Balancing privacy, ethics and technology
Our lives are inseparable from technology. Yet the policies behind technology are lagging. Sanford is bridging this gap.
For the last five years, Sanford’s technology policy initiative has been at the forefront of critical discussions and groundbreaking research in the field. Sanford is a tech policy leader, with expertise shared at the White House, in national media coverage and throughout universities. The school is addressing the challenges posed by the sale of our personal data, exploring the safe use of social media, and training the next generation of tech policy leaders in an ever-evolving digital landscape.
The endowment of the Steed Family Professor of the Practice led to the hire in 2019 of David Hoffman, who has built the Cyber Policy initiative at Sanford, developed a cybersecurity leadership executive education program, and led critical research in platform accountability, data brokerage, cyber policy and gender violence cited by policymakers – all in under five years.
Sanford’s data brokerage reports have had significant policy impact.
(Data brokers are companies that collect and sell personal information about individuals, often without their knowledge or consent.) Duke University’s Cyber Policy program's research shows that data brokers are openly and explicitly advertising sensitive information about U.S. individuals for sale, including demographic information, political preferences, and even real-time GPS locations on current and former U.S. military personnel. The authors show that data brokerage is a virtually unregulated practice in the United States.
This team-based research also highlights the lack of transparency in the data broker industry concerning the open marketing and sale of sensitive mental health data of Americans. This information can range from demographic details like age, gender, and address to more sensitive information like purchasing habits, medical conditions and financial history. The report argues for the need for comprehensive federal privacy regulations and expanded user control, alongside bans on the sale of mental health data. The project aims to provide accessible research on technology policy issues, with the report serving as a reminder of the importance of actionable research.
Joanne Kim, PPS ’22, authored this mental health data report during her time as a student at Sanford. Kim said Sanford's Tech Policy program empowered her work while preparing her for her current career as a business analyst at McKinsey & Company in Seattle.
“Professor David Hoffman was one of my mentors at Stanford, and he always kept impact at the center of all his work. He always asked us: Why is this work important? Who is this work serving? I've carried those two questions with me in every project I've done since, which has kept me passionate, energetic, and empowered,” Kim reflected. The research attracted widespread interest from state and federal policymakers, was cited as a catalyst for congressional hearings, referenced in state laws, featured on PBS Newshour, and in additional major news outlets. The mental health data broker report, has been cited by over 60 media outlets and garnered major visibility.
During an April 2022 segment of "Last Week Tonight," host John Oliver discussed the issue of data brokers, citing Sanford’s research.
Oliver highlighted how companies use this information to target consumers and how unscrupulous actors can also use it for purposes like identity theft, fraud and other malicious activities. He also pointed out that despite the significant impact that data brokers have on privacy and security, they are largely unregulated, and consumers have limited ability to control how their information is used.
The data broker research took center stage as Justin Sherman, Senior Fellow & Research Lead of Sanford’s Data Brokerage Project, testified as an expert witness before the House Committee on Energy and Commerce. The hearing, titled "Who is Selling Your Data?" was prompted in part by Sanford's research, and Chair Morgan Griffith (R-VA) cited it as a driving force behind the proceedings. The risks of private data sales were highlighted, urging increased transparency and efficacy for users, with Chair Cathy McMorris Rodgers (R-WA) suggesting the creation of federal privacy laws to regulate personal data sales. Sherman's testimony addressed the abuses uncovered by Sanford's research, advocating for measures including restrictions on data sales to foreign governments, bans on health, location, and child data sales, and prevention of data brokers skirting laws through inference-based methods.
Sanford’s data broker expertise was once again at the forefront of tech policy in fall 2023 as Justin Sherman was one of a select group of experts to attend a White House data broker policy roundtable. The event coincided with the Consumer Financial Protection Bureau's (CFPB) announcement of regulations restricting data broker activities in line with the Fair Credit Reporting Act.
The data broker research is one of many tech policy examples of impact at Sanford.
The newest technology policy faculty member will advance Sanford further on the tech policy path. Robyn Caplan joined Sanford as a new assistant professor with a diverse background in tech policy. She holds various affiliations, including being a Senior Lecturing Fellow at Duke's Initiative for Science & Society, a Researcher Affiliate at the Data & Society Research Institute, an Affiliate at the Center for Information Technology and Policy at UNC-Chapel Hill, and a founding member of the Platform Governance Research Network. Caplan later joined the Governance Lab at NYU, where she researched open data and its impact on government communication and public access.
