privacy law and
play

Privacy, Law, and Engineering & Smartphones Public Policy - PowerPoint PPT Presentation

Aug 27, 2022 •282 likes •899 views

CyLab Privacy, Law, and Engineering & Smartphones Public Policy Rebecca Balebako y & c S a e v c i u r P r Oct. 29, 2015 i t e y l b L a a s b U o b r a a t L o y r C y U H D T T E P . U : /

  1. CyLab Privacy, Law, and Engineering & Smartphones Public Policy Rebecca Balebako y & c S a e v c i u r P r Oct. 29, 2015 i t e y l b L a a s b U o b r a a t L o y r C y U H D T T E P . U : / M / C C U . S P S C . 1

  2. Agenda • Quiz • Reading discussion • Permission notices on major platforms • Policy on smartphone privacy • Research on smartphone privacy 2

  3. By the end of class…. • Understand privacy concerns around smartphones • Understand how privacy notices on smartphones are evolving • Identify the research questions in several smartphone privacy research projects • Recognize several methods for addressing the research questions 3

  4. Smartphones allow data sharing 4

  5. Privacy and security concerns • Immature technology • Phones always with user and always on • Data sharing might be unknown to user – Sensors (GPS location, camera, accelerometer, gyroscope) • Inferences can be made 5

  6. Permissions warnings di ff er on time and content iOS 2012 Android 2012 6

  7. Android Permission Manager (AppOps) • Introduced in Android 4.3, albeit hidden by default. – need a launcher app. • Made in completely inaccessible in Android 4.4.2. • Next version of Android will have just-in-time permissions 7

  8. Research questions • Would AppOps provide any benefit to smartphone users? • Would additional notices or nudges benefit users? 8

  9. 9

  10. Privacy Nudge Detailed Report Your Location has been Shared 5,398 Times! A Field Study on Mobile App Privacy Nudging H Almuhimedi, F Schaub, N Sadeh, I Adjerid, A Acquisti, J Gluck, ... CHI '15: ACM CHI Conference on Human Factors in Computing Systems 10

  11. 2014: Android layered the permissions • Location now represents all types of location • “Network” permissions no longer on top layer Googe Play Store, Oct 19, 2014 https://support.google.com/googleplay/answer/6014972?p=app_permissions&rd=1 11

  12. iOS8 privacy settings • Limit Ad tracking • Developers required to include a purpose string • More “data classes”: – Location – Contacts – Calendar – Reminders – Photos – Camera – Microphone – Health Kit – Motion Activity – Social 12

  13. A large chunk of the data-sharing ecosystem is invisible 13

  14. Recent Policy: FTC Sta ff Report 14

  15. California Attorney General 15

  16. App Developers Should… • Data checklist for PII • Avoid or limit PII • Develop a privacy policy • Limit data collection • Limit data retention • Special notices for unexpected data practices “to enable meaningful practices” • Give users access 16

  17. White House Consumer Privacy Bill of Rights 17

  18. Developing Policy: NTIA MSHP 18

  19. Multi-stakeholder process (MSHP) • Open meetings • MSHP vs. self-regulation 19

  20. NTIA MSHP vs W3C • Communication (email, in-person, etc.) • Goal (Code of Conduct vs. tech standard) • Novelty of MSHP 20 Credits – Michael Heiss / FlickR

  21. NTIA Code of Conduct: Data Types Biometrics (information about your body, including fingerprints, facial recognition, • signatures and/or voice print.) Browser History and Phone or Text Log (A list of websites visited, or the calls or texts • made or received.) Contacts (including list of contacts, social networking connections or their phone • numbers, postal, email and text addresses.) Financial Information (Includes credit, bank and consumer-specific financial information • such as transaction data.) Health, Medical or Therapy Information (including health claims and information used to • measure health or wellness.) Location (precise past or current location and history of where a user has gone.) • User Files (files stored on the device that contain your content, such as calendar, • photos, text, or video.) 21

  22. NTIA Code of Conduct: Third-Party Entities • Ad Networks (Companies that display ads to you through apps.) • Carriers (Companies that provide mobile connections.) • Consumer Data Resellers (Companies that sell consumer information to other companies for multiple purposes including offering products and services that may interest you.) • Data Analytics Providers (Companies that collect and analyze your data.) • Government Entities (Any sharing with the government except where required or expressly permitted by law.) • Operating Systems and Platforms (Software companies that power your device, app stores, and companies that provide common tools and information for apps about app consumers.) • Other Apps (Other apps of companies that the consumer may not have a relationship with) • Social Networks (Companies that connect individuals around common interests and facilitate sharing.) 22

