Norman Sadeh
Professor, Software and Societal Systems
- WEH 5303
5000 Forbes Avenue
Pittsburgh, PA 15213
Bio
Norman M. Sadeh is a Professor in the School of Computer Science at Carnegie Mellon University (CMU). He is director of CMU’s Mobile Commerce Laboratory and its e-Supply Chain Management Laboratory, co-Founder of the School’s PhD Program in Societal Computing (formerly “Computation, Organizations and Society”) and co-Director of the Privacy Engineering Program. He also co-founded and directs the MBA track in Technology Leadership launched jointly by the Tepper School of Business and the School of Computer Science in 2005. Over the past dozen years, Norman’s primary research focus has been in the area of mobile and pervasive computing, cybersecurity, online privacy, user-oriented machine learning, and semantic web technologies with a particular focus on mobile and social networking.
Norman is also well known for his seminal work in AI planning and scheduling, agent-based supply chain management, workflow management, automated trading and negotiation, including the original design and launch of the international supply chain trading agent competition. Products based on his research have been deployed and commercialized by organizations such as IBM, Raytheon, Mitsubishi, Boeing, Numetrix (eventually acquired by JD Edwards/PeopleSoft/Oracle), ILOG (eventually acquired by IBM), and the US Army. His privacy research has been credited with influencing the design of products at companies such as Facebook and Google as well as activities at the US Federal Trade Commission. Between 2008 and 2011, Norman served as founding CEO of Wombat Security Technologies, a leading provider of innovative cybersecurity training products and anti-phishing solutions originally developed as part of research with several of his colleagues at CMU. As chairman of the board and chief scientist, Norman remains actively involved in the company, working closely with the management team on both business and technology strategies.
Dr. Sadeh has been on the faculty at CMU since 1991. In the late nineties, he was program manager with the European Commission’s ESPRIT research program, prior to serving for two years as Chief Scientist of its US$700M (EUR 550M) initiative in “New Methods of Work and eCommerce” within the Information Society Technologies (IST) program. As such, he was responsible for shaping European research priorities in collaboration with industry and universities across Europe. These activities eventually resulted in the launch of over 200 R&D projects involving over 1,000 European organizations from industry and research. While at the Commission, Norman also contributed to a number of EU policy initiatives related to eCommerce, the Internet, cybersecurity, privacy and entrepreneurship.
Norman received his Ph.D. in Computer Science at CMU with a major in Artificial Intelligence and a minor in Operations Research. He holds a MS degree in computer science from the University of Southern California and a BS/MS degree in electrical engineering and applied physics from the Free University of Brussels (Belgium) as “Ingénieur Civil Physicien”.
Dr. Sadeh has authored over 200 scientific publications. He is also the author of “m-Commerce: Technologies, Services and Business Models”, a best-selling book published by Wiley in April 2002. He served as general chair of the 2003 International Conference on Electronic Commerce and as editor-in-chief of “Electronic Commerce Research Applications” (ECRA). He has served on the editorial board of several other journals and is currently on the board of “I/S: A Journal of Law and Policy for the Information Society”.
Norman is also a visiting professor at Hong Kong University, where he spends 2 weeks each year.
Education
- PhD, Computer Science, Carnegie Mellon University
- MS, Computer Science, University of Southern California
- BSc/MS, Electrical Engineering & Applied Physics, Free University of Brussels
Research
Areas of Research Interest:
|
|
|
|
|
|
|
|
|
|
|
|
|
Projects
Usable Privacy Policies
Natural language privacy policies have become the de facto standard to address expectations of “notice and choice” on the Web. However, users generally do not read these policies and those who do struggle to understand them. Initiatives, such as P3P and Do Not Track aimed to address this problem by developing machine-readable formats to convey a website's data practices. However, many website operators are reluctant to embrace such approaches.
Opt-Out Easy Browser Extension
New study shows dearth of privacy opt-out choices and offers solution to empower users to readily identify choices often buried deep in the text of privacy policies
Personalized Privacy Assistants
The Internet of Things (IoT) and Big Data are making it impractical for people to keep up with the many different ways in which their data can potentially be collected and processed. What is needed is a new, more scalable paradigm that empowers users to regain appropriate control over their data.
Privacy Infrastructure and Assistant for the Internet of Things
Have you ever seen a sign that reads "this area under camera surveillance" and wondered whether the cameras are coupled to facial recognition or scene recognition software, who that footage might be shared with, and for how long it is retained? Until today, there was no standard mechanism to communicate this type of information to people. Yet smart sensors are everywhere. They are part of what is now referred to as the Internet of Things (“IoT”) with billions of devices already deployed today. The IoT Privacy Infrastructure developed at Carnegie Mellon University has been designed to address this problem.
Explore Annotated Privacy Policies
The Walt Disney Company has a rich tradition of bringing great stories, characters and experiences to our guests around the world, and our sites and applications are createdto entertain and connect guests with the best that we have to offer on the platforms and devices our guests prefer. Our privacy policy is designed to provide transparency into our privacy practices and principles, in a format that our guests can navigate, read and understand. We are dedicated to treating your personal information with care and respect.
Privacy Nudging
Smartphone users are often unaware of the data collected by apps running on their devices. We report on a study that evaluates the benefits of giving users an app permission manager and sending them nudges intended to raise their awareness of the data collected by their apps. Our study provides both qualitative and quantitative evidence that these approaches are complementary and can each play a significant role in empowering users to more effectively control their privacy.
LEARN MORE ABOUT DR. SADEH'S PROJECTS
Publications
D. Rodriguez, I. Yang, J.M. Del Alamo, and N. Sadeh, "Large language models: a new approach for privacy policy analysis at scale," Computing, pp. 1-25, 2024.
D. Rodríguez, C. Fernández-Aller, J.M. Del Alamo, and N. Sadeh, "Data Retention Disclosures in the Google Play Store: Opacity Remains the Norm," in Proc. 2024 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), 2024, pp. 19-23.
S. Zhang, L. Klucinec, K. Norton, N. Sadeh, and L. Cranor, "Exploring Expandable-Grid Designs to Make iOS App Privacy Labels More Usable," in Proc. USENIX Symposium on Usable Privacy and Security (SOUPS), 2024.
R. Chen, R. Wang, N. Sadeh, and F. Fang, "Missing Pieces: How Framing Uncertainty Impacts Longitudinal Trust in AI Decision Aids--A Gig Driver Case Study," arXiv preprint arXiv:2404.06432, 2024.
N. Sadeh, B. Liu, A. Das, M. Degeling, and F. Schaub, "Personalized privacy assistant," U.S. Patent Application 18/239,267, 2024.
D. Rodriguez, J.M. Del Alamo, C. Fernández-Aller, and N. Sadeh, "Sharing is not always caring: Delving into personal data transfer compliance in Android apps," IEEE Access, 2024.
D. Rodríguez, C. Fernández, J.M. del_Alamo, and N. Sadeh, "Data Retention Period Disclosures in Privacy Policies," Mendeley Data, 2024.
S. Zhang, L. Klucinec, K. Norton, N. Sadeh, and L.F. Cranor, "Exploring Expandable-Grid Designs to Make iOS App Privacy Labels More Usable," in Proc. Twentieth Symposium on Usable Privacy and Security (SOUPS 2024), 2024, pp. 139-157.
Y. Feng, A. Ravichander, Y. Yao, S. Zhang, and R. Chen, "Understanding How to Inform Blind and Low-Vision Users about Data Privacy through Privacy Question Answering Assistants," in Proc. 33rd USENIX Security Symposium (USENIX Security 24), 2024, pp. 2065-2082.