privacy law and
play

Privacy, Law, and Engineering & Smartphones Public Policy - PowerPoint PPT Presentation

Nov 13, 2022 •391 likes •860 views

CyLab Privacy, Law, and Engineering & Smartphones Public Policy Rebecca Balebako y & c S a e v c i u r P r Advisor: Dr. Lorrie Cranor i t e y l b L a a s b U o b r a a t L o y r C y U H D T T E

  1. CyLab Privacy, Law, and Engineering & Smartphones Public Policy Rebecca Balebako y & c S a e v c i u r P r Advisor: Dr. Lorrie Cranor i t e y l b L a a s b U o b r a a t L o y r C y U H D T T E P . U : / M / C C U . S P S C . 1

  2. Agenda • Quiz • Reading discussion • Permission notices on major platforms • Policy on smartphone privacy • (Recent research) Impact of timing on privacy notices 2

  3. Smartphones allow data sharing 3

  4. Privacy and security concerns • Immature technology • Phones always with user and always on • Data sharing might be unknown to user – Sensors (GPS location, camera, accelerometer, gyroscope) • Inferences can be made 4

  5. Discussion: Do apps on your phone • Have privacy policy? • Give you control/access over data collected? • Have ‘Special Notices’? 5

  6. Permissions warnings di ff er on time and content iOS 2012 Android 2012 6

  7. Android Permission Manager (AppOps) • Introduced in Android 4.3, albeit hidden by default. – need a launcher app. • Made in completely inaccessible in Android 4.4.2. 7

  8. 8

  9. Privacy Nudge Detailed Report Hazim Almuhimedi, Florian Schaub, … 9

  10. 2014: Android layered the permissions • Location now represents all types of location • “Network” permissions no longer on top layer Googe Play Store, Oct 19, 2014 https://support.google.com/googleplay/answer/6014972?p=app_permissions&rd=1 10

  11. iOS8 privacy settings • Limit Ad tracking • Developers required to include a purpose string • More “data classes”: – Location – Contacts – Calendar – Reminders – Photos – Camera – Microphone – Health Kit – Motion Activity – Social 11

  12. A large chunk of the data-sharing ecosystem is invisible 12

  13. Recent Policy: FTC Sta ff Report 13

  14. California Attorney General 14

  15. App Developers Should… • Data checklist for PII • Avoid or limit PII • Develop a privacy policy • Limit data collection • Limit data retention • Special notices for unexpected data practices “to enable meaningful practices” • Give users access 15

  16. Recent Policy: White House 16

  17. Developing Policy: NTIA MSHP 17

  18. Multi-stakeholder process (MSHP) • Open meetings • MSHP vs. self-regulation 18

  19. NTIA MSHP vs W3C • Communication (email, in-person, etc.) • Goal (Code of Conduct vs. tech standard) • Novelty of MSHP 19 Credits – Michael Heiss / FlickR

  20. NTIA Code of Conduct: Data Types Biometrics (information about your body, including fingerprints, facial recognition, • signatures and/or voice print.) Browser History and Phone or Text Log (A list of websites visited, or the calls or texts • made or received.) Contacts (including list of contacts, social networking connections or their phone • numbers, postal, email and text addresses.) Financial Information (Includes credit, bank and consumer-specific financial information • such as transaction data.) Health, Medical or Therapy Information (including health claims and information used to • measure health or wellness.) Location (precise past or current location and history of where a user has gone.) • User Files (files stored on the device that contain your content, such as calendar, • photos, text, or video.) 20

  21. NTIA Code of Conduct: Third-Party Entities • Ad Networks (Companies that display ads to you through apps.) • Carriers (Companies that provide mobile connections.) • Consumer Data Resellers (Companies that sell consumer information to other companies for multiple purposes including offering products and services that may interest you.) • Data Analytics Providers (Companies that collect and analyze your data.) • Government Entities (Any sharing with the government except where required or expressly permitted by law.) • Operating Systems and Platforms (Software companies that power your device, app stores, and companies that provide common tools and information for apps about app consumers.) • Other Apps (Other apps of companies that the consumer may not have a relationship with) • Social Networks (Companies that connect individuals around common interests and facilitate sharing.) 21

