk about our paper “Facebook Ads Monitor: An Independent Auditing System for Political Ads on Facebook” published at The Web Conference 2020 and followup discussions with civil societies on how to regulate political advertising: https://epd.eu/wp-content/uploads/2020/09/joint-call-for-universal-ads-transparency.pdf.

The 2016 United States presidential election was marked by the abuse of targeted advertising on Facebook. Concerned with the risk of the same kind of abuse to happen in the 2018 Brazilian elections, we designed and deployed an independent auditing system to monitor political ads on Facebook in Brazil. To do that we first adapted a browser plugin to gather ads from the timeline of volunteers using Facebook. We managed to convince more than 2000 volunteers to help our project and install our tool. Then, we use a Convolution Neural Network (CNN) to detect political Facebook ads using word embeddings. To evaluate our approach, we manually label a data collection of 10k ads as political or non-political and then we provide an in-depth evaluation of proposed approach for identifying political ads by comparing it with classic supervised machine learning methods. Finally, we deployed a real system that shows the ads identified as related to politics. We noticed that not all political ads we detected were present in the Facebook Ad Library for political ads. Our results emphasize the importance of enforcement mechanisms for declaring political ads and the need for independent auditing platforms.

Bio : Oana Goga is a tenured research scientist at the French National Center for Scientific Research (CNRS) and the Laboratoire d’Informatique Grenoble (LIG). She investigates how social media systems and online advertising can be used to impact humans and society negatively. She is the recipient of a young researcher award from the French National Research Agency (ANR). Her recent research received several awards, among which the Honorable Mention Award at The Web Conference in 2020, the CNIL-Inria Award for Privacy Protection 2020 and was runner-up for the 2019 Caspar Bowden PET Award for outstanding research in privacy enhancing technologies.

Growing synthetic data through differentially-private vine copulas — Sébastien Gambs (UQAM) — 14/10/21 14:00

Abstract: In this work, we propose a novel approach for the synthetization of data based on copulas, which are interpretable and robust models, extensively used in the actuarial domain. More precisely, our method COPULA-SHIRLEY is based on the differentially-private training of vine copulas, which are a family of copulas allowing to model and generate data of arbitrary dimensions. The framework of COPULA-SHIRLEY is simple yet flexible, as it can be applied to many types of data while preserving the utility as demonstrated by experiments conducted on real datasets. We also evaluate the protection level of our data synthesis method through a membership inference attack recently proposed in the literature. Joint work with Frédéric Ladouceur, Antoine Laurent, Alexandre Roy-Gaumond.

Biography: Sébastien Gambs has joined the Computer Science Department of the Université du Québec à Montréal (UQAM) in January 2016, after having held a joint Research chair in Security of Information Systems between Université de Rennes 1 and Inria from September 2009 to December 2015. He currently holds the Canada Research Chair (Tier 2) in Privacy-preserving and Ethical Analysis of Big Data since December 2017. His main research area is the Protection of Privacy, with a particular strong focus on location privacy. He is also interested to solve long-term scientific questions such as addressing the tension between privacy and the analysis of Big Data as well as the fairness, accountability and transparency issues raised by personalized systems.

RETEX Data Anonymization and Reidentification Contest@APVP2021 — Margaux Tela (pour l’équipe UQAM), Nancy Awad (pour l’équipe Femtorange), Julien Bracon (pour l’équipe INSA Lyon) — 13/07/2021

Chacune des trois équipes présentera sa solution d’anonymisation et de réidentification, telle qu’elle a été soumise lors de la compétition DARC@APVP2021

Responsible data publishing during the COVID-19 crisis — Damien Desfontaines (Google) — 10/06/2021 14:00

Abstract : In this talk, I will present two projects that Google
launched to help public health officials combat the spread of
COVID-19: the COVID-19 Community Mobility Reports, and the COVID-19 Search Trends Symptoms dataset. In both projects, we aggregated and anonymized the data using differential privacy. Taking these launches as an example, I will outline some of the challenges that appear when rolling out differential privacy for practical use cases, and present possible approaches to tackling these challenges.