  23. What is the research question? • Can users understand the terms used in the NTIA short form policy? • How can we find the answer? 23

  24. A Case Study on the Role of Usability Studies in Developing Public Policy : Web Survey • 791 participants from Amazon mturk – 51% female – Age 18-73 years (mean 33, std 11) • Asked to categorize realistic app-sharing scenarios Balebako et al. 2014 USEC 24

  25. Scenario example 25 25

  26. Parenthetical condition 26 26

  27. Users struggled to understand the terms • Participants had high common understanding of: – Facebook = Social Network – Government Entities – Carriers • Participants had low common understanding of: – Consumer Data Reseller – Data Analytics Providers – Ad Networks Is Your Inseam a Biometric? A Case Study on the Role of Usability Studies in Developing Public Policy Balebako, R., Shay, R., Cranor, L. In USEC 2014 27

  28. Why was the result of the NTIA MSHP so bad? • Process Fatigue • What is usability? • Cost of usability tests • Process issues 28

  29. Di ff erent Study 29

  30. Current permissions requests are not su ffi cient for informed choice 30

  31. What is the research question? • Does timing impact whether privacy notices are effective? • What do we mean by effective? • What do we mean by timing? 31

  32. 32 What makes a privacy notice e ff ective? • The notice should have information people care about. • A privacy notice should be salient; people should notice it. – Recall is a measure of salience 32

  33. 33 Contributions from this paper • Salience of smartphone privacy notices can be improved through timing • We provide recommendations on how to integrate privacy notices into apps for improved recall • We provide design guidelines for improving privacy notices in the app store 33

  34. 34 Does timing matter? Which option is best? • Smartphone apps can display privacy notices at many points – In the app store Before app is on the phone – During install – Before use – During use App is on the phone and in use – After use 34

  35. 35 Method to measure impact of timing on recall 1. Participants completed consent form and demographic questions 2. Installed and played the app 3. Experienced a distractor or delay 4. Answered recall questions 5. Evaluated the notice 35

  36. 36 Simple app quiz on American inventors 36

  37. 37 The privacy notice 37

  38. 38 Web survey used iFrame to mimic smartphone 38

  39. 39 Participants were assigned to a timing condition • Not Shown • App Store • Before use • During use • After use 39

  40. We approached this problem using 40 both web surveys and a field experiment • Web Survey (277 Mturk participants) Same – Participants played a virtual app online timing conditions • Field Experiment (126 participants) – Participants downloaded and played an app quiz 40

  41. 41 A Follow-up web survey used new conditions • Web Survey (277 Mturk participants) Same – Participants played a virtual app online timing • Field Experiment (126 participants) conditions – Participants downloaded and played an app quiz • Follow-up Web Survey (326 participants) New timing – Participants played a virtual app online conditions 41

  42. 42 All participants completed following steps 1. Completed consent form and demographic questions 2. Installed and played the app 3. Experienced a distractor or delay – Web survey: questions about privacy preferences – Field experiment: 24 hours 4. Answered recall questions 5. Evaluated the notice 42

  43. 43 Rate of Recall for Notice – Web Survey 50% 45% 40% Rate of correct recalls 35% 30% 25% 20% 15% 10% 5% 0% Not shown App store Before use During use After use 43

  44. 44 Rate of Recall for Notice – Field Study 40% 35% Rate of correct recall 30% 25% 20% 15% 10% 5% 0% Not shown App store Before use During use After use 44

  45. 45 Participants wanted to remember what was in notice I would want notifications like this when I download or use an app The privacy notice gave me information I care about It is important for me to remember what the notification says over time I was surprise by what I learned from the privacy notification This notification could be improved so I understand it better I expected the app to collect my browser history and share it with ad networks. 100% 50% 0 50% 100% Strongly agree Strongly disagree Disagree Neutral Agree 45

  46. 46 Why did app store perform so poorly? 46

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

$ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that

$ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that

Presentation Slides $ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that involves the rights of individuals in relation to information about them that is circulating in society. why privacy is an

318 views • 13 slides
Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in vehicular networks; Security and Cooperation in Wireless Networks Georg-August University Gttingen Chapter outline 1 Important privacy related

