Professor Mayank Varia Wins Best Paper Award for Cryptographic Framework Tackling Legal Accountability
The #MeToo movement, which began as a grassroots effort to expose sexual harassment and abuse, sparked widespread attention to how powerful individuals and institutions avoid consequences. At the center of many of these cases was a common legal tool: the non-disclosure agreement. While NDAs can provide survivors with privacy and a path to resolution, they have also silenced victims and hidden repeat patterns of misconduct. In response, several states introduced laws to limit or ban NDAs in settlement agreements, raising new questions about how to protect individual privacy without sacrificing accountability.
This legal and ethical tension is the focus of a new award-winning research paper coauthored by Boston University Associate Professor Mayank Varia, a cryptographer known for developing privacy-preserving systems with real-world applications in civic technology, compliance, and public-interest governance. Varia, who co-directs BU’s Center for Reliable Information Systems and Cyber Security (RISCS), collaborated with Peter K. Chan, Alyson Carrel, and Xiao Wang of Northwestern University on “Murmurs of the Silenced: Secure Reporting of Misconduct Settlements,” which received the Best Paper Award at the 2025 ACM Symposium on Computer Science and Law.
The paper stems from nearly a decade of interdisciplinary work within Boston University’s Cyber Security, Law, and Society Alliance—a long-running collaboration that brings together researchers from computing, engineering, economics, and law. As Varia notes, this project reflects the Alliance’s mission of bridging disciplinary divides. “At the start of our meetings,” he recalls, “the biggest conceptual gap was to understand how people from different backgrounds approach and reason about specific problems, and also the language that we use.” Terms like “knowledge,” “evidence,” or “randomness” may seem universal, but in practice, they carry distinct meanings across disciplines. This shared effort to reconcile disciplinary language and reasoning laid the groundwork for technical solutions that are both legally meaningful and computationally sound.
At the heart of the team’s proposal is a cryptographic framework that enables private settlements to be reported and analyzed without revealing identifying information. One key innovation is the use of commitment tokens, digital artifacts that serve as cryptographic affidavits. As Varia explains, “The law tends to work through analogies, and our ‘commitment tokens’ are essentially a new form of affidavit,” enabling courts or regulators to verify a person’s participation in a sealed agreement, even though the content remains encrypted and unreadable by the system itself. This approach avoids the blunt-force alternatives of banning NDAs or permitting unrestricted secrecy. Instead, it allows for pattern recognition, accountability, and oversight while still respecting individual privacy. Beyond misconduct settlements, the same cryptographic logic could apply to cases involving environmental violations, financial fraud, or workplace discrimination.
For Varia, the project reflects a growing imperative in data science: “The future of computing is technical at its core, but it is and always should be informed by the social and ethical context of the work we do.” At Boston University, this principle is embedded into the curriculum, from required ethics courses in the CDS major to interdisciplinary seminars that explore how technology intersects with the law.
By Neeza Singh (CDS'25)