Hello! I am a Privacy Engineer at Netflix. I have provided privacy and cybersecurity expertise on international data protection legislation, autonomous vehicles and other emerging technologies, and threat and risk modeling. My research interests include creating methods for measuring privacy expectations, expanding contextual integrity theory, and developing privacy threat models. I was previously a Lead Privacy & Cybersecurity Scientist at MITRE (a federally funded R&D center acting in the public interest) and a staff researcher at Carnegie Mellon CyLab.
Contact: cbloom (a) netflix com
Connect: linkedin.com/in/carabloom
Discuss: twitter.com/caracbloom
Research Efforts:
MITRE PANOPTIC (TM) - A New Approach to Privacy Threat Modeling
Privacy risk models do not include data-driven threat components, which could increase their effectiveness. We are developing a privacy threat model based on a dataset of real-world privacy attack information. PANOPTIC is a robust, threat agent-agnostic taxonomy of actions that lead to privacy harms, with a partner model for the context of the threat. The threat model can be used to describe privacy attacks and for privacy threat assessments, risk modeling, threat-informed defense, and red teaming.
Privacy Expectations & Norms Measurement
It is incredibly difficult to answer the question: what is appropriate data processing and use? We are creating a novel method for crowdsourcing privacy expectations, codifying them as privacy norms using Contextual Integrity Theory, and using them to develop privacy by design technical requirements and privacy policies for technologies that process personal information.
Please reach out if you are interested in collaborating or learning more about these efforts!
Events & Speaking:
Privacy Threat Modeling: Let's get serious about privacy risk management
Moderator, November 2023
The International Association of Privacy Professionals Privacy. Security. Risk. Conference (IAPP PSR)
The Symposium on Applications of Contextual Integrity
Speaker, September 2023
The Conference on Privacy Engineering Practice & Respect
Program Committee, September 2023
USENIX PEPR
The 2nd Annual Workshop on Privacy Threat Modeling
Program Chair, August 2023
Hosted at the Symposium on Usable Privacy and Security (SOUPS 2023)
Privacy Threat Modeling: The experts' guide on theory & praxis
Invited Speaker, April 2023
Meta & the International Association of Privacy Professionals (IAPP) KnowledgeNet
Privacy Threat Modeling & MITRE PANOPTIC (TM)
Invited Speaker, March 2023
Carnegie Mellon University Privacy Seminar Series
Privacy Threat Modeling
Guest Lecturer, February 2023
The University of Michigan School of Electrical Engineering and Computer Science: EECS 598-09 Privacy-Enhancing Technologies (PETS)
Emerging Technologies and Privacy - How privacy threat modeling can help manage privacy risks
Invited Speaker, February 2023
The University of Texas at Austin Strauss Center for International Security and Law Brumley Speaker Series
Privacy Threat Modeling
Invited Speaker, October 2022
The International Association of Privacy Professionals Privacy. Security. Risk. Conference (IAPP PSR)
Public Surveillance Through the Lens of Contextual Integrity
Speaker, September 2022
The PrivaCI Symposium
Privacy Expectations for Human-Autonomous Vehicle Interactions
Speaker, September 2022
Responsible Robotics (RESP-R) hosted by Robotics4EU
The Workshop on Privacy Threat Modeling
Program Chair & Speaker, August 2022
Hosted at the Symposium on Usable Privacy and Security (SOUPS 2022)
Privacy Threat Modeling
Speaker, June 2022
The Privacy Engineering Practice and Respect Conference (PEPR 2022)
Data De-identification as a Practical Risk Control
Moderator, April 2022
The International Association of Privacy Professionals (IAPP) Global Summit 2022
Publications:
The PANOPTIC Privacy Threat Model
Cara Bloom, Stuart Shapiro, Shelby Slotter, Ben Ballard, Julie McEwen, Mark Paes, Ryan Xu, Samantha Katcher
In submission
Themes in Privacy Threat Modeling
Cara Bloom, Stuart Shapiro, Julie McEwen, Shelby Slotter, Ben Ballard, Mark Paes, Ryan Xu
The Workshop on Privacy Threat Modeling (WPTM 2022)
Privacy Expectations for Human-Autonomous Vehicle Interactions
Cara Bloom, Josiah Emery
The Conference on Robot and Human Interactive Communication (RO-MAN 2022)
Autonomous Vehicle Cyber-Attack Taxonomy (AV|CAT)
Cara Bloom, Kelcey Crawford, Zach LaCelle
Cybersecurity and Infrastructure Security Agency, Department of Homeland Security (DHS CISA)
The CISA Autonomous Vehicle Study of 2020
Cara Bloom, Kelcey Crawford, Anthony Matthews, Bradley Canaday, Zach LaCelle
Cybersecurity and Infrastructure Security Agency, Department of Homeland Security (DHS CISA)
Connected Vehicle Privacy Risks, Best Practices, and Design Patterns
Stuart Shapiro, Cara Bloom
The National Instituted of Standards & Technology (NIST)
Self-driving Cars and Data Collection: Privacy Perceptions of Networked Autonomous Vehicles
Cara Bloom, Jashua Tan, Javed Ramjohn, and Lujo Bauer
The Symposium on Usable Privacy and Security (SOUPS 2017)