1.12k views • 33 slides
Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy -

Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy -

CISPA Center for IT Security, Privacy and Accountabiltiy Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals, groups, or institutions to determine for themselves when,

573 views • 26 slides
$ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy

$ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy

Presentation Slides $ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy that involves the rights of individuals in relation to information about them that is circulating in society. why privacy is an

429 views • 13 slides
CS305 Topic Privacy Concept Evolution Rights to Privacy Privacy and Technologies

CS305 Topic Privacy Concept Evolution Rights to Privacy Privacy and Technologies

CS305 Topic Privacy Concept Evolution Rights to Privacy Privacy and Technologies US Privacy Laws Sources: Baase: A Gift of Fire and Quinn: Ethics for the Information Age Ethics Spring 2010 Privacy 1 Privacy The original

725 views • 45 slides
Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals,

Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals,

Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is

1.01k views • 76 slides
Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in

Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in

Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in many ways over the years. Usually privacy is concerned with the individual human being. We may talk about privacy as the control over your own

230 views • 21 slides
Engineering privacy by design Privacy by Design Let's have it! Information and Privacy

Engineering privacy by design Privacy by Design Let's have it! Information and Privacy

Engineering privacy by design Privacy by Design Let's have it! Information and Privacy Commissioner of Ontario https://www.ipc.on.ca/images/resources/7foundationalprinciples.pdf Privacy by Design Let's have it! Article 25 European

1.32k views • 118 slides
Anonymity & Privacy Alice Privacy EU directives (e.g. 95/46/EC) to protect privacy.

Anonymity & Privacy Alice Privacy EU directives (e.g. 95/46/EC) to protect privacy.

Anonymity & Privacy Alice Privacy EU directives (e.g. 95/46/EC) to protect privacy. College Bescherming Persoonsgegevens (CBP) What is privacy? Users must be able to determine for themselves when, how, to what extent and

798 views • 45 slides
Privacy Enhancing Technologies Spring 2006 Outline Privacy Overview Course Topics

Privacy Enhancing Technologies Spring 2006 Outline Privacy Overview Course Topics

ECE598NB Privacy Enhancing Technologies Spring 2006 Outline Privacy Overview Course Topics Course Structure Privacy Define privacy Privacy History Privacy has always existed Cities / large populations have made

173 views • 14 slides
Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance Engineering & Public Policy Lorrie Faith Cranor October 29, 2013 y & c S a e v c i u r P r i t e y l b L a a s

245 views • 20 slides
Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance Engineering & Public Policy Lorrie Faith Cranor November 11, 2014 y & c S a e v c i u r P r i t e y l b L a a s

555 views • 21 slides
Bridging Privacy Definitions: Differential Privacy and Concepts from Privacy Law & Policy

Bridging Privacy Definitions: Differential Privacy and Concepts from Privacy Law & Policy

Bridging Privacy Definitions: Differential Privacy and Concepts from Privacy Law & Policy Alexandra Wood Berkman Klein Center for Internet & Society at Harvard University DIMACS/Northeast Big Data Hub Workshop on Overcoming Barriers to

964 views • 54 slides
Privacy and Anonymity 1 Privacy Privacy and society Basic individual right & desire

Privacy and Anonymity 1 Privacy Privacy and society Basic individual right & desire

CS 134 Privacy and Anonymity 1 Privacy Privacy and society Basic individual right & desire (Image from geekologie.com) Relevant to corporations & government agencies Recently increased awareness However, general public

171 views • 16 slides
PRIVACY IN UBIQUITOUS PRIVACY IN UBIQUITOUS Understanding Privacy Technical Approaches

PRIVACY IN UBIQUITOUS PRIVACY IN UBIQUITOUS Understanding Privacy Technical Approaches

Marc Langheinrich: Privacy in Ubiquitous Computing 5/29/2010 Todays Menu PRIVACY IN UBIQUITOUS PRIVACY IN UBIQUITOUS Understanding Privacy Technical Approaches COMPUTING Definitions Challenges 1. History and legal aspects 1.

