Speaker: Giles Hogben (Director of Privacy Engineering, Android/Google)

Title: Exposure Notification API Privacy and Security

Abstract: Google Apple Exposure Notifications uses smartphone BLE broadcasts to support public health authorities by informing users when they have been exposed to someone infected with COVID-19. Privacy and security have been top priorities in designing the system. The talk will cover the key design considerations and the privacy and security risks and mitigations considered.

Bio: Dr Giles Hogben is Director of Privacy Engineering at Google, where he leads the Android privacy team and the security and privacy design of the Google Apple Exposure Notifications system (GAEN). He previously worked in privacy and security research at the European Network and Information Security Agency and the European Commission Joint Research Center. He graduated in Physics and Philosophy from Oxford University, UK and obtained his PhD in Security Engineering from Gdansk University, Poland.

Speaker: Pablo Rodriguez (RadarCovid group with Spanish Secretary of State for AI and Digitalization)

Title: RadarCovid: Assessing the Epidemiological Impact of Digital Contact Tracing

Abstract: Digital contact tracing (DCT) has been argued to be a valuable complement to manual contact tracing in the critical task of containment of COVID-19 disease, however there is a shortage of controlled experimental studies analysing the effectiveness of DCT in a real population during an epidemic outbreak.

We designed and conducted a 4-week population-based controlled experiment that took place in La Gomera, Canary Islands, from 29th June to 22nd July 2020. Performance was evaluated against a range of seven KPIs: adoption, adherence, compliance, turnaround time, follow-up, overall detection, and hidden detection.

Bio: Pablo Rodriguez (PhD Swiss Federal Institute of Technology, 2000) has been the founding CEO of Telefonica Alpha, Telefonica’s long term disruptive research unit to solve social problems through technology (Moonshots). Prior he led Telefonica’s corporate research lab and incubator to drive new business opportunities. He has also worked in several Silicon Valley startups and corporations such as Inktomi, Microsoft Research, Bell-Labs, and as a faculty at Columbia University. At Microsoft Research he helped re-architect the Windows Updates system to distribute security patches to millions using P2P networks. At Telefonica he launched Telefonica’s Video Content Delivery Network to more than 40M viewers. In 2009, he co-founded the Data Transparency Lab NGO to drive data privacy and transparency, and in 2018 he launched a book on the impact of AI in the world and people’s lives. He has participated on the advisory board of Akamai, EPFL, the Catalan Foundation for Research, LaBoral Art Center, Microsoft Innovation Program, and IMDEA Networks. He received the “Prix de la Recherche” for research excellence in France (2000) and the IEEE/Infocom Test of Time Award. He is an IEEE Fellow and ACM Fellow.

Speaker: Ramesh Raskar (Associate Professor, MIT and Founder, PathCheck Foundation)

Title: Manual Plus Digital Contact Tracing and Fusion with Covid19 Testing Platforms

Abstract: Manual contact tracing is a top-down solution that starts with contact tracers at the public health level, who identify the contacts of infected individuals, interview them to get additional context about the exposure, and also monitor their symptoms and support them until the incubation period is passed. On the other hand, digital contact tracing is a bottom-up solution that starts with citizens who on obtaining a notification about possible exposure to an infected individual may choose to ignore the notification, get tested to determine if they were actually exposed or self-isolate and monitor their symptoms over the next two weeks. Most experts recommend a combination of manual contact tracing and digital contact advice but they are not based on a scientific basis. For example, a possible hybrid solution could involve a smartphone based alert that requests the possible contact of an infected individual to call the Public Health (PH) number for next steps, or in some cases, suggest ways to self-assess in order to reduce the burden on PH so only most critical cases require a phone conversation. Similarly, Covid19 testing platforms utilize a hybrid manual and digital platforms. Unfortunately, these hybrids currently have a poor record on privacy, cost, efficiency and user behavior. Our research at MIT and implementation at PathCheck Foundation is looking at these hybrid manual and digital solutions using techniques such as Split Learning (a variant of Federated Learning), multi party computation and on-device calculations.

