Independent Researcher & Consultant
I frequently speak at conferences and public events on matters relating to consumer privacy, security, and technology policy.
February 08-09, 2015
Digital Broadband Migration: After the Internet Protocol Revolution
Silicon Flatirons, Boulder, CO
Read about past events below.
I did an interview with Bloomberg news on a major security vulnerability in Apple’s operating system (mobile and otherwise). We discussed what this vulnerability means for users, how it happened, and whether or not the NSA might be involved.
I presented a quick overview of mobile tracking technology at the FTC Spring Privacy Series on Mobile Device Tracking. My presentation covered the different types of signal your phone emits and the technology that can use these signals to track you as you move around a retail location. You can watch the video here, but my slides are not on camera–follow along with the slides here.
My talk preceded a panel discussion with representatives of the marketing industry (National Retail Federation, iInside, Mexia Interactive, and Create with Context) and Seth from the Electronic Frontier Foundation. They explained the various uses of this technology in the retail marketing and several of the points I made about the technology, specifically about hashing, came up several times throughout their discussion.
In this video I demonstrate how the built-in MacBook camera may be turned on, even when the light is off, allowing someone to spy on users without being detected. You can read more about this story here.
Intelligence agencies follow targets using cookies installed by Google, typically to track users for commercial advertising purposes, to follow suspects online and target them with malware. You can read more about this story here.
In this video I discuss the NSA’s ability to use massive numbers of cell location records to determine if anyone, including US citizens, are co-traveling with targets of surveillance. You can read more about this story here.
On July 10, I was a guest on KRCW’s daily show, To The Point. Reacting to recent revelations of NSA surveillance issues and comments made by witnesses at the Privacy and Civil Liberties Oversight Board (PCLOB) meeting on Tuesday, I talked about the need for more oversight and transparency of NSA programs by technically minded individuals that can understand the underlying technology and its implications.
Listen to the show. My comments start at about 32 minutes.
On July 9, I joined a few technical experts on a panel to field questions from the Privacy and Civil Liberties Oversight Board.
The panel footage is available from CSPAN here, with a clip of my remarks here. A draft of my written comments is posted here.
I was on Al Jazeera’s “The Stream” today discussing online privacy, the problems with notice, and the type of harms we experience with our data out there. This is probably one of the longer live TV appearances I’ve done but fortunately it turned out OK.
(And yes, the irony of being on a talk show about privacy when the host repeatedly encourages the audience to ‘Like’ her Facebook page is not lost on me 🙂 )
Washington DC | June 25, 2013
My panel focused on PRISM. We discussed what the program might look like based on publicly available information as well as whether the intelligence gained through the program is worth the risk to American’s privacy.
You can watch the day’s events here. PRISM Panel begins around 2:10:00.
Berkeley, CA | June 6 – 7, 2013
I presented a paper I co-authored with Kevin Bankston on the cost of surveillance. Our research provides data on the decreasing cost to the government of surveilling its citizens as a result of new technology. We looked at the hourly cost of various methods of location surveillance to provide a mathematical foundation for a discussion on fourth amendment rights.
Los Angeles, CA | June 3-4, 2013
I was a participant in Bruce Schneier’s annual Security and Human Behavior conference. I was part of a privacy discussion with Alessandro Acquisti, Chris Palow of Facebook, Esther Dyson and Chris Soghoian from ACLU and talked about information asymmetries, the use of personal information and price discrimination. There are live blogging notes from the conference here and here.
A panel of experts discussed the current state of “Do Not Track” efforts. I focused on the technical difficulty of blocking tracking and ways to ensure consumers have a choice. You can read more about my thoughts on DNT here.
I was on a similar panel two years ago where we discussed whether Congressional action was necessary to ensure consumers opt-out of tracking.
Watch the panel here. My remarks start at 14:30.
I participated in the third annual Circumvention Tech Summit. This meeting of developers and activists is focused on increasing dialogue among circumvention tech developers and providing them with the knowledge and resources they need to create and develop better tools.
Budapest, Hungary | April 17-19, 2013
WiSec presents high quality research papers exploring security and privacy aspects of wireless communications, mobile networks, and their applications.
I gave a plenary talk about mobile threats to privacy. My presentation covered common threats to mobile privacy and security, focusing on what information is stored on your smartphone and what information is shared – intentionally and unintentionally – with cloud providers and third parties. I reviewed common security problems and pitfalls, as well as the privacy risks consumers assume by operating smartphones powered by a burgeoning advertising industry.