This work eventually led her to Data & Society, a nonprofit research organization. There, she delved into the dynamics of open data programs and received a grant to study the control of the public sphere in the age of algorithms. This research became a pivotal moment in her career. At Sanford, Caplan teaches the Policy Journalism and Media Studies Capstone course.
Examples of technology policy impacts
Duke’s Cyber Policy Program helped create Duke’s Data Privacy Day symposium in 2023. Professor Jolynn Dellinger led the effort, as a collaboration with Duke Science and Society and Duke Law School. The event focused on the impact and implication of the Dobbs v. Jackson Women’s Health decision on health data privacy and the legal landscape in its aftermath.
Duke Cyber Cup
In Fall 2022, two Sanford classrooms were transformed into simulated briefing rooms at the National Security Council during the third Cyber Cup awards. Over 60 students from Trinity College of Arts and Sciences, the Sanford School of Public Policy, the Duke School of Law, and the Pratt School of Engineering participated in the third annual Duke Cyber Cup. Teams of students presented their ideas to a team of judges from Palo Alto Networks, Trellix, Apple, Intel and Duke University who served as the fictional National Security Council staff tasked with advising the U.S. President in a hypothetical cyber-attack scenario.
Protecting Personal Data
In 2020, students worked directly with a Federal Trade Commissioner to build and distribute an accessible set of options to protect individuals’ personal data. The intent: to present research to Congress to find solutions and pass a federal privacy law.
Cyber Policy and Gender Violence
Swathi Ramprasad PPS’21 was named one of four Eisenhower Global Scholars and the first Duke student to win this award. The award provides full funding for Ramprasad to attend the University of Oxford’s Blavatnik School of Government to pursue a master’s degree in public policy. Ramprasad wrote an honors thesis on the demographic biases of pretrial risk-assessment algorithms in the local justice system, which was awarded “highest distinction” by Sanford. She was the founder of the Cyber Policy and Gender Violence Initiative, where she sought to create a research home for issues of privacy and technology as they relate to survivors of gender-based violence.
combat stalkerware and digital harassment
Duke’s Cyber Policy and Gender Violence Initiative created a toolkit for students to combat stalkerware and digital harassment. The project "Stalkerware and digital harassment: A security toolkit for first-year students" was published in EDUCAUSE’s 2020 Student Study Report. EDUCAUSE is a nonprofit association that works to advance higher education through information technology.
Bridging the Device Gap
Rachael Grainger, Ryan Rudolph, and Jaquell Sneed-Adams (all MPP’23) worked together as a master’s project team alongside the Division of Broadband and Digital Equity within the N.C. Department of Information Technology on a project called “Bridging the Device Gap in North Carolina Utilizing Human-Centered Design” to help the department find an equitable and efficient way to get devices (computers, tablets, phones) to the populations who need them most. The team used design thinking to collaborate with technology refurbishers to co-create solutions to program challenges such as accessible program design and integrating digital literacy integration for the NCDIT's priority populations. The head of the organization reported they are using the report to improve their distribution process.
A generous gift and constructive partnership have helped build the Cybersecurity Leadership Program, which brings together private sector leaders from various sectors and government officials for an intensive multi-day program. Duke scholars in policy, law, engineering, business, and computer science, as well as leading industry and government experts, help participants develop responsible cybersecurity policy.
Semiconductor Supply Chains
David Hoffman and a team of students are working the Organization for Economic
Cooperation and Development to develop policy recommendations on the evolving global semiconductor supply chain with a specific focus on developing economies such as Costa Rica, Panama, Mexico, Indonesia, Vietnam, the Philippines and Indonesia.
Partnership for Cybersecurity Excellence
In 2023, Duke joined efforts with NC State University to develop the North Carolina Partnership for Cybersecurity Excellence (NC-PaCE). This collaborative effort, which unites educational, government, and industry organizations, is dedicated to propelling the state's and the nation's cybersecurity prowess in education, research, and services to combat the ever-evolving landscape of cyber threats.
Examining harms caused by social media
Following the launch of Facebook whistleblower Frances Haugen’s non-profit, Beyond the Screen, researchers in the Technology Policy Lab have joined forces with Beyond the Screen to spend the summer as Fellows, examining harms caused by social media. Duke Fellows, along with Fellows from Georgetown University, are collaborating on a forthcoming Wiki to itemize the harms of social platforms and levers to prevent those harms and start building a shared understanding. Creating this context of accountability will describe what “good” can look like for social platforms and pave the way for product safety regulation. Duke Fellows receive funding through Duke University’s Applied Ethics+ Program.