Bio: Ramesh Raskar is an Associate Professor at MIT Media Lab and founder of the PathCheck Foundation. His focus is on AI, privacy and digital health. PathCheck Foundation, is the world’s largest non profit, privacy-preserving, open source repo for Covid19. The foundation helps nations and states with Covid19 exposure notification and case management solutions (app, server, dashboard) and has contracts in multiple US states and nations. He received the Lemelson Award (2016), ACM SIGGRAPH Achievement Award (2017), DARPA Young Faculty Award (2009), Alfred P. Sloan Research Fellowship (2009) and TR100 Award from MIT Technology Review (2004). He holds 90+ US patents. He has worked on special research projects at Google [X], Facebook: to launch the first health innovation team, and Apple: privacy + health, and co-founded/advised several companies.

Speaker: Sharad Mehrotra (UCI)

Title: Organizational Approach to Help Prevent Spread of COVID-19 while Ensuring User Privacy

Abstract: This talk describes a novel approach to empower organizations to mitigate spread of COVID-19 at their premises by exploiting connection events between mobile devices carried by individuals and the WiFi infrastructure. There are several advantages of the proposed approach. First, it takes an organizational perspective and is intended to help organizations, small and large, keep employees safe and ensure safety on their premises by exploiting network data (already being generated by their network infrastructures). Second, it is decentralized, i.e., instead of empowering/trusting a small number of organizations such as mobile OS companies, it empowers organizations to assume joint responsibility to implement safety measures at their premises. Third, it offers a fully privacy-preserving solution based on computationally and informationally secure cryptography with strong security properties guaranteeing privacy of individuals, including those who might be exposed or carriers. This will prevent misuse of the data collected by any entity against the will of the individuals. Fourth, it is based on connectivity events already generated by existing WiFi infrastructure and does not require users of the network to either download any application and/or give explicit permissions (which is known to limit adoption). Finally, it offers a path to implement technology not just to help with contact tracing but empowers organizations with awareness about effectiveness of their policies/strategies such as social distancing, disinfecting/cleaning schedules, etc.

Bio: Sharad Mehrotra received the PhD degree in computer science from the University of Texas, Austin, in 1993. He is currently a professor in the Department of Computer Science, University of California, Irvine. Previously, he was a professor with the University of Illinois at Urbana Champaign. He has received numerous awards and honors, including the 2011 SIGMOD Best Paper Award, 2007 DASFAA Best Paper Award, SIGMOD test of time award, 2012, DASFAA ten year best paper awards for 2013 and 2014, ACM ICMR best paper award for 2013, IEEE NCA Best paper award for 2019, Dean’s Award for Research 2016, and CAREER Award in 1998 from the US National Science Foundation (NSF). He has served as PI for a large multidisciplinary multi institution NSF ITR Project on crisis response, and is currently leading a DARPA Brandeis Project that has helped create one of a kind smartspace testbed at UCI resulting in an IoT data infrastructure entitled TIPPERS. TIPPERS has been transitioned to the US Navy where it is being tested as a platform for building smart applications including in the context of COVID-19. Mehrotra’s primary research interests include areas of database management, distributed systems, secure databases, privacy, and Internet of Things. He is a trustee of the VLDB Endowment.

Speaker: Carmela Troncoso (EPFL)

Title: Engineering Privacy in Contact Tracing Apps [Slides]

Abstract: When talking about Contact Tracing Mobile apps, most of the discussion centers in the protocol and its properties. While this is indeed central to the security and privacy of the system, once the protocol is integrated in an app, and a larger ecosystem including server and health services, more mechanisms are needed. We will summarize our experience designing and implementing these mechanisms under time pressure and continuous changes in the underlying libraries.

