Aleecia M. McDonald
aleecia at aleecia dotcom
I am on the faculty of Carnegie Mellon in the Information Networking Institute, which is part of the engineering college. I manage our practicum offerings, where we pair student teams with external clients. I teach graduate courses and run the Privacy, Security, & Transparency (Psst!) research lab.
I research topics in Internet privacy and security. I work to contribute to a more coherent picture of how, why, and when people make choices about protecting themselves online, and what that means to them. My interests span users' mental models of online interaction, study of and creation of usable tools to support online decision making, and how people learn about and reason about online trust issues. In addition to technical tools, I focus on technically informed policy approaches in standards bodies, regulatory agencies, and legislation in the United States and European Union nations.
|
Carnegie Mellon Univeristy; designed, created, and taught four new courses in my first three semesters. Students can find more details on canvas.
Stanford University. Law-405, Privacy and
Technology, Spring 2013 Carnegie Mellon University. Project manager. Policy
Dimensions of New Space Technologies, Spring, 2008. |
|
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
|
|
|
|
|
Carnegie Mellon, Assistant Professor of the Practice,
Information Networking Institute with a Courtesy Appointment in
Engineering and Public Policy 7/18 – Present Stanford
University Center for Internet & Society, Director of Privacy,
staff position, 12/12 – 12/14 Stanford
University Center for Internet & Society, Resident Fellow,
half-time staff position, 11/11 – 11/12 Mozilla Corporation, Senior Privacy Researcher, contract
and part-time employment, 3/11 – 11/12 Carnegie Mellon University, Research Assistant, staff
position, 5/06 – 8/06 Center for Democracy & Technology, Summer Intern,
5/05 – 7/05 |
|
Non-resident Fellow, Stanford's Center for Internet and Society (12/14 – present). Ph.D. thesis committee service, Frederik J. Zuiderveen Borgesius, Institute for Information Law, University of Amsterdam (17 December, 2014). Published as: Improving Privacy Protection in the Area of Behavioural Targeting, Kluwer Law International (2015). Member of the Board of Directors, Privacy Rights Clearinghouse (11/14 – present). Member of EPIC's Advisory Board (2014 – present) [press release]. Member of Center for Democracy & Technology's Academic Advisory Board (2014 – present). Cookie Clearinghouse, Director (2013 – 2014). The Cookie Clearinghouse was created to provide information for users to make choices about online privacy [statement from Mozilla]. World Wide Web Consortium (W3C), Tracking Protection Working Group, co-chair (8/11 – 11/12). The Tracking Protection Working Group is chartered to improve user privacy and user control by defining mechanisms for expressing user preferences around Web tracking and for blocking or allowing Web tracking elements. As co-chair, I focused on standardizing the meaning of Do Not Track. We worked on consensus decisions involving over 100 working group members from advertising / self-regulatory groups, corporations, browser makers, privacy advocates, and academics. California Office of Privacy Protection's Mobile Privacy Policy Advisory Group (2012). |
|
Program Committee, Proceedings on Privacy Enhancing Technologies (PoPETs), 2016 - 2018. Program Committee, International Conference on Computers, Privacy and Data Protection (CPDP), 2016. Program Committee, Hot Topics in Privacy Enhancing Technologies (HotPETs), 2014. Program Committee, ASE International Conference on Privacy, Security, Risk and Trust (PASSAT), 2014. Reviewer, Journal of Information Policy (JIP), 2014. Program Committee, IEEE Web 2.0 Security and Privacy, (W2SP), 2014. Program Committee, Workshop on Privacy in the Electronic Society (WPES), 2012. Program Committee, Privacy Enhancing Technologies Symposium (PETS), 2011. Reviewer, Information Systems Frontiers, 2010. Program Committee, Privacy Enhancing Technologies Symposium (PETS), 2010.
