News Archive

May 2022 – Launch of Impact Booster Awards!

We are pleased to announce the launch of our Impact Booster Award programme!
This programme offers funding opportunities to current REPHRAIN projects to support the development of the external impact of your research with partner organisations – examples of outcomes include production of guidance, policy input or commercial output, and proposals with partner organisations from a range of sectors (including internationals) are welcomed.

Full details (including how to apply) can be found here – please direct any queries to

May 2022 – LAWREG abstract accepted at BILETA Conference

We are pleased to announce that the LAWREG project, involving Asma Vranaki and Francesca Farmer, successfully submitted an abstract to BILETA. This paper is titled Third-Party Cookies, Data Analytics and Targeted Advertisements: Of Data Protection Law and Regulation and we look forward to sharing further details, including the completed paper, in due course. Congratulations Asma and Francesca!

March 2022 – Scoping the evaluation of CSAM prevention and detection tools in the context of End-to-End encryption environment document

We released the Scoping the evaluation of CSAM prevention and detection tools in the context of End-to-End encryption environment document for public consultation (document can be found here) – this community consultation closed on Friday 08 April 2022.

The evaluation criteria document describes the scoping stage of REPHRAIN’s independent evaluation of Proof-of-Concept tools for preventing and detecting child sexual abuse media (CSAM) within end-to-end encryption (E2EE) environments that are currently being developed within five different projects funded by the Safety Tech Challenge Fund.
Given the tensions that arise between protecting vulnerable users and protecting user privacy at large, the key steps in REPHRAIN’s evaluation process are (1) to seek input from the community and (2) to publicly publish all results, whilst ensuring that academic rigour and objectivity remain the core of our work, and to inform future directions in this area.
We welcomed constructive comments on the following:
  • Positive points on the evaluation criteria – What did you like about the evaluation criteria?
  • What is missing from the evaluation criteria and why?
  • Should anything be removed from the evaluation criteria and why?
  • How could the evaluation criteria be improved? Please include examples and references.

Thank you to all for their contributions and participation in making this consultation a success – please keep an eye on our channels for further news!

January 2022 – two new publications from the REPHRAIN Team!

Multi-party Updatable Delegated Private Set Intersection

Prepared by Aydin Abadi, Changyu Dong, Steven Murdoch and Sotirios Terzis

Abstract: With the growth of cloud computing, the need arises for Private Set Intersection protocols (PSI) that can let parties outsource the storage of their private sets and securely delegate PSI computation to a cloud server. The existing delegated PSIs have two major limitations; namely, they cannot support (1) efficient updates on outsourced sets and (2) efficient PSI among multiple clients. This paper presents “Feather”, the first lightweight delegated PSI that addresses both limitations simultaneously. It lets clients independently prepare and upload their private sets to the cloud once, then delegate the computation an unlimited number of times. We implemented Feather and compared its costs with the state of the art delegated PSIs. The evaluation shows that Feather is more efficient computationally, in both update and PSI computation phases.

A copy of this paper is available for download here.

Nothing to Be Happy About: Consumer Emotions and AI

Prepared by Mateja Durovic and Jonathan Watson

Abstract: Advancements in artificial intelligence and Big Data allow for a range of goods and services to determine and respond to a consumer’s emotional state of mind. Considerable potential surrounds the technological ability to detect and respond to an individual’s emotions, yet such technology is also controversial and raises questions surrounding the legal protection of emotions. Despite their highly sensitive and private nature, this article highlights the inadequate protection of emotions in aspects of data protection and consumer protection law, arguing that the contribution by recent proposal for an Artificial Intelligence Act is not only unsuitable to overcome such deficits but does little to support the assertion that emotions are highly sensitive.

Keywords: AI; consumer law; new technologies; regulation; emotions; EU Law

A copy of this paper is available for download here.

December 2021 – the second REPHRAIN Strategic Funding call is now live!

We are delighted to announce the launch of the second REPHRAIN Strategic Funding Call!

Since our launch, the REPHRAIN Centre team have been engaging in a series of scoping activities – these include consultation workshops with the wider community and literature reviews with leading experts from industry and academia. Due to the engagement and success of these activities, we have been able to identify a series of priority areas for research in this Strategic Funding Call.

Proposals should be submitted by 4pm on 28 January 2022. See below for a deadline of key dates:

Call opens: 6 December 2021
Call closes: 28 January 2022
Decision panel: w/c 14 March 2022
Successful applicants notified: w/c 21 March 2022
Projects to start from: w/c 1 May 2022

Full details of the call, topics and submission process and deadlines are available on our dedicated pages here.

Please get in touch with any questions via – we look forward to reading your proposals!