Bio: Carmela Troncoso is an assistant professor at EPFL (Switzerland) where she heads the SPRING Lab. Her research focuses on security and privacy. Carmela holds a Master’s degree in Telecommunication Engineering from the University of Vigo (2006) and a PhD in Engineering from the KU Leuven in 2011. Before arriving at EPFL, she was a faculty member at the IMDEA Software Institute in Spain for two years; the Security and Privacy Technical Lead at Gradiant, working closely with industry to deliver secure and privacy-friendly solutions to the market for four years; and a postdoctoral researcher at the COSIC Group. Her thesis, Design and Analysis Methods for Privacy Technologies, received the European Research Consortium for Informatics and Mathematics Security and Trust Management Best PhD Thesis Award, and her work on Privacy Engineering received the CNIL-INRIA Privacy Protection Award in 2017. She regularly publishes in the most prestigious venues in security (e.g., ACM Conference on Computer Security and USENIX Security Symposium) and privacy (e.g., Privacy Enhancing Technologies).

Speaker: Lalitha Sankar (ASU)

Title: FACT: Federated Analytics based Contact Tracing for COVID-19

Abstract: There is an immediate need to develop contact tracing apps that not only monitor but also intervene to limit COVID-19 spread without violating user security and privacy. This talk will briefly describe our on-going research on using federated learning to leverage both device-level data and server capabilities in a private and secure manner. The talk will briefly highlight our efforts in using Bluetooth+GPS based contact tracing, using robust loss functions in assessing risks from highly imbalanced healthcare datasets, and predicting mobility in a federated manner.

This work is funded by both the National Science Foundation and a Google COVID-19 AI for Social Good Fund.

Bio: Lalitha Sankar is an Associate Professor in the School of Electrical, Computer, and Energy Engineering at Arizona State University. She received her doctorate from Rutgers University, her masters from the University of Maryland and her bachelors degree from the Indian Institute of Technology, Bombay. She has received the NSF CAREER award and currently leads an NSF-and Google-funded effort on using learning techniques to continually assess risk of exposure to COVID-19 in a secure and privacy-preserving manner.

Speaker: Claude Castellucia (Inria)

Title: Asterix and the Contact Tracing Apps

Abstract: This talk will present the story of Asterix and the Contact Tracing Apps. It will explain how and why Asterix designed ROBERT, the Gallic contact tracing app, and exposes the lessons he learned during this amazing journey.

Bio: Claude Castelluccia, Research Director, Inria, founding-member of the Privatics Group, member and co-founder of the UGA Data and cybersecurity institutes, member of the Grenoble AI institute (MIAI). His current research topics include data privacy and surveillance, cognitive security and trusted AI systems.

Speakers: Gerold Huebner and Philip Engelmartin (SAP)

Title: Trust as a Success Factor in German Corona Tracing App – Adhering to Principle of Privacy by Design

Abstract: Gerold will give a brief overview about the EU General Data Protection Regulation (GDPR) and its most important basic principles, show how the principle of “privacy by design” is anchored in the GDPR as a major design goal for software that processes personal data, give a brief overview about the difference between PII in US and personal data under GDPR, explain the importance to clearly differentiate between anonymization and pseudonymization, pledge for data protection to be part of threat modeling early in the design phase of software, report about some interesting facts developing the German Corona Warn App. Philip will support Gerold in his session, talking about the security aspects of the “Corona Warn App”, e.g. the secure software development lifecycle to achieve not only “privacy by design”, but also “security by design”.

Bio (Gerold Huebner): During the German Corona Warn App project, Gerold acted as the workstream lead for data protection. Until then, Gerold was the CSO for the SAP Cloud Platform. In his former professional career Gerold already held different security- and privacy positions. Before Gerold started at SAP as the Chief Product Security Officer in the global security team in 2011, he worked for the Trustworthy Computing Team at Microsoft and as a privacy officer for the Ministry of the Interior in the State of Baden-Wuerttemberg.

