My name is Maaz Bin Musa and I am an outgoing Computer Science PhD student at The University of Iowa.
I am being advised by Dr. Rishab Nithyanand who also runs the SPARTA lab.
Currently, I am interning at AccuCode AI, where I work on developing ML solutions for health care providers.
My research is best described as developing privacy and compliance auditing tools. More concretely I leverage scalable automation and NLP toolkits
to develop tools that facilitate regulatory authorities in monitoring privacy enforcement. These tools also facilitate quantifying
compliance of data brokers.
Latest Updates
Presenting @ EMNLP 2024
Nov 13, 2024
Paper Accepted at EMNLP 2024
My work on a regulation aware expert annotated dataset has been accepted.
Oct 15, 2024
Internship at AccuCode
Extended internship as a ML / Privacy engineer at AccuCode
Aug 2024
Internship at AccuCode
Landed a summer intern position working on autoamted health care solutions
Jun 2024
PhD Proposal submitted
Feb 2024
3MT Peoples choice award Link
Nov 2023
Presented at Graduate Research Symposium
Nov 2023
Artifact reviewer PETS
Jun 2023
Paper accepted at Harvard JOLT 2023
Forms of disclosure:
Jun 2023
Guest lecturer in Privacy Law and Technology
(Privacy starter kit).
May 2023
Attended PETS 22
presentend at PETS and won award
Jul 2022
Started internship at ICSI Berkeley 2022
Summer intern
May 2022
Paper accepted at PETS 2022
ATOM:
May 2022
Paper accepted at ICWSM 2022
Act or React:
Nov 2021
Paper accepted at PETS 2020
CanaryTrap:
Jun 2020
Started PhD @ UIowa
Aug 2019
Left TPI Lab @ LUMS
May 2019
C3PA: An Open Dataset of Expert-Annotated and Regulation-Aware Privacy Policies
Status: Accepted | EMNLP 24 | [Dataset Link] | [Paper]
Authors: Maaz Bin Musa , Steven M. Winston, Garrison Allen, Jacob Schiller, Kevin Moore, Sean Quick, Johnathan Melvin, Padmini Srinivasan, Mihailis E. Diamantis, Rishab Nithyanand
Overview: Effective tools for analyzing organizations' data practices from privacy policies are essential for scalable compliance audits, but many existing tools struggle to identify issues and remedies due to their reliance on outdated, regulation-agnostic datasets. This paper introduces C3PA, the first open, regulation-aware dataset of expert-annotated privacy policies tailored for CCPA compliance, containing over 48K labeled text segments from 411 organizations to support automated audits of CCPA-specific disclosure requirements.
Forms of Disclosure: The Path to Automated Data Privacy Audits
Status: Completed | Harvard JOLT 23 | [Paper]
Authors: Mihailis Diamantis, Maaz Bin Musa,, Lucas Ausberger, Rishab Nithyanand
Overview: Auditing online privacy has become critical to ensure compliance with the upcoming data privacy laws. However, this work
highlights the variability in the forms of disclosures. We propose a uniform machine readable disclosure form
that can be used to automate the auditing process. This would allow authorities to match the disclosures with the actual
data practices of the company on a scale without the need for manual intervention.
ATOM: Ad-network Tomography
Status: Completed | PETS 22 | [Paper]
Authors: Maaz Bin Musa, Rishab Nithyanand
Overview:
A users' data is often propagated to multiple third-party services through ad-networks. This work uses the ad
content served to a user, to identify the ad-networks that are responsible for the data propagation. Unlike
previous works in this space, it does not depend on any artifact that is ephemeral in nature. Our results
indicate the feasibility of this approach and its potential to be used as a tool for privacy audits.
To Act or React: Investigating Proactive Strategies For Online Community Moderation
Status: Completed | ICWSM 22 | [paper]
Authors: Hussam Habib, Maaz Bin Musa, Fareed Zaffar, Rishab Nithyanand
Overview:
Community-level moderation for Reddit and similar platforms is a complex task. Our analysis show that subreddits are constantly changing and therefore timely interventions are prohibitively expesnsive
because of the scale. To address this issue, we propose a flagging tool which aids administrators by
flagging subreddits that exhibit similarly problematic behavior as seen in previously banned communities.
CanaryTrap: Detecting Data Misuse by Third-Party Apps on Online Social Networks
Status: Completed | PETS 20 | [paper]
Authors: Shehroze Farooqi, Maaz Bin Musa, Fareed Zaffar, Zubair Shafique
Overview:
The driving force behind all activity on the Internet is user data. This work proposes a novel matrix approach to
set up traps using email addresses, to detect the misuse of user data once it has been shared with third-party apps.
We find several apps share data with malicious entities which consequently use it for phishing or ransomware attacks.