December 2021 – a REPHRAIN Publication on personal data

A Consumer Law Perspective on the Commercialization of Data

Prepared by Mateja Durovic and Franciszek Lech

Abstract: Commercialization of consumers’ personal data in the digital economy poses serious, both conceptual and practical, challenges to the traditional approach of European Union (EU) Consumer Law. This article argues that mass-spread, automated, algorithmic decision-making casts doubt on the foundational paradigm of EU consumer law: consent and autonomy. Moreover, it poses threats of discrimination and under- mining of consumer privacy. It is argued that the recent legislative reaction by the EU Commission, in the form of the ‘New Deal for Consumers’, was a step in the right direction, but fell short due to its continued reliance on consent, autonomy and failure to adequately protect consumers from indirect discrimination. It is posited that a focus on creating a contracting landscape where the consumer may be properly informed in material respects is required, which in turn necessitates blending the approaches of competition, consumer protection and data protection laws.

Paper available for download here.

November 2021 – Release of draft REPHRAIN map for community consultation

We are very pleased to announce the release of the draft version of the REPHRAIN Map. The REPHRAIN Map will be open for review and community consultation for a 4 week period until Tuesday 14 December 2021.

All constructive comments are welcome so please let us know what you think. We would appreciate if comments could be based around the following points.

  • Four categories used in the Map (State of the art, Challenges, Tools & Approaches, Projects)
  • Map structure
  • Content of the Map
  • How useful the Map is

Please submit your comments using this survey – we look forward to hearing your thoughts!

November 2021 – Strategic Funding Call 1 Projects!

We are very pleased to announce, following a competitive process, the following projects have successfully been awarded grants from the first REPHRAIN Strategic Funding call.

Congratulations to all and we look forward to working with you!

More details of how these projects match up with the REPHRAIN missions can be found here and the University of Bristol’s press release here.

October 2021 – Another publication on our privacy testbed!

Further to our presentation at SECPRE 2021, as detailed below, the REPHRAIN Testbed team have published another paper on their work on one of our central projects.

Building a Privacy Testbed: Use Cases and Design Considerations

Prepared by Joseph Gardiner, Partha Das Chowdhury, Jacob Halsey, Mohammad Tahaei, Tariq Elahi and Awais Rashid.

Abstract: Mobile application (app) developers are often ill-equipped to understand the privacy implications of their products and services, especially with the common practice of using third-party libraries to provide critical functionality. To add to the complexity, most mobile applications interact with the “cloud”—not only the platform provider’s ecosystem (such as Apple or Google) but also with third-party servers (as a consequence of library use). This presents a hazy view of the privacy impact for a particular app. Therefore, we take a significant step to address this challenge and propose a testbed with the ability to systematically evaluate and understand the privacy behavior of client server applications in a network environment across a large number of hosts. We reflect on our experiences of successfully deploying two mass market applications on the initial versions of our proposed testbed. Standardization across cloud implementations and exposed end points of closed source binaries are key for transparent evaluation of privacy features.

Paper available for download here.

October 2021 – Presentation to the Dutch Senate!

Congratulations to one of our Practitioners-in-Residence, Erik van de Sandt, who presented his publication Towards Data Scientific Investigations to the Dutch Senate.

Read Erik’s paper here and read details of this event here.

October 2021 – see a presentation on our testbed!

Further to the below, the REPHRAIN Testbed team will be presenting during the 5th International Workshop on SECurity and Privacy Requirements Engineering (SECPRE) workshop programme, in conjunction with ESORICS 2021 – this will be taking place at 11.30 CET, 8 October.

Interested parties can register here – SECPRE will be held as a virtual event to ensure all are able to attend.

September 2021 – A publication on our testbed!

A Privacy Testbed for IT Professionals
: Use Cases and Design Considerations

Prepared by Joseph Gardiner, Mohammad Tahaei, Jacob Halsey, Tariq Elahi and Awais Rashid

Abstract: We propose a testbed to assist IT professionals in evaluating privacy properties of software systems. The goal of the testbed, currently under construction, is to help IT professionals systematically evaluate and understand the privacy behaviour of applications. We first provide three use cases to support developers and privacy engineers and then describe key design considerations for the testbed.

Paper available for download here.

September 2021 – Launch of REPHRAIN Masterclasses


Starting from 2 September, REPHRAIN will be running and hosting a series of masterclasses on specialised topics – these sessions will allow a collaborative space for researchers, industry and interested parties to discuss the challenges and best practice principles in specific areas.

These masterclasses will involve our researchers presenting case studies on their work, as well as panel-based / round-table Q&A sessions. The events will be hosted online for the time being and will be free to attend – tickets can be reserved via Eventbrite and the masterclasses will be advertised via this website, our newsletter and our Twitter account.

For more information on our masterclass series, including our current schedule, check our dedicated page here.