Bio (Philip Engelmartin): Philip Engelmartin is the Director of Security Advisory, Technology & Innovation at SAP, was acting as the workstream lead of the German “Corona Warn App”. Previously he was working as Service Owner of SAP’s Security Testing Service and in various customer-facing roles inside and outside of SAP. Besides to the “Corona Warn App” Philip also acted as security advisor for the prestigious emergency repatriation platform for Germany’s Foreign Ministry, helping to bring back home 200,000 citizens within the first 20 days of the program.

Speaker: Ahmad-Reza Sadeghi (TU Darmstadt)

Title: Digital Contact Tracing: Panacea or Placebo for Pandemics, or Pandora’s Box for Profit and Power? [slides]

Abstract: Numerous countries have recently introduced apps for digital contact tracing to fight the COVID-19 pandemic. While the first countries (predominantly in Asia) deployed a centralized approach for digital contact tracing and even extensively collected sensitive user information (e.g., name, address, mobile phone numbers, location), a widespread debate on privacy broke out in Europe and US. It became a matter of academic competition and national pride who has the first or/and the best privacy-preserving contact tracing solution.

Typically, contact tracing apps beacon (pseudonymous) identifier information over a proximity communication protocol like Bluetooth LE. The identification of potentially critical contacts in terms of disease contagion is then performed by comparing the identifiers emitted by persons reported as infected and the identifiers observed by other users of the system and issuing appropriate warnings to them when a matching identifier is found. However, by beaconing identifiers into their proximity, individual users potentially become traceable by adversaries that systematically collect observations in various places.

While the turmoil of evolving contact tracing approaches was evolving, somewhat surprisingly, Google and Apple discovered an unprecedented friendship and agreed on their very special decentralized scheme for contact tracing. To facilitate it, they developed an API (which we call GAP) that they quickly integrated into their mobile operating systems. Although the API as such is open, it is, however, heavily controlled by corporate policy: In each country, access to the API is granted only to one single health organization as approved by the corresponding national government. Due to this, a number of governments contracted local companies (some with millions of Euros) to develop an App that specifically uses the GAP API.

In this very short talk we would like to touch on several aspects: First, we briefly systematize and discuss privacy properties of selected proposed contact tracing solutions including our own scheme and app called TraceCorona. We also point out large scale (privacy) attacks on GAP that we implemented in two cities in Germany. Second, we briefly present our experiences with different organizations and enterprises during the development of our app which we started early in January 2020. We then discuss the threatening corporate dominance, and most importantly the fundamental question of how effective current solutions really are with respect to different metrics regarding real-world deployment.

Bio: Ahmad-Reza Sadeghi is a full Professor of Computer Science at the Technische Universität Darmstadt, in Germany, where he heads the System Security Lab. Since October 2017 he is also the Director of Intel Collaborative Autonomous and Resilient Systems (ICRI-CARS) at TU Darmstadt. He is a member of the profile area CYSEC of TU Darmstadt.

He received his PhD in Computer Science with the focus on privacy protecting cryptographic protocols and systems from the University of Saarland in Saarbrücken, Germany. Prior to academia, he worked in Research and Development of Telecommunications enterprises, amongst others Ericson Telecommunications. He has been leading and involved in a variety of national and international research and development projects on design and implementation of Trustworthy Computing Platforms and Trusted Computing, Security Hardware, and Applied Cryptography. He has been serving as general or program chair as well as program committee member of major conferences and workshops in Information Security and Privacy.

Prof. Sadeghi was Editor-In-Chief of IEEE Security and Privacy Magazine, served 5 years on the editorial board of the ACM Transactions on Information and System Security (TISSEC), and guest editor of the IEEE Transactions on Computer-Aided Design (Special Issue on Hardware Security and Trust). Currently he is on the editorial boards of ACM Books, ACM TODAES, ACM TIOT and ACM DTRAP.

He has been awarded with the renowned German prize “Karl Heinz Beckurts” for his research on Trusted and Trustworthy Computing technology and its transfer to industrial practice. The award honors excellent scientific achievements with high impact on industrial innovations in Germany. Further, his group received German IT Security Competition Award 2010.