Bio : Damien Desfontaines leads the anonymization consulting team at Google, where he spent the past few years rolling out differential
privacy for a variety of use cases. He obtained his PhD, also on
differential privacy, in 2020 at ETH Zürich.

Personal Database Management Systems (PDMS) : vers une plateforme de Big Data citoyen ? — Nicolas Anciaux (Inria Saclay Île-de-France – UVSQ – PETRUS)  — 20/05/2021 13:00

Abstract: Les initiatives de smart disclosure aux Etats-Unis et le RGPD en Europe accroissent l’intérêt pour les systèmes personnels de gestion de données (appelés PIMS ou PDMS) fournis aux individus afin de gérer leurs données sous contrôle. L’épineuse question de la protection des données personnelles est ainsi mise en exergue, dans un contexte qui diffère notablement du cas traditionnel des bases de données d’entreprises externalisées sur le cloud. Les propriétés à assurer sont spécifiques et difficiles à atteindre, mais l’émergence d’environnements d’exécution de confiance (comme Intel SGX ou ARM Trustzone) présents aujourd’hui dans la plupart des dispositifs utilisateurs pourrait changer la situation.
Le paradigme du PDMS a pour objectif de concilier protection des données personnelles et traitements avancés, avec ces technologies. Cette présentation sera l’occasion (1) de passer en revue les solutions de PDMS, leurs fonctionnalités et modèles de confiance, et l’apport potentiel des environnements d’exécution de confiance, et (2) de discuter de nouvelles solutions pour le traitement collectif de données personnelles (portabilité citoyenne), préservant à la fois l’agentivité des individus et les intérêts sociétaux liés au partage de données personnelles.

Bio: Nicolas Anciaux est Directeur de Recherche Inria, responsable de l’équipe PETRUS, commune avec l’Université de Versailles. Ses domaines d’expertise sont les aspects systèmes des bases de données et la confidentialité des données. Au sein de l’équipe PETRUS, il applique son domaine d’expertise aux systèmes personnels de bases de données (PDMS). Il est co-auteur de PlugDB, un PDMS sécurisé pour l’embarqué utilisé dans le suivi des soins à domicile. Il co-dirige avec Celia Zolynski, Professeur à l’Ecole de Droit de la Sorbonne, le projet GDP-ERE visant à co-construire un cadre technico-juridique pour la gestion des données personnelles par les citoyens. Nicolas est éditeur associé du VLDB Journal et co-auteur de plus de 50 articles de conférences et de revues scientifiques.

Privacy-Preserving Decentralized Machine Learning — Aurélien Bellet (Inria Lille Nord Europe  – Magnet) — 18/03/2021 14:00

Abstract: Decentralized machine learning (DML), also known as federated learning, is a setting where many parties (e.g., mobile devices or whole organizations) collaboratively train a machine learning model while keeping their data decentralized. In this talk, I will give a brief introduction to DML and emphasize that most algorithms rely on aggregating local model updates made by participants. I will then show how differential privacy can be integrated into these algorithms to ensure data confidentiality, and discuss how to obtain good trade-offs between privacy, utility and computational costs.

Bio: Aurélien Bellet is a tenured researcher at Inria (France). He obtained his Ph.D. from the University of Saint-Etienne (France) in 2012 and was a postdoctoral researcher at the University of Southern California (USA) and at Télécom Paris (France). His current research focuses on the design of federated and decentralized machine learning algorithms under privacy constraints. Aurélien served as area chair for ICML 2019, ICML 2020 and NeurIPS 2020, and co-organized several international workshops on machine learning and privacy (at NIPS’16, NeurIPS’18 ’20 and as stand-alone events). He was also a co-organizer of the 10th edition of the French pluridisciplinary conference on privacy protection (APVP) in 2019.

[Présentation courte]  The Cluster Exposure Verification (CLÉA) Protocol — Vincent Roca (Inria Grenoble – Privatics) — 18/03/2021 14:00

Abstract: In this talk, I will give a brief introduction to the Cluster Exposure Verification (CLÉA) protocol, meant to warn the participants of a private event (e.g., wedding or private party) or the persons present in a commercial or public location (e.g., bar, restaurant, or train) that became a cluster because people who were present at the same time have later been tested COVID+. This protocol is the foundation of a dedicated TousAntiCovid module that will offer an additional and complementary service to the existing contact tracing module.


