More and more users upload personal data to social networking apps with the expectation of security. When a private Facebook location or a Twitter e-mail address inadvertently slips out, it often stems from botched privacy policy code written in an ad hoc fashion by programmers.
MIT Ph.D. student Jean Yang doesn’t think developers should be messing with the privacy code in the first place.
Yang and her team in the MIT Computer Science and Artificial Intelligence Lab have created Jeeves, an open-source programming language with built-in privacy features, implemented in both Python and Scala.
“It is increasingly important for applications to protect user privacy,” Yang wrote on the Jeeves website. “Unfortunately, it is often non-trivial for programmers to enforce privacy policies. We have developed Jeeves to make it easier for programmers to enforce information flow policies: policies that describe who can see what information flows through a program.”
The language allows programmers to write something called a policy-agnostic program, which separately implements information flow policies from other program functionality. Programmers can specify different labels for more-sensitive information, like labeling a user’s GPS location as a high-confidentiality facet.
A given privacy policy will automatically determine the facets and labels of the app, ensuring that when a programmer adds new features the code won’t violate existing privacy settings. For example, if a new Facebook app tags a user in an unwanted photo, the app wouldn’t publish the tag if it violated Jeeves’ predefined settings.
Jeeves was originally developed as a research project of a new language design approach. The Jeeves library, which rewrites code on the fly to operate according to its defined semantics, makes the Python and Scala versions possible.
Jeeves’ Scala code is available on Google Code, and the Python implementation is hosted on GitHub.