Tentative Program

Recently, social media has seen a significant uptick in the spread of AI-generated content, especially videos. Videos generated by high-quality models make it difficult for humans and detectors to distinguish between real and fake content, which may open the door to misuse and abuse. We conduct preliminary data collection from TikTok and analysis to set the stage for a two-pronged research approach. Our proposed research directions will (1) systematically evaluate and potentially advance diffusion-based AI video detection models and (2) examine the potential harms, if any, associated with viewing AI-generated videos. (extended PDF)

Generative AI (GenAI) systems and chatbots rely on vast corpora of consumer data. The use of such data for training GenAI has raised concerns around data ownership, copyright issues, and potential harm to consumers. In this work, we explore a related but less examined angle: the ownership and privacy of data originating from deceased individuals. We propose three post-mortem data management principles to guide the protection of deceased individuals' data, and analyze popular GenAI chatbots policies and answers to legacy requests. We plan to systematically audit consumer GenAI chatbots on their behavior regarding post-mortem data management. (extended PDF)

The expansion of business-to-business (B2B) generative AI (gen-AI) services has the potential to transform small business entrepreneurship (SBE). These services can bring productivity benefits and increased financial gains to SBEs, but they also pose potential risks and privacy implications to SBEs and their consumers. Because B2B services are often invisible to consumers, these risks may be transferred with minimal transparency. More work is needed to understand how SBEs select, integrate, and navigate concerns related to gen-AI usage as well as to articulate the norms and expectations that consumers have for SBEs that they engage with. We propose a mixed-methods study consisting of semi-structured interviews of SBEs regarding their usage of B2B gen-AI services, followed by a large-scale vignette study of consumers about their expectations and perceptions of hypothetical SBE use cases for gen-AI. Such findings are an important part of participatory governance of broader gen-AI and protecting consumers as well as SBEs, who are ultimately consumers of B2B services themselves. (extended PDF)

Popular social media platforms TikTok, Facebook and Instagram allow third-parties to run targeted advertising campaigns on sensitive attributes in-platform. These ads are interactive by default, meaning users can comment or "react" (e.g., "like", "love") to them. We find that this platform-level design choice creates a privacy loophole such that advertisers can view the profiles of those who interact with their ads, thus identifying individuals that fulfill certain targeting criteria. This behavior is in contradiction to the promises made by the platforms to hide user data from advertisers. We conclude by suggesting design modifications that could provide users with transparency about the consequences of ad interaction to protect against unintentional disclosure. (extended PDF)

Targeted advertising systems use personal data to deliver customized advertisements, raising significant concerns about discriminatory practices or overexposure to harmful content. One example of such practice is the Pink Tax, where users identified as women are subject to a price increase. Solutions in this space focus primarily on enabling advertising while ensuring privacy protection, overlooking the broader social consequences of algorithmic targeting on individuals and communities. In this talk, we introduce a framework for evaluating targeted advertising systems through harm caused by exposure to ads and advertising utility in terms of alignment of ads with user profile characteristics. Considering both dimensions jointly enables to understand the impact of ads on users while considering (potentially conflicting) interests of all parties involved. Our framework operates in a black-box manner: it feeds (simulated) user profiles to the ad ecosystem via browsing and collects the ads that users are served. Then, it analyzes the ads to infer harmful exposure; and uses an LLM-based framework to evaluate relevance of ads.

We evaluate Google's current ad ecosystem. Using browsing data from 36 German users, we collect 704 personalized ads across categories such as gambling, fashion, technology, and finance. We evaluate these ads and find evidence of a gender bias in gambling advertisement targeting, with 77% of gambling ads delivered to male users, most of whom had not previously visited gambling-related websites. (extended PDF)

Users' perceptions of menstrual tracking privacy is a subject of extensive study, but little attention has been paid to the technical aspects of fertility tracking apps' data handling practices. We propose a measurement study of the fertility tracking app ecosystem, leveraging network and program analysis to explore apps' communications with third party ad networks. Selecting a corpus of fertility tracking apps from the Google Play Stores, we systematize and define user interaction paths to collect data on registration, menstruation journaling, and pregnancy tracking features. Our analysis of TLS-stripped network traffic, which is ongoing, has uncovered examples of apps transmitting fine-grained user data, such as pregnancy status and trimester, to ad networks. However, widespread nested encryption and obfuscation practices motivate a need for incorporating program analysis into the study. (extended PDF)

YouTube has today become the primary news source for many users worldwide, which raises concerns about the role its recommendation algorithm can play in the spread of misinformation and political polarization. Prior work in this area has mainly analyzed how recommendations evolve based on users' watch history within the platform. Nevertheless, recommendations can also depend on off-platform browsing activity that Google collects via trackers on news websites, a factor that has not been considered so far. To fill this gap, we propose a sock-puppet-based experimental framework that automatically interacts with news media articles and then collects YouTube recommendations to measure how cross-site tracking affects the political and misinformation content users see. Moreover, by running our audits in both tracking-permissive and tracking-restrictive browser environments, we assess whether common privacy-focused browsers can protect users from tracking-driven political and misinformation bubbles on YouTube. (extended PDF)

The U.S. Supreme Court's 2025 decision in Free Speech Coalition v. Paxton established that age verification systems must be "adequately tailored" to avoid undue burdens on adults' First Amendment rights. We conducted an IRB-approved, deceptive web experiment (n = 1635) examining how different age verification methods affect adults' decisions to access R-rated content. Completion rates varied significantly: checkbox self-attestation achieved 99%, government-ID methods only 23-27% regardless of data-handling reassurances, email-based estimation 86%, and AI facial estimation 51%. Follow-up survey responses (n = 884) revealed concerns about privacy, surveillance, and data security. These findings suggest that technically robust verification methods may be ineffective in practice if users systematically decline to comply. (extended PDF)

Digital identity frameworks (DIFs) are systems that enable users to obtain authenticated attributes (electronic identity documents, membership certificates) from issuers (governments, banks, private institutions) and store them in a digital wallet. Later, users can present (a portion of) such attributes to relying parties or verifiers (to obtain access to services, to prove eligibility for benefits, etc.). DIFs are being proposed and deployed in multiple jurisdictions worldwide, often backed by regulations. A prominent example is the European Union's proposed eIDAS 2.0 regulation, which envisions a broad ecosystem of attribute issuers, relying parties, and use cases. In the US, the development of mobile driver's licenses goes in the same direction. The privacy of these systems (or lack thereof) is an important consideration for consumers, and can hinder their deployment and acceptance. Therefore, much of the discussion around these systems revolves on how DIFs can be built while limiting information flows.

We argue that focusing the discussion on information flows actually impedes an open discussion of the harms stemming from introducing DIFs in our daily digital interactions. The lack of discussion prevents consumers from understanding the implications of using DIFs, prevents researchers from studying solutions that prevent wider harms, and prevents policy makers from producing effective regulations that can protect researchers. To aid in this debate, we identify harms that stem from introducing a digital identity framework, from using it as a tool to present verified attributes to enable digital interactions, and from particular implementation decisions. Some of these harms are inherent to the technology and its intended uses, and thus cannot be removed; and some depend on design decisions and might be mitigated by concrete implementations. We illustrate how these harms can materialize in a preliminary analysis of DIF-based age verification, an application of DIF gaining importance across the globe. (extended PDF)

While much attention has been given recently to Immigration and Customs Enforcement (ICE), the treatment of the people detained by ICE, and the treatment of those who protest ICE's actions, less attention has been given to exactly how ICE locates and tracks the people it targets. They do this, in part, through an immigration surveillance app (SmartLINK) that many migrants are required to installed on their phones. Migrants that have SmartLINK installed on their phones have their location tracked and must do "check-ins" that use face and voice recognition at random times. This app was developed for ICE by a private contractor, BI, in 2018.

There are publicly-available documents (e.g., contracts) describing how the app should behave, but it is unclear if SmartLINK currently complies with these terms or if there have been incidents of non-compliance in the past. Given the sensitive nature of the data collected by this app and the fact that it is developed by a government contractor, there is an opportunity to conduct a technical audit of the app that (similar to tax audits) includes historical records to evaluate contractual and regulatory compliance. To this end, we propose a retrospective, technical analysis of SmartLINK and relevant public records to answer, to the extent possible: has BI been transparent and honest---currently and historically---about the data practices of SmartLINK? (extended PDF)

Secondhand shopping has grown increasingly popular, particularly through consumer-to-consumer (C2C) platforms such as Facebook Marketplace, eBay, and OfferUp. Devices sold in such marketplaces must be properly digitally sanitized to ensure the security and privacy of the previous owner; however, prior work has repeatedly shown that secondhand devices often retain recoverable, sensitive data, and that consumers of such devices frequently lack a complete understanding of effective device sanitation. These studies are generally conducted independent of each other, such that they typically focus on either the persistence of remnant data, or user perceptions of deletion, but not both. To address this research gap, we propose a holistic study which traces a secondhand device seller's initial perception of device sanitization and their actual actions on the device before sale, to the actual data left on device and the seller's reaction to it. Clarifying this underexplored relationship is critical to protecting consumers in the rapidly expanding secondhand market. (extended PDF)

Discussions of online review manipulation often focus on intentionally dishonest practices, such as fake reviews. A far broader set of practices may influence the likelihood that consumers write reviews and the content of those reviews. These other practices may not intentionally deceive and may even offer some benefits to consumers. For example, a product manufacturer may aggressively urge customers to write reviews, resulting in additional honest review information for future customers. Even in the absence of ill intent, these practices may distort reviews and their details in ways that directly influence the purchasing decisions of prospective customers or do so indirectly via automated systems that rely on reviews. We propose to explore these dynamics by compiling relevant practices, evaluating the impact of those practices on consumer reviewing behavior and automated systems, assembling possible interventions, and assessing the impact of interventions on consumer perception and behavior. (extended PDF)

Tony Batalla serves as the Chief Information Officer & Director of Information Technology. Tony brings nearly 20 years of IT administration and management experience in the public and private sectors. Previously, as the Chief Technology Officer for the City of San Leandro, Tony negotiated agreements with Internet Service Providers to utilize the City's fiber and broadband assets to develop a low-cost, high-speed residential Internet service. He also launched a free, public Wi-Fi system and modernized the City's IT infrastructure and internal services.

Tony has a bachelor's degree in Information Systems from University of San Francisco and an MBA from the UCLA Anderson School of Management. He also serves on the Board of Directors of Family Resource Navigators, a non-profit that serves families of children with disabilities throughout Alameda County.

Dr. Jennifer King is the Privacy and Data Policy Fellow at the Stanford University Institute for Human-Centered Artificial Intelligence. An information scientist by training, Dr. King is a recognized expert in information privacy. Sitting at the intersection of human-computer interaction, law and policy, and the social sciences, her research examines the public’s understanding and expectations of online privacy, the social impacts of technology design, and the policy implications of emerging technologies. Her current areas of research focus include AI and data policy, the use of consumer data for AI model training, regulating digital design, data broker compliance with the California Consumer Privacy Act, and manipulative algorithmic and interface design.

Her past work includes projects focusing on digital consent, genetic privacy, mobile application platforms, location privacy, and digital surveillance. Her scholarship has been recognized for its impact on policymaking by the Future of Privacy Forum, and she has been an invited speaker before the Federal Trade Commission and has testified before the U.S. Congress. In 2024 UC Berkeley awarded her their inaugural Tech Integrity Award for excellence in academic research.

Dr. King completed her doctorate and master’s degrees in Information Management and Systems at the University of California, Berkeley School of Information. Prior to joining HAI, Dr. King was the Director of Consumer Privacy at the Center for Internet and Society at Stanford Law school from 2018 to 2020. Before coming to Stanford, she was a co-director of the Center for Technology, Society, and Policy, a graduate student-led research center at UC Berkeley, and was a privacy researcher at the Samuelson Law, Technology, and Public Policy Clinic at Berkeley Law. She received her undergraduate degree in Political Science and Sociology from the University of California, Irvine. Prior to entering academia she worked in security and in product management for several Internet companies, most notably Yahoo!.

Inioluwa Deborah Raji is a researcher at UC Berkeley interested in algorithmic auditing. She is currently an Academic Fellow at the Leadership Conference on Civil and Human Rights, and was formerly a Senior Trustworthy AI Fellow at the Mozilla Foundation. She has worked closely with industry, civil society and within academia to push forward various projects to operationalize ethical considerations in machine learning practice, and push forward benchmarking and model evaluation norms in the field. She works on various topics related to the legal and institutional accountability required for machine learning systems to be deployed safely. More specifically, she is interested in (1) how model engineering choices (from evaluation to data choices in model development) impact model behaviour and outcomes in deployment, (2) how different stakeholders participate in, interpret and make use of measurements of machine learning model performance in deployment, and (3) what this means in terms of consumer protection, product liability, procurement, anti-discrimination practice and other forms of legal and institutional accountability related to functional harms.

Ms. Raji is on the advisory boards for the Center for Democracy and Technology AI Governance Lab, the Health AI Partnership, TeachAI, REALML and the Center for Civil Rights and Technology, and others. For her efforts, she has been named to Forbes 30 Under 30, MIT Tech Review 35 Under 35 Innovators and the TIME 100 Most Influential in AI, is the recipient of the 2024 Tech For Humanity Prize, and the 2024 Mozilla Rise 25 award, as well as the co-recipient of the EFF Pioneer Barlow Award with Joy Buolamwini and Timnit Gebru. She received her Bachelors of Applied Science in Engineering Science from the University of Toronto and is currently completing her PhD in computer science from the University of California, Berkeley.

Her work applies to a broad range of machine learning deployments — including automated decision systems, recommendation systems, and large pre-trained models. Her interests operate at the intersection of law and policy, applied economics and computer science.