Bio: After a PhD from Grenoble INP in 1996, Vincent Roca joins the University Paris 6 as Associate Professor in 1997, and Inria as researcher in 2000. Active IETF (Internet Engineering Task Force) participant, member of PRIVATICS since 2012, he is now leading this Inria research team specialised in privacy and personal data protection.  He focusses in particular on the privacy risks associated to the use of smartphones and Internet of Things devices. He is also co-author, with PRIVATICS colleagues, of the ROBERT Covid exposure notification protocol that is the foundation of the French
TousAntiCovid app.

Hybrid Differential Privacy —  Catuscia Palamidessi  (Inria Saclay – Comète) —  25/02/2021 14:00
Abstract: Differential Privacy (DP) is one of the most successful proposal to protect the privacy of the sensitive data while preserving their utility. In this talk, we will briefly introduce the DP frameworks and its central and local models, which refer to the cases in which sanitization is done after the data has been collected, or at the level of the individual data, respectively. 
We present an intermediate scenario, which we call hybrid, representing the case in which the data set is distributed across different organizations, which do not wish to disclose the original data but only their sanitized version, and still benefit from the advantages of combining the information coming from different sources. We propose a new mechanism for the hybrid case, which is compositional and particularly suitable for the application of a variant of the statistical Expectation-Maximization method, thanks to which the utility of the original data can be retrieved to an arbritrary degree of approximation, without affecting the privacy of the original data owners. 
Detecting online tracking and GDPR violations in Web applications — Nataliia Bielova (Inria Sophia Antipolis, Privatics) –17/12/20 14:00

Abstract: As millions of users browse the Web on a daily basis, they become producers of data that are continuously collected by numerous companies and agencies. Website owners, however, need to become compliant with recent EU privacy regulations (such as GDPR and ePrivacy) and often rely on cookie banners to either inform users or collect their consent to tracking.

In this talk, I will present recent results on detecting Web trackers and analyzing compliance of websites with GDPR and ePrivacy directive. We first develop a tracking detection methodology based on invisible pixels. By analyzing the third-party resource loading on 80K webpages, we uncover hidden collaborations between third parties and find that 68% of websites synchronize harmless firs-party cookies with privacy-invasive third-party cookies. We show that filter lists, used in the research community as a de facto approach to detect trackers, miss between 25% and 30% of cookie-based tracking we detect. Finally, we demonstrate that privacy-protecting browser extensions, such as Ghostery, Disconnect or Privacy Badger together miss 24% of tracking requests we detect.

To measure legal compliance of websites, we analyse cookie banners that are implemented by Consent Management Providers (CMPs), who respect the IAB Europe’s Transparency and Consent Framework (TCF). Via cookie banners, CMPs collect and disseminate user consent to third parties. We systematically study IAB Europe’s TCF and analyze consent stored behind the user interface of TCF cookie banners. We analyze the GDPR and the ePrivacy Directive to identify legal violations in implementations of cookie banners based on the storage of consent and detect such violations by crawling 23K European websites, and further analyzing 560 websites that rely on TCF. As a result, we find violations in 54% of them: 175 (12.3%) websites register positive consent even if the user has not made their choice; 236 (46.5%) websites nudge the users towards accepting consent by pre-selecting options; and 39 (7.7%) websites store a positive consent even if the user has explicitly opted out. Finally, we provide a browser extension, Cookie glasses, to facilitate manual detection of violations for regular users and Data Protection Authorities.

Bio: Nataliia Bielova is a Research Scientist at Privatics team in Inria Sophia Antipolis, where she started an interdisciplinary research in Computer Science and EU Data Protection Law. Her main research interests are measurement, detection and protection from Web tracking. She also collaborates with Law researchers to understand how GDPR and ePrivacy Regulation can be enforced in Web applications.


Groupe de Travail Protection de la Vie Privée