16 August, 2021 – A new research paper on PSIs!


Polynomial Representation Is Tricky: Maliciously Secure Private Set Intersections Revisited

As accepted at ESORICS 2021! Prepared by Aydin Abadi, Steven Murdoch, Thomas Zacharias

Abstract: Private Set Intersection protocols (PSIs) allow parties to compute the intersection of their private sets, such that nothing about the sets’ elements beyond the intersection is revealed. PSIs have a variety of applications, primarily in efficiently supporting data sharing in a privacy-preserving manner. At Eurocrypt 2019, Ghosh and Nilges proposed three efficient PSIs based on the polynomial representation of sets and proved their security against active adversaries. In this work, we show that these three PSIs are susceptible to several serious attacks. The attacks let an adversary (1) learn the correct intersection while making its victim believe that the intersection is empty, (2) learn a certain element of its victim’s set beyond the intersection, and (3) delete multiple elements of its victim’s input set. We explain why the proofs did not identify these attacks and propose a set of mitigations.

Paper available for download here.

Practitioner-in-Residence / Researcher-in-Residence Programmes

REPHRAIN is delighted to announce we are accepting expressions of interest for our practitioner-in-residence programme and applications for our researcher-in-residence programme!

These programmes aim to cultivate and provide a public space to maximise collaboration with the wider community and to offer an environment for mutual engagement and learning. The remit of the programmes is to host researchers and practitioners from the wider UK/international community in its touchdown space in Bristol and its partner organisations (current Government restrictions pending) to enable access to the Centre’s facilities, including datasets and testbed, and for the Centre to benefit in return from proposal outputs.

Both are open, rolling calls and submissions will be welcome until 31 March 2023.

More details on both can be found on their dedicated pages – Practitioner-in-residence & Researcher-in-residence.

REPHRAIN – UKRI Protecting Citizens Online funding call event

The latest UKRI Protecting Citizens Online programme funding call was launched at the end of May 2021. There will be approximately £11M available to fund 4 successful large proposals.

To support the UKRI, the REPHRAIN centre ran an information event to bring together members of the academic and industry community. The focus of the event was to provide the opportunity for interested parties to engage with each other and to support the synthesis of ideas for potential proposals. As with other UKRI calls there will be an emphasis for successful proposals to have strong engagement with external stakeholders.

As part of the event’s agenda, three panels were run, each chaired by a member of the REPHRAIN Strategic Board. The panels were based around the three research themes that the funding call hopes to address (further details of these can be found in the REPHRAIN scoping document):

1. Understanding citizens’ needs and empowering them in ever changing threat contexts
2. Navigating information asymmetries between state, companies and citizens
3. What does good or balanced look like?

Thank you to all who attended, the presentation slide deck can be found here.

REPHRAIN Quarterly Newsletter

The REPHRAIN Centre have launched our centre newsletter – this will be sent on a quarterly basis and will complement both this page and our twitter account, providing greater detail on some of the larger developments both in our work and in the broader field.

A dedicated page complete with archive and sign-up details can be found here.

REPHRAIN Strategic Funding Call (now closed)

We are very pleased to announce that the first REPHRAIN Strategic Funding Call window for applications was a great success and is now closed.

Since its launch, the REPHRAIN Centre team has been engaging in a series of scoping activities – involving consultation workshops as well as literature reviews with the aim of identifying priority areas for the first REPHRAIN Strategic Funding Call.

Full details of the call, topics and submission process are now available here.

The total funding for this call is £500,000 (at 100% fEC), of which 80% will be funded by REPHRAIN. We expect to fund multiple proposals from this fund and will consider larger proposals that address more than one topic area. All funded projects must be completed by 30 June 2022.

See a below timeline for key dates.

Call open: 19 April 2021
Call closes: 21 May 2021
Decision panel: w/c 21 June 2021
Successful applicants notified: w/c 28 June 2021
Projects to start from: 05 July 2021

22 March, 2021 – New white paper by the REPHRAIN Practitioner-in Residence, Erik van de Sandt


Towards Data Scientific Investigations: A Comprehensive Data Science Framework and Case Study for Investigating Organized Crime and Serving the Public Interest

Prepared by Erik van de Sandt, Arthur van Bunningen, Jarmo van Lenthe, John Fokker

Abstract: Big Data problems thwart the effectiveness of today’s organized crime investigations. A frequently proposed solution is the introduction of ‘smart’ data science technologies to process raw data into factual evidence. This transition to – what we call – data scientific investigations is nothing less than a paradigm shift for law enforcement agencies, and cannot be done alone. Yet a common language for data scientific investigations is so far missing. This white paper therefore presents guiding principles and best practices for data scientific investigations of organized crime, developed and put into practice by operational experts over several years, while connecting to existing law enforcement and industry standards. The associated framework is called CSAE (pronounced as ‘see-say’): a comprehensive framework that consists of a business process, methodology, policy agenda and public interest philosophy for data scientific operations.

Paper available for download here.