I hosted a webinar with Manas Mohapatra, the Director of Mobile Policy for the Federal Trade Commission’s Mobile Technology Unit, for the FinCapDev Finalists. We discussed security and privacy issues related to mobile app development.
I discussed data brokering with host Rose Aguilar on “Your Call,” a public radio program from KALW San Francisco. The program was part of Your Call’s “Agenda for a New Economy” series and focused on companies that gather and sell personal information to marketing firms. We discussed some of the surprising ways data has been used and methods you can use to control what is shared about you.
Silicon Flatirons, Center for Law, Technology, and Entrepreneurship
at the University of Colorado
Boulder, CO | January 11, 2013
I joined a discussion about the Threats and Benefits of New Technologies at the Fifth Annual Silicon Flatirons conference on privacy. Academics, policymakers, privacy advocates, and practitioners came together to discuss the changes in the state of the art of privacy and technology, and focus on what it means for policymaking and legal practice in particular. My presentation discussed the need for both technical and policy solutions to privacy problems. (Our panel starts at 57:00)
View video archives here.
Federal Trade Commission Workshop
Washington, DC | December 6, 2012
I participated in a workshop, organized by the Federal Trade Commission, designed to examine the practices and privacy implications of “comprehensive” data collection about consumers’ online activities.
This discussion highlighted the need for a comprehensive policy governing tracking behavior.
User Empowerment in Social Media Culture Conference
Brussels, Belgium | November 30, 2012
Privacy in social network is typically associated with the difficulty of configuring the settings so that the uploaded information does not become available to unintended audiences. There is however a wide range of security and privacy issues in these systems, as well as a diversity of technologies that have been proposed to improve the protection of their users. This panel tackled the question of what it means to protect security and privacy in social networks. Panelists discussed the different types of threats, assumptions, adversarial models, security and privacy objectives, available technologies to achieve these objectives, as well as the limitations of these technologies.
I was a panelist.
For Your Eyes Only International Conference
Brussels, Belgium | November 30, 2012
The panelists presented and discussed proposals for mitigating select privacy problems in OSNs through technology itself. They looked at ways of concealing data from service providers, as well as third party trackers, and discussed mechanisms to improve the tedious task of managing disclosures through privacy settings. The panelists proposed ways in which they assess the limitations of these technologies and discuss ways in which technical measures need to be complemented with legal and organizational measures.
I was one of the presenters.
For Your Eyes Only – Security in Social Networks (Day2, Panel 4) from spion on Vimeo.
UC Berkeley | November 26 – 27, 2012
This workshop served as a forum for the W3C membership and the public to discuss the Consortium’s next steps in the area of tracking protection and Web privacy. What have we learned from Do Not Track standardization and real-world implementations? Furthermore, undoubtedly support for privacy on the Web platform cannot end with Do Not Track: what should we look at next and beyond DNT?
I was a participant.
Ford Foundation’s Wired for Change Conference
New York, NY | October 23, 2012
As part of Ford Foundation’s Wired for Change conference, noted consumer privacy experts and technologists Harvey Anderson, Brad Burnham, Kamala D. Harris, Jon Leibowitz and I considered how mining Big Data and safeguarding privacy can reasonably coexist, moderated by John Palfrey.
Berlin, Germany | October 1 and 2, 2012
I was a keynote speaker and panelist at an advertising technology conference in Berlin speaking generally about the problems and opportunities in “big data”.
User data is essentially the raw resource in this industry. Yet this information doesn’t simply magically appear but is typically collected from users. These raw materials can essentially be broken up into:
I highlight how this third category seems to be where most of the privacy tensions stem from, how this data is actually not that useful, and how there’s a huge opportunity in trying to engage the user into providing higher quality ‘consensual’ data (which I dubbed ‘fair trade data’). Thoughts?
The Kojo Nnamdi Show at WAMU
Washington, DC | August 22, 2012
I discussed facial recognition software with Laura Donohue, a law professor at Georgetown University, on The Kojo Nnamdi Show. We discussed how the technology works and the implications of its increasing quality and availability.
Defcon 20 Hacking Conference
Las Vegas, NV | July 26 – 29, 2012
In July 2012, I took part in a panel at the 20th annual Defcon Conference. I joined tech experts Christopher Soghoian from the Open Society Institute and Catherine Crump, staff attorney with the ACLU’s Project on Speech, Privacy, and Technology, for a briefing on the current technological and legal landscape of location data tracking. The panelists explored how consumer location tracking efforts weave a story about the systemic privacy vulnerabilities of smart phones and the legal ways in which law enforcement has been able to hitch a ride. The panel was moderated by the Director of the ACLU’s Project on Speech, Privacy, and Technology, Ben Wizner.