In 2018 he received the ACM SIGSAC Outstanding Contributions Award for dedicated research, education, and management leadership in the security community and for pioneering contributions in content protection, mobile security and hardware-assisted security. SIGSAC is ACM’s Special Interest Group on Security, Audit and Control.

Speakers: S. Demetriou and Y-A. de Montjoye (Imperial College London)

Title: Considerations of Side-channel Threats [Slides]

Abstract: Two of the most important privacy scandals of the last decade, the Snowden revelations and Cambridge Analytica, leveraged network effects: using the connections between individuals to access their data. At the same time smartphones have already become the playground for adversaries which raises numerous concerns when it comes to the role and responsibility of smartphone OEMs in supporting contact tracing.

In these remarks, Yves-Alexandre will first show how these detrimental network effects could be used to infer location from close-proximity data. He will first briefly introduce a graph-theoretic privacy model to study and quantify node-intrusion attacks, information an attacker gains access to by compromising nodes in the network. He will then show important theoretical properties of node-observability and, finally, he will use real-world Bluetooth data to quantify how many nodes would have to be compromised to be able to track the hourly location of people in a city like London.

Next, Soteris will raise further concerns stemming from the utilization of smartphones as the digital platform for supporting privacy-preserving contact tracing. Using several examples, he will show how the multi-tenant nature of modern mobile operating systems in tandem with weak security controls can allow for practical on-device location and identity inference attacks. Soteris, will then conclude the talk with a set of recommendations for necessary security enhancements in mobile operating systems.

Bio (S. Demetriou): Soteris Demetriou is an Assistant Professor at the Department of Computing at Imperial College London where he leads the Applications, Platforms and Systems Security Lab. His interests lie in the security and privacy of mobile systems. By analyzing operating systems, networking protocols and side-channels his work has uncovered design flaws and severe vulnerabilities on the Android operating system, Amazon services and commodity IoT devices among others, affecting millions of users. In response, his work has introduced tools, methods, and end-to-end systems to improve end-user privacy and strengthen security on mobile systems. Dr Demetriou has fostered collaborations between more than 40 researchers across 9 institutions in both industry and academia. His work appeared multiple times in top international systems security conferences such as NDSS and ACM CCS but also in other systems and sensing conferences such as IEEE Infocom, ACM MobiSys and ACM SenSys. His work received prestigious awards, including a best paper award at NDSS (‘18). His mobile systems security work is also close to practice and resulted in three relevant US patents.

Bio (Y-A. de Montjoye): Yves-Alexandre de Montjoye is an Associate Professor at Imperial College London. He currently is a Special Adviser on AI and Data Protection to EC Justice Commissioner Reynders and a Parliament-appointed expert to the Belgian Data Protection Agency (APD-GBA). In 2018-2019, he was a Special Adviser to EC Competition Commissioner Vestager co-authoring the Competition Policy for the Digital Era report. His research has been published in Science and Nature Communications and has enjoyed wide media coverage (BBC, CNN, New York Times, Wall Street Journal, Harvard Business Review, etc.). His work on the shortcomings of anonymization has appeared in reports of the World Economic Forum, FTC, European Commission, and the OECD. Yves-Alexandre worked for the Boston Consulting Group and acted as an expert for both the Bill and Melinda Gates Foundation and the United Nations. He received his PhD from MIT in 2015 and obtained, over a period of 6 years, an M.Sc. from UCLouvain in Applied Mathematics, an M.Sc. (Centralien) from École Centrale Paris, an M.Sc. from KULeuven in Mathematical Engineering as well as his B.Sc. in engineering from UCLouvain.