|
|
|
|
Testimony before the California Assembly Committee on Privacy and Consumer Protection regarding The California Consumer Privacy Act of 2018. June 27, 2018. Do Not Track briefings and progress updates. While co-chair of the W3C Tracking Protection Working Group, I conducted outreach to keep policy makers informed. From September, 2011 to June, 2013 I held approximately two dozen meetings and spoke with a variety of US and EU policy makers. Testimony before the California Assembly Select Committee on Privacy. Privacy Implications of the New Mobile App Ecosystem. March 26, 2013. Testimony before the California Assembly Judiciary Committee, the Assembly Business, Professions and Consumer Protection Committee, and the Assembly Select Committee on Privacy. Balancing Privacy and Opportunity in the Internet Age. December 12, 2013. Supported Alex Fowler's testimony to the US Senate Commerce Committee Hearing on Do Not Track, June 27, 2012. Discussion with the California Attorneys General Consumer Protection Lawyers. Organized by Chris Hoofnagle, University of California at Berkeley. December 14, 2011. Joseph Wender, Legislative Director for US Representative Ed Markey. Briefing on privacy technologies. October 18, 2011. FTC staff regarding mobile privacy research. March 20, 2012. FTC Commissioner Brill and staff. Preview of research findings on user expectations for Do Not Track. July 13, 2011. Federal Trade Commission staff. Preview of research findings on user expectations for Do Not Track. June 15, 2011. Federal Trade Commission staff. Beliefs and Behaviors: Internet Users' Understanding of Targeted Advertising. October 13, 2010. Supported Lorrie Faith Cranor's panel discussion on consumer privacy expectations at the Federal Trade Commission's first privacy round table, December 7, 2009. Supported a portion of Lorrie Faith Cranor's testimony to the Federal Trade Commission Ehavioral Advertising: Tracking, Targeting, & Technology town hall meeting, November 2, 2007. |
|
|
|
McDonald, A. M., County of Santa Clara, "Elections, Privacy, & The Public Trust," (moderator) Santa Clara, CA. (January 29, 2020.) Tague, P. D., McDonald, A. M., National Initiative for Cybersecurity Education (NICE) Conference, "Practicum: Bridging the Gap Between Theory and Practice in Cybersecurity," Phoenix, Arizona. (November 2019.) McDonald, A. M., CyLab Partners Meeting, "California's new privacy law meets the 
Internet of Things," Pittsburgh, PA. (September 26, 2019.) McDonald, A. M., Saratoga Library, "Protecting Your Privacy: The California Consumer Privacy Act," Saratoga, CA. (July 6, 2019). McDonald, A. M., Ericsson, "California's new privacy law meets the Internet of Things," Santa Clara, CA. (May 8, 2019). McDonald, A. M., County of Santa Clara, "Consumer Privacy Protection and Children's Online Privacy," (moderator) Santa Clara, CA. (January 28, 2019.) World Affairs Council. The Internet of Things: Ubiquity Fueled by Innovation (moderator). May 7, 2014. Stanford Technology Law Review Symposium. CalOPPA panel regarding the "Do Not Track" provisions of AB 370 (moderator). April 11, 2014. American Bar Association. Video Games and Big Data: The More You Play, the More Others Learn, Ethical Obligations. March 17, 2014. Stanford Parents' Weekend. Internet Privacy: Policies and Practices. February 22, 2014. University of Amsterdam Institute for Information Law (IViR) and University of California, Berkeley School of Law. Workshop on Browsers and Tracking Protection. February 12, 2014. Stanford Political Science department. Regulatory challenges and privacy issues associated with mobile technologies. January 17, 2014. Stanford Institute for Economic Policy Research. Big Data, Big Issues. October 25, 2013. University of California, Berkeley. TRUST security seminar. September 26, 2013. Microsoft (LCA Speaker Series). The Cookie Clearinghouse. September 17, 2013. Privacy Identity Innovation (PII). Data Collection and Consent: Next Steps for Digital Advertising. September 16, 2013.