OPEN Silicon Valley Forum
Mountain View, CA | June 2, 2012
Online privacy concerns have confounded many an entrepreneurs and taken some off-guard. The recent episodes of Path address book uploads, Apple UDID ban, Google privacy policy change, Safari cookie bypass, Facebook timeline launch, and Target predicting teenage girls’ pregnancies before their families do have all put online privacy front and center in the media, with federal regulators and legislators on the Hill taking note of every single move of these companies. While the concerns around social networks and mobile applications eroding our privacy, reputation, and trust are being voiced, it must be balanced with the reality that online information sharing using innovative technologies presents unprecedented opportunities for the community. Both these dimensions are often considered at odds with each other, leading many- especially the entrepreneurs- to question if online privacy issues can put a brake on the innovation engine fueled by big data technologies.
I was a panelist.
Berkeley Center for Law and Technology
Berkeley, CA | May 31 – June 1, 2012
As the Web continues to transition from a static collection of documents to an application platform, websites are learning more and more about users. Many forms of Web information sharing pose little privacy risk and provide tremendous benefit to both consumers and businesses. But some Web information practices pose significant privacy problems and have caused concern among consumers, policymakers, advocates, researchers, and others. Data collection is now far more complex than HTTP cookies, and the information available to websites can include a user’s name, contact details, sensitive personal information, and even real-time location. At present there are few restrictions on and scant transparency in Web information practices. There is a growing chasm between what society needs to know about Web tracking and what the privacy measurement community has been able to bring to light.
A number of practitioners, researchers, and advocates have begun to more formally study how websites collect, use, and share information about their users. The goal of the Conference on Web Privacy Measurement (WPM) is to advance the state of the art and foster a community on how to detect, quantify, and analyze Web information vectors across the desktop and mobile landscapes. Such vectors include browser tracking, such as cookies, flash cookies, the geolocation API, microphone API, and camera API; and server-side tracking, such as browser fingerprinting. We are also interested in the deployment of privacy-preserving technologies, such as HTTPS and proper deployment of P3P.
I served on the programming committee for this event, and led a discussion about tools for web privacy measurement.
Freedom to Connect F2C Conference
Washington, DC | May 21-22, 2012
I joined others for a discussion about the delicate balance between technology, free speech, privacy and human rights.
Consumer Reports Roundtable
New York, NY | May 4, 2012
On May 4, 2012, I participated in a panel discussion about consumer privacy on Facebook, organized by Consumer Reports. The panel was part of a larger examination of the issue, which was featured in the June 2012 issue of their magazine. Included tips about Facebook privacy settings.
TechCrunch TV | May 3, 2012
TechCrunch TV had me on to discuss Path, Apple’s collection of location information, and the various other privacy issues with mobile devices.
Ashkan Soltani On Mobile App Security by 5minTech
Why You Should Treat Your iPhone Like a Toddler: The State of Mobile App Security Techcrunch, May 3, 2012
Advisory Committee to the Congressional Internet Caucus
Washington, DC | May 3, 2012
The 4th Annual State of the Mobile Net Conference featured debates about the most pressing issues facing the exploding mobile net. While App developers frenetically code away, Washington policymakers are looking more and more closely at the mobile net ecosystem. Indeed, Washington policymakers are eager to help the mobile net achieve its potential by freeing up spectrum, implementing consumer protections and considering privacy rules for the burgeoning app market. With the speed at which the mobile net is evolving, how can Washington policymakers provide the appropriate level of assistance?
I took part in a panel called Complex Devices / Complex Privacy Questions: Grappling With Privacy In the Mobile Space
Palo Alto, CA | April 25, 2012
Mobile apps and the services they provide have been one of the most exciting areas of innovation in recent years. Many of these new services have been successful because they enable consumers to use data to connect, discover and accomplish in new ways, but the collection and use of consumer data in the complex mobile environment has caused a rise in privacy concerns. To maintain the consumer trust necessary to continue the pace of innovation, the key participants in the app ecosystem need to work together.
To better understand their respective roles in this new ecosystem, platforms, app developers, carriers, consumers and policymakers are gathering to address current and pressing consumer privacy issues. The Application Developers Alliance and the Future of Privacy Forum, along with the Stanford Law School Center for Internet and Society, hosted the App Developer Privacy Summit on April 25, 2012.
I was one of the panelists/presenters.
http://blip.tv/future-of-privacy/app-developer-privacy-summit-6153058
Go to 2 hours, 32 minutes for details.