Speaker: Julie Schaffer (Flu Lab, former Senior Advisor for Pandemic Preparedness on the White House NSC)

Title: Leveraging Technology for Pandemic Response: Evolving Opportunities and Challenges

Bio: Julie Schafer, PhD, MPH, MS is the Chief Technology Officer for Flu Lab, where she seeks to stretch the boundaries of how technology is used to defeat the threat of influenza. Julie has held a number of leadership positions in the US Government, including Director of Strategy for the Biomedical Advanced Research and Development Authority within the Office of the Assistant Secretary for Preparedness and Response at the U.S. Department of Health and Human Services, where she led strategy development for medical countermeasures against both naturally emerging and intentional threats, including chemical, biological, radiological and nuclear, pandemic influenza, and emerging infectious diseases, while concurrently serving as the Program Manager for an initiative toward pre-symptomatic identification of illness and exposures. Julie has served as the Director for Medical and Biodefense Preparedness Policy in the White House National Security Council where her portfolio included preparedness and response to emerging diseases, including Zika. As a health scientist, Julie led the BARDA International Influenza Vaccine Capacity-Building Initiative for sustainable vaccine manufacturing in low- and middle-income countries. Julie has held positions in pandemic planning and policy development and in managing complex influenza vaccines, therapeutics and diagnostics advanced development programs.

Speaker: Jessica L. Roberts (Univ. of Houston)

Title: Infectious Disease Surveillance [Slides]

Bio: Jessica L. Roberts is the Director of the Health Law & Policy Institute and the Leonard Childs Professor in Law and a Professor of Medicine, who specializes in genetics and the law, health law, and disability law. She holds a BA in Political Science from the University of Southern California and a JD from the Yale Law School. Her scholarship has appeared, or is forthcoming, in the Yale Law Journal, Columbia Law Review, Northwestern Law Review, Michigan Law Review, Notre Dame Law Review (twice), the Journal of Law, Medicine, and Ethics, Science, and Nature Biotechnology (twice), among others. Cambridge University Press published her book on “healthism,” co-authored with Elizabeth Weeks Leonard, in 2018. A noted expert on diverse issues of health law, Professor Roberts has been interviewed by several leading media outlets, including U.S.A. Today, the New York Times (twice), the Washington Post, the Houston Chronicle, National Public Radio and BBC World Service.

Speaker: Brenda Leong (Future of Privacy Forum)

Title: Contact Tracing and Civil Rights

Bio: Brenda Leong, CIPP/US, is Senior Counsel and Director of Artificial Intelligence and Ethics at the Future of Privacy Forum. She oversees development of privacy analysis of AI and Machine Learning technologies, manages the FPF portfolio on biometrics and digital identity, particularly facial recognition, along with the ethics challenges of these emerging systems. She works on industry standards and collaboration on privacy and responsible data management, by partnering with stakeholders and advocates to reach practical solutions for consumer and commercial data uses. Prior to working at FPF, Brenda served in the U.S. Air Force, including policy and legislative affairs work from the Pentagon and the U.S. Department of State. She is a 2014 graduate of George Mason University School of Law.

Speaker: Ashkan Soltani (Independent Researcher and Georgetown Distinguished Fellow)

Title: Privacy Concerns About Proximity Notification Apps

Bio: Ashkan has more than 20 years of experience as a consultant and researcher focused on technology, privacy, and technology policy. His work has informed policy debates on privacy and security and has been cited by several national media outlets.

Ashkan is a co-author of the Washington Post’s NSA series that was awarded the 2014 Pulitzer Prize for Public Service, a 2014 Loeb Award, and a 2013 Polk Award for National Security Reporting. He was also a researcher for the 2009 Pulitzer-winning story, One Man’s Military-Industrial-Media Complex, and the technical consultant for the Wall Street Journal’s What They Know series, which was a finalist for 2012 Pulitzer Prize for Explanatory Reporting and won the 2010 Loeb Award for “Online Enterprise”.

As part of his work to contribute data and technical insight to policy debates, Ashkan has co-authored several academic papers. His master’s thesis, KnowPrivacy, became the basis for the “What They Know” series and was followed by Flash Cookies and Privacy, and Flash Cookies and Privacy II (addendum here), and Behavioral Advertising: The Offer You Cannot Refuse. “Behavioral Advertising” won the 2014 Computers, Privacy & Data Protection Multidisciplinary Privacy Research Award. He also co-authored “Tiny Constables and the Cost of Surveillance: Making Cents Out of United States v. Jones,” an analysis of the dropping costs of surveillance which was published by the Yale Law Journal in 2014.