264 views • 13 slides
Privacy in Wireless Networks privacy notions and metrics; privacy in RFID systems; location

Privacy in Wireless Networks privacy notions and metrics; privacy in RFID systems; location

Mobile Networks - Module H2 Privacy in Wireless Networks privacy notions and metrics; privacy in RFID systems; location privacy in vehicular networks; privacy preserving routing in ad hoc networks; Slides adapted from Security and

909 views • 55 slides
(FC5260) Instructor: Venkat Padmanabhan 1 What this course is and is not Learn about the

(FC5260) Instructor: Venkat Padmanabhan 1 What this course is and is not Learn about the

Special Topics in Mobile Systems (FC5260) Instructor: Venkat Padmanabhan 1 What this course is and is not Learn about the frontiers of mobile systems research Experience research yourself by way of a mini project It is NOT about

681 views • 24 slides
PREVENTING PREVENTABLE TRACKING: THE PERIL AND PROMISE FOR LOWER ENGLISH PROFICIENT STUDENTS

PREVENTING PREVENTABLE TRACKING: THE PERIL AND PROMISE FOR LOWER ENGLISH PROFICIENT STUDENTS

PREVENTING PREVENTABLE TRACKING: THE PERIL AND PROMISE FOR LOWER ENGLISH PROFICIENT STUDENTS Rebecca Kopriva, University of Wisconsin Annual Meeting of the National Council on Measurement in Education San Francisco, CA, 5/1/13 Embrace the

267 views • 26 slides
Technology for privacy: protecting against online tracking and profiling Rob van Eijk PhD

Technology for privacy: protecting against online tracking and profiling Rob van Eijk PhD

Technology for privacy: protecting against online tracking and profiling Rob van Eijk PhD Candidate, Leiden University CPDP 2018, Petite Halle 24-01-2018 | 08h45-10h00 Leiden University Elaw - Centre for Law and Digital Technologies, Leiden

195 views • 15 slides
Bookkeeping) Now)and)the)Future) Single'Touch'Payroll' S) Payroll' S) Payroll)

Bookkeeping) Now)and)the)Future) Single'Touch'Payroll' S) Payroll' S) Payroll)

Bookkeeping) Now)and)the)Future) Single'Touch'Payroll' S) Payroll' S) Payroll) We$(ICB)$completely$support$the$development$ of$so9ware$integra>on$with$some$Government$ services$that$assist$employers$to$manage$their$

634 views • 30 slides
Internet Taxation Francis Bloch Universit e Paris 1 and PSE Toulouse, Postal Conference,

Internet Taxation Francis Bloch Universit e Paris 1 and PSE Toulouse, Postal Conference,

Internet Taxation Francis Bloch Universit e Paris 1 and PSE Toulouse, Postal Conference, April 16, 2016 Bloch (PSE) Internet Taxation April 1, 2016 1 / 29 Introduction Taxation of Internet Platforms Internet platforms (Google, Amazon,

425 views • 29 slides
$TITLE Model M10-2: TWOxTWOxONE economy -- MPS/GE version of model M3-4b $ONTEXT This is the

$TITLE Model M10-2: TWOxTWOxONE economy -- MPS/GE version of model M3-4b $ONTEXT This is the

C:\jim\COURSES\8858\code-bk 2012\M10-2.gms Thursday, March 29, 2012 4:34:58 AM Page 1 $TITLE Model M10-2: TWOxTWOxONE economy -- MPS/GE version of model M3-4b $ONTEXT This is the exact same model as M3-4b.GMS but uses the MPS/GE format.

348 views • 5 slides
DEVELOPMENT LAW Clifford B. Shepard General Counsel - FRA THE USE OF TAX INCREMENT FINANCING

DEVELOPMENT LAW Clifford B. Shepard General Counsel - FRA THE USE OF TAX INCREMENT FINANCING

ESSENTIAL ECONOMIC DEVELOPMENT LAW Clifford B. Shepard General Counsel - FRA THE USE OF TAX INCREMENT FINANCING FOR ECONOMIC DEVELOPMENT What is Tax Increment Financing? Tax increment financing is a unique tool available to cities and

759 views • 37 slides
Tariffs to Trade in Goods Dr. Juan C. Ochoa Postdoctoral Fellow, University of Oslo Faculty of

Tariffs to Trade in Goods Dr. Juan C. Ochoa Postdoctoral Fellow, University of Oslo Faculty of

Tariffs to Trade in Goods Dr. Juan C. Ochoa Postdoctoral Fellow, University of Oslo Faculty of Law/Norwegian Centre for Human Rights Oslo, 12 Sept. 2013 Tariffs to trade in goods Contents Customs Duties on Imports

728 views • 18 slides

More recommend