Wall Street Journal Live/Digits | April 17, 2012
Ashkan Soltani, the programmer who designed the MobileScope app and the technical adviser for WSJ’s What They Know series, discusses his privacy app, which won WSJ’s Transparency Weekend “Ready for Primetime” award.
NYU Law School, New York, NY | April 13, 2013
People routinely carry smartphones and other devices capable of recording and transmitting immense quantities of personal information and tracking their every move. Privacy has suffered in this new environment, with new reports every week of vulnerabilities and unintended disclosures of private information. New York University’s Information Law Institute and Princeton’s Center for Information Technology Policy hosted a technology and policy dialogue about the new world of mobile and location privacy. They brought together the policy and technology communities to discuss the substantial privacy issues arising from the growth of mobile and location technologies.
I gave a technical demonstration.
NYU/Princeton Conference on Mobile and Location Privacy — Technology Demonstration: Askhan Soltani from NYU Information Law Institute on Vimeo.
New York University School of Law
New York, NY | April 13, 2012
The age of ubiquitous computing is here. People routinely carry smartphones and other devices capable of recording and transmitting immense quantities of personal information and tracking their every move. Privacy has suffered in this new environment, with new reports every week of vulnerabilities and unintended disclosures of private information. On Friday, April 13, 2012, New York University’s Information Law Institute and Princeton’s Center for Information Technology Policy will hosted a technology and policy dialogue about the new world of mobile and location privacy. The gathering aimed to bring together the policy and technology communities to discuss the substantial privacy issues arising from the growth of mobile and location technologies.
I did a technology demonstration.
NYU/Princeton Conference on Mobile and Location Privacy — Technology Demonstration: Askhan Soltani from NYU Information Law Institute on Vimeo.
Columbia Journalism School
New York, NY | March 28, 2012
Data journalism is quickly becoming one of the hottest topics in the industry – but what exactly is it, and what tools, teams and techniques are necessary for doing it well?
On March 28th, 2012 the Tow Center for Digital Journalism hosted several of data journalism’s most prominent innovators and practitioners for a discussion about the possibilities and pitfalls of this evolving field. I was one of the panelists.
RSA Conference
San Francisco, CA | Feb 27 – March 2, 2012
I was a panelist at RSA this year.
Topic: The use of mobile devices can raise an avalanche of privacy and security issues. Our diverse panel of privacy gurus will provide practical suggestions to address some significant privacy and security concerns arising from the use of mobile devices, including: (1) BYOD – bringing your own device to work; (2) location-based technology; (3) privacy disclosures and choice; and (4) the development and use of applications.
Media Access Project Forum
Washington, DC | February 7, 2012
On February 7, 2012, I joined other experts for a discussion about freedom of expression issues, cyber security issues and surveillance tech issues in the context of how they affect online users’ free speech rights.
Future of Privacy Forum
National Press Club, Washington, DC | December 5, 2011
On December 5, 2011, leading academics, advocates, Chief Privacy Officers, legal experts and policymakers gathered to discuss and debate the benefits and risks of de-identification and the definition of personal information. I joined the event to talk about advertising and marketing uses and concerns.
Silicon Valley Human Rights Conference
San Francisco, CA | October 25-26, 2011
I was a panelist at the first annual Human Rights Conference – or RightsCon.
Panelists on Mobile, Telcos and the Future of Freedom of Speech talked about the nascent connection between commerce, politics, human rights and information, especially with burgeoning uprisings in the Middle East and beyond. With the reality of competitive pressures within the industry and the network monopoly of many governments, we looked at some of the industry practices and approaches that are needed to ensure telecoms are not hijacked for repression and abuse. The panelists discussed the realities of operating with infrastructure in country, the business models available to ensure control of the network; and the privacy and mobile security needs of human rights advocates.
The event was livestreamed but there is no video archive.
OWASP AppSec USA 2011 Conference
Minneapolis, MN | September 20 – 23, 2011
In this talk, Gerrit Padgham and I talked about the current state of online tracking and highlight current practices such as “cookie respawning” and non-cookie based tracking that popular websites and mobile applications engage in. We discussed theories on why the platforms we use do not adequately protect users from these threats and highlight the proposed solutions, such as additional transparency tools and Do-Not-Track that are intended to help mitigate these issues. We also demonstrated MobileScope, a technical solution we have been developing to give the end user ultimate visibility into the traffic their device is sending. Finally, we discussed open questions surrounding the ability to adequately assess risk drawing from behavioral economics and risk management theories for cues as to potential outcomes in this space.