Ashkan has served as a technical expert to a number of consumer protection agencies, including the FTC and State Attorneys General. In 2015, he was appointed as the Chief Technologist of the Federal Trade Commission where he helped establish the agency’s Office of Technology Research and Investigation. He has helped lead investigations into Google, Facebook, Twitter, HTC, and PulsePoint. In the past, he has served on the Technical Advisory Board for the Freedom of the Press Foundation.

Most recently, Ashkan was one of the architects of the sweeping privacy legislation, the California Consumer Privacy Act, that passed in California in 2018.

Considered one of the leading experts on privacy and security, Ashkan is frequently interviewed by major media outlets including 60 Minutes (CBS News), PBS’S Frontline, and National Public Radio.

Speaker: Bryan Cunningham (CPRI)

Title: Contact Tracing Privacy & Civil Liberties Legal Issues

Bio: As the first Executive Director of UCI’s multidisciplinary Cybersecurity Policy & Research Institute, Cunningham is focused on solution-oriented strategies address technical, legal and policy challenges to combat cyber threats, protect individual privacy and civil liberties, maintain public safety and economic and national security and empower Americans to take better control of their digital security.

Cunningham is a leading international expert on cybersecurity law and policy, a former White House lawyer and adviser and a media commentator on cybersecurity, technology and surveillance issues. He has appeared on Bloomberg, ABC, CBS, CNN, FOX and other networks.

Cunningham has extensive experience in senior U.S. government intelligence and law enforcement positions. He served as Deputy Legal Adviser to then-National Security Advisor Condoleezza Rice. He also served six years in the Clinton Administration as a senior CIA officer and federal prosecutor. He drafted significant portions of the Homeland Security Act and related legislation, helping to shepherd them through Congress. He was a principal contributor to the first National Strategy to Secure Cyberspace, worked closely with the 9/11 Commission and provided legal advice to the President, National Security Advisor, the National Security Council, and other senior government officials on intelligence, terrorism, cyber security and other related matters.

Cunningham also practice privacy, cybersecurity, and data protection law at the Los Angeles law firm Zweiback, Fiset, & Coleman LLP.

Mr. Cunningham was founding vice-chair of the American Bar Association Cyber Security Privacy Task Force and was awarded the National Intelligence Medal of Achievement for his work on information issues. He has served on the National Academy of Sciences Committee on Biodefense Analysis, the Markle Foundation Task Force on National Security in the Information Age and the Bipartisan Policy Center’s Cyber Security Task Force. He is also the principal author of legal and ethics chapters in several cybersecurity textbooks.

Speaker: Julie Schaffer (Flu Lab)

Bio: Julie Schafer, PhD, MPH, MS is the Chief Technology Officer for Flu Lab, where she seeks to stretch the boundaries of how technology is used to defeat the threat of influenza. Julie has held a number of leadership positions in the US Government, including Director of Strategy for the Biomedical Advanced Research and Development Authority within the Office of the Assistant Secretary for Preparedness and Response at the U.S. Department of Health and Human Services, where she led strategy development for medical countermeasures against both naturally emerging and intentional threats, including chemical, biological, radiological and nuclear, pandemic influenza, and emerging infectious diseases, while concurrently serving as the Program Manager for an initiative toward pre-symptomatic identification of illness and exposures. Julie has served as the Director for Medical and Biodefense Preparedness Policy in the White House National Security Council where her portfolio included preparedness and response to emerging diseases, including Zika. As a health scientist, Julie led the BARDA International Influenza Vaccine Capacity-Building Initiative for sustainable vaccine manufacturing in low- and middle-income countries. Julie has held positions in pandemic planning and policy development and in managing complex influenza vaccines, therapeutics and diagnostics advanced development programs.