Terms and Conditional May Apply. Discussion following local movie premier, August 3, 2013. AdMonsters. Cookie Clearinghouse. July 10, 2013. IAPP Summit. The Status of Do Not Track. March, 2013. Public Policy Students Colloquium. Internet Privacy: Policies and Practices. April 9, 2014. USC Annenberg Innovation Summit 2013 (discussant). April 4, 2013. Mobile 2.0. Mobile Security and Privacy and Trust - How Will Consumers Be Protected? September 11, 2012. Interactive Advertising Bureau (IAB) Town Hall. Do-Not-Track and Digital Advertising: What Happens Next? June 12, 2012. Future of Privacy Forum's App Privacy Summit (discussant). April 25, 2012. Microsoft (Online Services Division). December 8, 2011. Katholieke Universiteit Leuven. Do Not Track and US Privacy Bills. June 24, 2011. Institute for Information Law of the University of Amsterdam and the Berkeley Center for Law & Technology of the University of California School of Law. Online Tracking Protection Workshop. June 22-23, 2011. Online Tracking Protection & Browsers. Regulatory landscape: consent to be tracked? Panelist. June 22-23, 2011. Federated Social Web Europe, Following Social Advertising in the United States. June 3-5, 2011. Rapleaf 2011 Personalization Summit. Personalization and Privacy: A Birds Eye View. Panelist. May 26, 2011. Privacy Identity Innovation (PII) 2011. Panelist. May 18-21, 2011. W3C Workshop. Position paper for the W3C Do Not Track Workshop. Yale ISP, From Mad Men to Mad Bots. Discussion of the Psychology of Online Advertising. March 25-26, 2011. [presentation, 4th panel] Admonsters Conference on Do Not Track. May 3, 2012. Microsoft. Beliefs and Behaviors: Internet Users’ Understanding of Targeted Advertising. October 28, 2010. Carnegie Mellon Silicon Valley Talks on Computing Systems. August 11, 2010. [Video Archive] Google Tech Talk. Privacy Targets: Three User Studies on Internet Privacy and Targeted Advertising. June 1, 2010. [Video] eMetrics panel discussion with Bob Page (Yahoo! Analytics) and John McKean (Center for Information Based Competition.) "The Great Cookie Debate or Your Personally Identifiable Information or Your Life!" October 22, 2009. [Overview] Google Tech Talk. Online Privacy: Industry Self Regulation in Practice. September 17, 2009. [Video | Slides in PDF] |
|
|
|
43rd Research Conference on Communication, Information and Internet Policy (TPRC). Do Not Track for Europe, with Zuiderveen Borgesius, F. J., September 26, 2015. University of Colorado. Silicon Flatirons. November 2, 2011. Symposium On Usable Privacy and Security (SOUPS). The Battle over the Behavioral Advertising Choice Mechanisms. Panelist. [Video] July 22, 2011 9th Workshop on Privacy in the Electronic Society (WPES). Americans’ Attitudes About Internet Behavioral Advertising Practices, with L. F. Cranor. October 4, 2010. 38th Research Conference on Communication, Information and Internet Policy (TPRC). Beliefs and Behaviors: Internet Users’ Understanding of Behavioral Advertising, with L. F. Cranor. October 2, 2010. Privacy Law Scholars Conference (PLSC). Impressions and Privacy: A study of American Internet Users’ Attitudes about Targeted Advertising, with L. F. Cranor. June 3, 2010. Privacy Enhancing Technologies Symposium. A comparative study of online privacy policies and formats, with R. Reeder, P. G. Kelley, and L. F. Cranor. August 5-7 2009. The 36th Research Conference on Communication, Information and Internet Policy (TPRC). The Cost of Reading Privacy Policies, with L. Cranor. Sep 27, 2008. |
|
Towards effective Web privacy notice and choice: a multi-disciplinary perspective. Team member of a multi-university NSF Secure and Trustworthy Cyberspace (SaTC) Frontier award. [NSF press release | Stanford press release] CyLab Usable Privacy and Security Meritorious Achievement Certificate, 2010. Barbara Lazarus Women@IT Fellowship, 2006-7. Received full tuition and stipend support for one year of doctoral scholarship. Friedman Fellowship, summer 2005. Received support for a summer of technology policy work in Washington, DC. |
|
Interviews regarding privacy with CBS, NBC, NPR, The Washington Post, The New York Times, Time Magazine, Tech Republic, The Register, ComputerWorld, Bloomberg BNA, Adweek, Ad Age, Business Insider, Politico, The Atlantic, and many others. California AB 375 was not a project I worked much on, but it touched upon many issues I did work on, so I contributed to news coverage:
Do Not Track efforts generated thousands of articles, few of which I contributed to directly, though I co-chaired the W3C effort. Coverage of research regarding user expectations of Do Not Track:
Coverage of LSO (“Flash cookie”) study:
Coverage of errors in P3P compact policies:
P3P compact policies enforcement actions:
Coverage of mental models of online advertising and behavioral targeting:
Our findings about the value of the time required to read privacy policies were covered by technology and legal publications, and blogged internationally in multiple languages. Highlights:
|
|
Carnegie Mellon University Engineering & Public Policy Ph.D., September, 2010. Thesis: Footprints Near the Surf: Individual Privacy Decisions in Online Contexts. Committee members: Lorrie Faith Cranor (chair), Alessandro Acquisti, Deirdre K. Mulligan, Jon M. Peha. Carnegie Mellon University H. John Heinz School of Public Policy and Management. M.S. in Public Policy and Management with a concentration in Internet Policy, May, 2006. Carnegie Mellon University B.A., Professional Writing, 1993. |