When Zombies Attack: A Tracking Love Story with Ashkan Soltani & Gerrit Padgham from OWASP on Vimeo.
Berkeley Law
Brussels, Belgium | June 22, 2011
While US regulators and legislators consider a “do not track” mechanism to allow more effective control of online collection of information, European regulators have moved aggressively to give consumers more control over there mere placement of cookies through the E-Privacy directive. Many questions surround the confluence of US and European developments, including the scope of do not track, the implications of different implementations of do not track, the economic implications of greater consumer control over tracking, and how do not track will be applied in European markets. BCLT and the University of Amsterdam’s Institute for Information Law hosted a workshop to explore the law and technology of online tracking and mechanisms for consumer control of tracking June 22-23 in Brussels, Belgium. Participants included FTC Commissioner Julie Brill, Vice-President of the European Commission and Commissioner for the Digital Agenda Neelie Kroes, The Office of Science and Technology Policy CTO Daniel Weitzner, DG Society Director Robert Madelin, and technologist Ashkan Soltani.
I presented a tutorial on the state of online tracking that covered online tracking technologies and business models, including demand side platforms.
Santa Clara, CA | May 19-20, 2011
Privacy Identity Innovation is the only tech conference focused on exploring how to protect sensitive information while enabling new technologies and business models. Over 250 attendees from around the world participated in the second Privacy Identity Innovation conference, which took place May 19-20, 2011 at the Santa Clara Marriott hotel in Silicon Valley.
On May 19, I participated in a roundtable discussion called Pii and Location: Can You Find Me Now?
pii2011: pii and Location: Can You Find Me Now? from Marc Licciardi on Vimeo.
On May 20, I was part of a panel discussion on Simplifying Privacy Notice.
pii2011: Simplifying Privacy Notice from Marc Licciardi on Vimeo.
Senate Committee on the Judiciary, Subcommittee on Privacy, Technology and the Law
Washington, DC | May 10, 2011
On May 10, 2011, I testified in front of the Senate Judiciary Committee on Privacy Technology and the Law regarding mobile privacy. The other witnesses included representatives from Apple, Google, Center for Democracy and Technology, and the Association for Competitive Technology.
USA Today live blogged the hearing.
Video archives on CSPAN include my delivered testimony, answers to questions about what “location” means, and a question from Senator Franken about the most serious threat regarding mobile devices and privacy. View CSPAN footage of entire hearing
Center for Information and Technology at Princeton University
Princeton, NJ | April 28-29, 2011
This workshop served to establish a common view on possible Recommendation-track work in the Web privacy and tracking protection space at W3C, and on the coordination needs for such work.
The workshop was expected to attract a broad set of stakeholders, including implementers from the mobile and desktop space, large and small content delivery providers, advertisement networks, search engines, policy and privacy experts, experts in consumer protection, and other parties with an interest in Web tracking technologies, including the developers and operators of Services on the Web that make use of tracking technologies for purposes other than to behavioral advertising.
In the position paper I submitted, I proposed potential alternative approaches to framing tracking that enables companies to engage in measurable online advertisement while providing the most important privacy protections articulated by advocates. This approach focuses primarily on the active removal of persistent identifiers that are used to correlate browsing activity over multiple sessions or multiple websites.
Congressional Internet Caucus Advisory Committee
Washington, DC | April 5, 2011
The online privacy Do Not Track proposal (DNT), modeled after the popular “Do Not Call” concept, has captured the imagination of those who wish to protect consumer privacy in Congress, in industry and among privacy advocates and consumers alike. Consumer privacy advocates have proposed it, the Chairman of the Federal Trade Commission has endorsed it, and Members of Congress have drafted legislation to enact it. Yet remarkably, there is no broad consensus on *what* DNT is or even on *who” should be responsible for making it a reality.
I joined other experts for a panel regarding the potential implementation of Do Not Track. Others included representatives from Microsoft, the Digital Advertising Alliance, the Federal Trade Commission, and the Internet Caucus Advisory Committee.
Senate Commerce Committee
Washington, DC | March 16, 2011
On March 16, 2011, I appeared as a witness at the Senate Commerce Committee’s hearing on consumer privacy. Other witnesses included representatives from the Federal Trade Commission, the US Department of Commerce, Microsoft, Intuit, Group M Interaction, and the ACLU.
Blog coverage of hearing.
Key quotes from hearing.
CSPAN archives include my delivered testimony, and a question from Senator Kerry regarding first party versus third party data collection. View entire hearing here.
Ashkan Soltani 