  22. Users struggled to understand the terms • Participants had high common understanding of: – Facebook = Social Network – Government Entities – Carriers • Participants had low common understanding of: – Consumer Data Reseller – Data Analytics Providers – Ad Networks Is Your Inseam a Biometric? A Case Study on the Role of Usability Studies in Developing Public Policy Balebako, R., Shay, R., Cranor, L. In USEC 2014 22

  23. Why was the result of the NTIA MSHP so bad? • Process Fatigue • What is usability? • Cost of usability tests • Process issues 23

  24. Di ff erent Study 24

  25. Impact of timing on recall of privacy notices • Web Survey (277 Mturk participants) – Participants played a virtual app online • Field Experiment (126 participants) – Participants downloaded and played an app quiz 25

  26. Participants asked to recall the notice after a delay 1. Consent and demographic question 2. ‘Download’ and play app 3. Delay – Web survey: questions about privacy preferences – Field experiment: 24 hours 4. Answer recall questions about the app 26

  27. Simple app quiz on American inventors 27

  28. Notice based on NTIA prototype 28

  29. Conditions varied only when notice was shown • Not Shown • App Store • Before use • During use • After use 29

  30. Participants remembered notices shown during app use Condition Web Survey Field Experiment Not shown 3% 9% App store 17% 14% Before use 37%* 33%* During use 43%* 20%* After use 28%* 37%* 30

  31. Participants wanted to remember what was in notice I would want notifications like this when I download or use an app The privacy notice gave me information I care about It is important for me to remember what the notification says over time I was surprise by what I learned from the privacy notification This notification could be improved so I understand it better I expected the app to collect my browser history and share it with ad networks. 100% 50% 0 50% 100% Strongly agree Strongly disagree Disagree Neutral Agree 31

  32. Participants remembered notices shown during app use • Participants remember notices shown during app use • Notice shown in app use had better recall than shown in app store • Notice shown in app store was not significantly different than no notice 32

  33. CyLab balebako@cmu.edu Engineering & Public Policy Thanks! y & c S a e v c i u r P r i t e y l b L a a s b U o b r a a t L o y r C y U H D T T E P . U : / M / C C U . S P S C . 33

  34. Di ff erent Study 34

  35. 35 App Developer decisions • Privacy and Security features compete with • Features requested by customers • Data requested by financers • Revenue model 35

  36. 36 Research Project • Exploratory Interviews • Quantitative on-line study 36

  37. 37 Findings • Small companies lack privacy and security behaviors • Small company developers rely on social ties for advice • Legalese hinders reading and writing of privacy policies • Third-Party tools heavily used 37

  38. 38 Participant Recruitment • 13 developers interviewed • Recruited through craigslist and Meetups • $20 for one-hour interview 38

  39. 39 Participant Demographics • Variety of revenue models • Advertising • Subscription • Pay-per-use • Non-Profit • Seven different states • Small company size well-represented 39

  40. 40 Tools impact privacy and security • Interviewees do: • Use cloud computing • Use authentication tools such as Facebook • Use analytics such as Google and Flurry • Use open source tools such as mysql 40

  41. 41 Tools not used • Interviewees don’t use or are unaware of: • Use privacy policy generators • Use security audits • Read third-party privacy policies • Delete data 41

  42. On-line surveys of app developers • 228 app developers • Paid $5 (avg: 15 minutes) • Recruited through craigslist, reddit, Facebook, backpage.com • Developer demographics – Majority were ‘Programmer or Software Engineer’ or ‘Product or Project Manager’ – Avg age: 30 (18-50 years) 42

  43. They collect a lot of data Behavior Collect or Store Parameters specific to my app 84% Which apps are installed 74% Location 72% Sensor information (not location-related) 63% Contacts 54% Password 36% 43

  44. Small companies less likely to show privacy and security behaviors 11 110 34 45 28 44

  45. Small companies more likely to turn to social network or no one for advice 45

  46. Findings • Small companies lack privacy and security behaviors • Free or quick tools needed • Usable tools needed • Small company developers rely on social ties for advice • Opportunities for intervention in social networks • Legalese hinders reading and writing of privacy policies • Third-Party tools heavily used • Third-party tools should be explicit about data handling 46

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

$ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that

$ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that

Presentation Slides $ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that involves the rights of individuals in relation to information about them that is circulating in society. why privacy is an

318 views • 13 slides
Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in vehicular networks; Security and Cooperation in Wireless Networks Georg-August University Gttingen Chapter outline 1 Important privacy related

1.12k views • 33 slides
Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy -

Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy -

CISPA Center for IT Security, