Sebastian Zimmeck

Information Privacy & Security

Department of Mathematics and Computer Science, Wesleyan University
Science Tower 655, 265 Church Street, Middletown, CT 06459-0128


https://privacytechlab.org
https://www.wesleyan.edu/academics/faculty/szimmeck/profile.html

Work

2018–.... Department of Mathematics and Computer Science, Wesleyan University
Assistant Professor of Computer Science

2016-2018 Institute for Software Research, School of Computer Science, Carnegie Mellon University
Postdoctoral Associate

2012-2016 Department of Computer Science, Columbia University
Research Assistant

2011-2013 Berkeley Center for Law & Technology, University of California
Google Research Fellow

2006–2009 Freshfields Bruckhaus Deringer LLP
Attorney at Law

Education

2012–2016 Graduate School of Arts & Sciences, Columbia University
Ph.D. (Computer Science)
Doctoral thesis advisor: Steven M. Bellovin

2009–2011 Fu Foundation School of Engineering & Applied Science, Columbia University
M.S. (Computer Science)

2005–2006 Berkeley School of Law, University of California
Master of Laws (LL.M.)

2003–2008 University of Kiel School of Law, Germany
Ph.D. (Law)
Doctoral thesis advisor: Andreas Hoyer

2003 University of Kiel School of Law, Germany
First State Examination (J.D.)

Publications

https://scholar.google.com/citations?user=2YlFc5wAAAAJ&hl=en
* Peer-reviewed, Wesleyan Student, Equal Contributor, Abstract/Poster/Short Paper

P23

Improving Internet Privacy with Global Privacy Control (GPC)
Sebastian Zimmeck
5th NSF Secure and Trustworthy Cyberspace Principal Investigator Meeting (2022 SaTC PI Meeting)
Arlington, Virginia, USA, June 2022

[1 page]

P22

PrivacyFlash Pro: Automating Privacy Policy Generation for Mobile Apps *
Sebastian Zimmeck, Rafael Goldstein and David Baraka
28th Network & Distributed System Security Symposium (NDSS)
Online Event, February 2021
(Also presented at iOSoho - New York City’s largest iOS Engineer Meetup)

[18 pages]

P21

Standardizing and Implementing Do Not Sell *
Sebastian Zimmeck and Kuba Alicki
19th ACM Workshop on Privacy in the Electronic Society (WPES)
Online Event, November 2020

[6 pages]

P20

Compliance Traceability: Privacy Policies as Software Development Artifacts
Sebastian Zimmeck, Peter Story, Rafael Goldstein , David Baraka , Shaoyan Li, Yuanyuan Feng and Norman Sadeh
Open Day for Privacy, Usability, and Transparency (PUT)
Stockholm, Sweden, July 2019

[2 pages]

P19

MAPS: Scaling Privacy Compliance Analysis to a Million Apps *
Sebastian Zimmeck , Peter Story , Abhilasha Ravichander, Daniel Smullen, Ziqi Wang, Joel Reidenberg, N. Cameron Russell and Norman Sadeh
19th Privacy Enhancing Technologies Symposium (PETS)
Stockholm, Sweden, July 2019
(Also presented at NESD 2019)

[21 pages]

P18

Natural Language Processing for Mobile App Privacy Compliance *
Peter Story , Sebastian Zimmeck , Abhilasha Ravichander, Daniel Smullen, Ziqi Wang, Joel Reidenberg, N. Cameron Russell and Norman Sadeh
AAAI 2019 Spring Symposium on Privacy-Enhancing Artificial Intelligence and Language Technologies (PAL)
Palo Alto, CA, USA, March 2019

[9 pages]

P17

Analyzing Privacy Policies at Scale: From Crowdsourcing to Automated Annotations
Shomir Wilson, Florian Schaub, Frederick Liu, Kanthashree Mysore Sathyendra, Daniel Smullen, Sebastian Zimmeck, Rohan Ramanath, Peter Story, Fei Liu, Norman Sadeh and Noah A. Smith
ACM Transactions on the Web (TWEB) August 2018

[27 pages]

P16

Which Apps have Privacy Policies? *
Peter Story, Sebastian Zimmeck and Norman Sadeh
6th Annual Privacy Forum (APF)
Barcelona, Spain, June 2018
(Also presented at PrivacyCon 2018 and published as Tech Report, CMU-ISR-18-100)

[22 pages]

P15

Towards Automatic Classification of Privacy Policy Text
Frederik Liu, Shomir Wilson, Peter Story, Sebastian Zimmeck and Norman Sadeh
Tech Report, CMU-ISR-17-118R, CMU-LTI-17-010
Pittsburgh, PA, USA, June 2018

[11 pages]

P14

Identifying the Provision of Choices in Privacy Policy Text *
Kanthashree Mysore Sathyendra, Shomir Wilson, Florian Schaub, Sebastian Zimmeck and Norman Sadeh
Conference on Empirical Methods in Natural Language Processing (EMNLP)
Copenhagen, Denmark, September 2017

[6 pages]

P13

A Privacy Analysis of Cross-device Tracking *
Sebastian Zimmeck, Jie S. Li, Hyungtae Kim, Steven M. Bellovin and Tony Jebara
26th USENIX Security Symposium (USENIX Security)
Vancouver, BC, CA, August 2017

[19 pages]

P12

Using Machine Learning to Improve Internet Privacy
Sebastian Zimmeck
Columbia University Academic Commons
New York, NY, USA, March 2017

[183 pages]

P11

Automated Analysis of Privacy Requirements for Mobile Apps *
Sebastian Zimmeck, Ziqi Wang, Lieyong Zou, Roger Iyengar, Bin Liu, Florian Schaub, Shomir Wilson, Norman Sadeh, Steven M. Bellovin and Joel Reidenberg
24th Network & Distributed System Security Symposium (NDSS)
San Diego, CA, USA, February 2017
(Also presented at SOUPS 2017, PrivacyCon 2017, and PLT 2016)

[15 pages]

P10

The Creation and Analysis of a Website Privacy Policy Corpus *
Shomir Wilson, Florian Schaub, Aswarth Abhilash Dara, Frederick Liu, Sushain Cherivirala, Pedro Giovanni Leon, Mads Schaarup Andersen, Sebastian Zimmeck, Kanthashree Mysore Sathyendra, N. Cameron Russell, Thomas B. Norton, Eduard Hovy, Joel Reidenberg and Norman Sadeh
54th Annual Meeting of the Association for Computational Linguistics (ACL)
Berlin, Germany, August 2016

[11 pages]

P09

Demystifying Privacy Policies with Language Technologies: Progress and Challenges *
Shomir Wilson, Florian Schaub, Aswarth Dara, Sushain K. Cherivirala, Sebastian Zimmeck, Mads Schaarup Andersen, Pedro Giovanni Leon, Eduard Hovy and Norman Sadeh
LREC 1st Workshop on Text Analytics for Cybersecurity and Online Safety 2016 (TA-COS)
Portorož, Slovenia, May 2016

[6 pages]

P08

“I don’t have a photograph, but you can have my footprints.” – Revealing the Demographics of Location Data *
Chris Riederer, Sebastian Zimmeck, Coralie Phanord, Augustin Chaintreau and Steven M. Bellovin
3rd ACM Conference on Online Social Networks (COSN)
Palo Alto, CA, USA, November 2015
(Also presented at ICWSM 2015, PLSC 2015, NetMob 2015, and COSN 2014)

[11 pages]

P07

Privee: An Architecture for Automatically Analyzing Web Privacy Policies *
Sebastian Zimmeck and Steven M. Bellovin
23rd USENIX Security Symposium (USENIX Security)
San Diego, CA, USA, August 2014
(Also presented at PLSC 2014 and FoPNaC 2014)

[17 pages]

P06

When Enough is Enough: Location Tracking, Mosaic Theory, and Machine Learning *
Steven M. Bellovin, Renée M. Hutchins, Tony Jebara and Sebastian Zimmeck
8 N.Y.U. J.L. Liberty, 556 (2014)
(Also presented at PLSC 2013)

[74 pages]

P05

The Information Privacy Law of Web Applications and Cloud Computing *
Sebastian Zimmeck
29 Santa Clara Computer & High Tech. L.J. 451 (2013)

[38 pages]

P04

A Game-theoretic Model for Reasonable Royalty Calculation *
Sebastian Zimmeck
22 Alb. L.J. Sci. & Tech. 357 (2012)

[53 pages]

P03

Use of Functional Claim Elements for Patenting Computer Programs *
Sebastian Zimmeck
12 J. High Tech. L. 168 (2011)

[63 pages]

P02

Patent Eligibility of Programming Languages and Tools *
Sebastian Zimmeck
13 Tul. J. Tech. & Intell. Prop. 133 (2010)

[30 pages]

P01

Grundlagen der Nutzungsrechtsübertragung an Urheberrechtlich Geschützten Computerprogrammen durch den Lizenznehmer *
Sebastian Zimmeck
1 ZGE 324 (2009)

[33 pages]

Blog Posts

BP13

How to Implement Global Privacy Control (GPC) for Publishers (with Aram Zucker-Scharff)
Global Privacy Control Official Site
September 14, 2022

BP12

Comment on the Proposed Regulations under the California Consumer Privacy Act of 2020
California Privacy Protection Agency
August 21, 2022

BP11

Pre-Rulemaking Considerations for the Colorado Privacy Act
Office of the Colorado Attorney General
July 4, 2022

BP10

The Data Rights Protocol: Threading Privacy Rights into the Internet
MIT Computational Law Report
January 18, 2022

BP09

Data Rights Protocol and Global Privacy Control
Consumer Reports Digital Lab Blog
January 13, 2022

BP08

Comment on the Proposed Rulemaking under the California Consumer Privacy Act of 2020 (Proceeding No. 01-21)
California Privacy Protection Agency
November 8, 2021

BP07

Opting Out May Not Prevent Websites From Collecting Your Data
Medium
July 17, 2021

BP06

Protect Your Online Privacy with Global Privacy Control (GPC)
Medium
October 24, 2020

BP05

The Privacy of COVID-19 Apps – Reopening Alphaville
The Startup (Medium)
May 18, 2020

BP04

The CCPA is here! Now what?
Dev.to and The Startup (Medium)
January 8, 2020

BP03

How Mobile App Permissions (Don’t) Protect Privacy
The Startup (Medium)
June 6, 2019

BP02

Social Debt: Why Software Developers Should Think Beyond Tech
Medium
January 20, 2019

BP01

The Galaxy Nexus: Still Around After All These Years
Medium
May 27, 2018

Talks

T28 Privacy Pioneer: Automating the Creation of Privacy Labels for Websites

T27 Emerging State Privacy Laws: Are They Working for Consumers and Businesses?

T26 Cryptography for Cryptocurrencies: The Technologies Behind the Blockchain

T25 Data Rights Summit

T24 Shasha Seminar: “Deep Fakes in the Age of Misinformation”

T23 Global Privacy Control (GPC)

T22 Standardizing and Implementing Do Not Sell

T21 “Getting Hacked is Contagious” – National Cybersecurity Awareness Month

T20 Data Privacy & Contact Tracing

T19 Feature Discussion Series on Privacy for iOS with iOS YouTuber Brian Advent

T18 PrivacyFlash Pro: Generating Privacy Policies from App Code

T17 Developing Privacy Policies for iOS Apps

T16 Cryptography Essentials

T15 What Are You Consenting To? A Panel on Data Privacy and Consent

T14 Mobile App Tracking: Technologies and Privacy Challenges

T13 Transparency & Notice: Third Parties and Cross-Device Ad Targeting in the Context of the CCPA

T12 On Big Data

T11 Compliance Traceability: Privacy Policies as Software Development Artifacts (Lightning Talk)

T10 Alternative Data

T09 MAPS: Scaling Privacy Compliance Analysis to a Million Apps

T08 Social Debt: Why Software Developers Need to Go Beyond Tech

T07 A Random Walk Down Silicon Alley

T06 A Privacy Analysis of Cross-device Tracking

T05 Automated Privacy Requirement Analysis for Mobile Apps

T04 Privacy Implications of Machine Learning

T03 Privee: An Architecture for Automatically Analyzing Web Privacy Policies

T02 Leveraging Technology to Improve Notice and Choice

T01 When Enough is Enough: Location Tracking, the Fourth Amendment, and Machine Learning

Research Team

F22-... Kate Hausladen ‘23
S22-... Judeley Jean-Charles ‘24
S22-... Joe Champeau ‘24
S22-... Jocelyn Wang ‘24
S22–... Justin Casler ‘24
S22–... Sophie Eng ‘25
S21–... Oliver Wang ‘24
S21–S22 Chunyue Ma ‘22
S21–F21 Stanley Markman ‘23,
S21 Kiryl Beliauski, ‘23
S21–... Logan Brown ‘23
S21–... Daniel Goldelman ‘23
S21–... Bella Tassone ‘24
S21–... Eliza Kuller ‘23
F20–S22 Owen Kaplan ‘22
F20 Abdallah Salia ‘22
F20–S21 Daniel Knopf ‘22
S20–S22 Kuba Alicki ‘22
S20 Phil Kaelbling ‘22
F19 Sarah Jin ‘21
S19–S21 David Baraka ‘21
F18-S21 Rafael Goldstein ‘21

Awards & Grants

A&G11 Collaborative Research: EAGER: Cross-platform Election Advertising Transparency Initiative ($260K)
With Erika Franklin-Fowler
2022–2024, National Science Foundation
https://nsf.gov/awardsearch/showAward?AWD_ID=2235006

A&G10 Google Research Scholar Award ($60K)
2022–TBD, Google
https://research.google/outreach/research-scholar-program/recipients/?category=2022

A&G09 Design, Development, and Testing of a Generalizable Active Privacy Choice Mechanism ($34.9K)
2021–2023, Alfred P. Sloan Foundation
https://sloan.org/grant-detail/9631

A&G08 SaTC: CORE: Small: Improving Internet Privacy with Global Privacy Control ($266K)
2020–2023, National Science Foundation
https://nsf.gov/awardsearch/showAward?AWD_ID=2055196

A&G07 Anil Fernando Grant
2022 ($1,500), 2021 ($950), 2020 ($1,400), 2019 ($900)

A&G06 Allbritton Grant for Support of a Faculty Study Group ($1K)
With Abigail Hornstein and Karl Boulware
2018, Allbritton Center for the Study of Public Life, Wesleyan University

A&G05 Research Grant ($5K)
2015, Comcast

A&G04 Community Service Award
2014, Computer Science Department, Columbia University

A&G03 Graduate Research Assistant Fellowship
2012–2016, Computer Science Department, Columbia University

A&G02 Research Fellowship
2011-2013, Google/Berkeley Center for Law & Technology

A&G01 Student Fellowship
2005 – 2006, German Academic Exchange Service

Thesis Advising

TA4 Fairness & Social Influence Maximization
Schuyler Sloman ‘22
Spring 2022 (Thesis reader)

TA3 Privacy Pioneer: Creating an Automated Data-Privacy UI for Web Browsers
Owen Kaplan ‘22
Spring 2022 (Thesis advisor)

TA2 Don’t Sell Our Data: Exploring CCPA Compliance via Automated Privacy Signal Detection
Kuba Alicki ‘22
Spring 2022 (Thesis advisor)

TA1 All My Friends Are Fake: A Node-By-Node Approach to Social Network Classification
Isaac Jacobs ‘20
Spring 2020 (Thesis reader)

Teaching

T4 COMP 333: Software Engineering
Spring 2022, Spring 2021
Software engineering is the application of engineering principles to the software development process. Eliciting requirements from stakeholders, designing the architecture of a program, performing usability studies, and testing a codebase are some of the aspects that elevate program development to software engineering. Focusing on web and mobile apps, students in this course will gain expertise in state-of-the-art frontend, backend, and mobile technologies, as well as related tooling. We will also cover the collaborative organization of software projects, software licensing, software business models, and ethical considerations for professional software engineers.

T3 COMP 114: How to Talk to Machines
Fall 2022, Fall 2020, Fall 2019, Spring 2019
How do we tell robots and computers how to do what they do? Getting a handle on this question is the goal of this course. Since telling a device how to do something depends a lot on what that device can do, along the way we will learn a bit about what is “in the box.” We will start with the kind of programming one might use to instruct a robot how to interact with the world around it. That will lead us to the Turing machine, a beautiful mathematical model of a computer. We will adapt that model to something that is closer to how most computer systems today are designed. We will end with an introduction to high-level programming, learning the fundamentals of programming in a language such as Python or Java. The goal of the course is to understand not just programming, but how computers are designed, and how those designs are reflected in the way we program them.

T2 COMP 360: Information Security and Privacy
Spring 2023, Spring 2020, Fall 2018
This course explores principles and practical applications of computer security and privacy. Some of the topics covered include static and dynamic code analysis, secure authentication, privacy enhancing technologies, usable privacy and security, and web tracking. It will also touch upon theoretical areas, such as basic cryptographic concepts as well as differential privacy. The course has the objective to provide students with the conceptual knowledge and technical skills to identify and resolve privacy and security issues in the design, development, and evaluation of information systems.

T1 COMP 423/4: Advanced Information Security and Privacy Research Seminar, Undergraduate
Spring 2022, Fall 2021 (COMP 409), Spring 2021, Fall 2020, Spring 2020, Fall 2019, Spring 2019, Fall 2018 (COMP 411)
In this research seminar students will work together on a research project that is advancing knowledge in information security and privacy. During their work they will not only gain experience in security and privacy, but in web and mobile app engineering as well. Students will also have the opportunity to co-author a paper to be submitted at a top-tier academic security and privacy venue.

Academic Service

2022 NSF Review Panel Computer Science and Engineering (October) (CISE)
2022 NSF Review Panel Computer Science and Engineering (April/May) (CISE)
2022 NSF Review Panel and Ad Hoc Review Computer Science and Engineering (CISE)
2021 NSF Review Panel Computer Science and Engineering (CISE)
2019 AAAI 2019 Spring Symposium on Privacy-Enhancing Artificial Intelligence and Language Technologies (PAL)
2018 International World Wide Web Conference (WWW)
2016 Privacy Enhancing Technologies Symposium (PETS)
2015 ACM Transactions on Information and System Security (TISSEC)
2013 IEEE Security & Privacy (S&P)
2013 20th ACM Conference on Computer and Communications Security (CCS)
2013 1st ACM Conference on Online Social Networks (COSN)

Community Service

F22-... Mathematics & Computer Science Faculty Search Committee Co-lead
F22-... Mathematics & Computer Science Website Coordinator
S22-... Computer Science Undergrad Club Code_Wes
F19-S21 Computer Science Advisory Committee (CADCOM)
F18–... Computer Science Lecture Series
F18–... Security Advisory Group
F18-S20 Library Committee and Science Library Faculty Committee
F18-S20 Financial Economics Faculty Study Group

Associations

2021-.... Applied Computational Data Analysis Fellow
https://www.wesleyan.edu/qac/index.html

2021-.... Consumer Reports Data Rights Protocol Technical Advisors Board
https://github.com/consumer-reports-digital-lab/data-rights-protocol

2020-.... Global Privacy Control Group Co-founder
https://globalprivacycontrol.org/

2020-.... W3C Privacy Community Group
https://www.w3.org/community/privacycg/

2019-2021 Governance Research in Artificial Intelligence Leadership (GRAIL) Network
https://grailnetwork.org/

2010-.... The State Bar of California (Inactive status)
https://www.calbar.ca.gov/


Last updated: --- Privacy Policy --- PGP Public Key --- Theme by Eliseo Papa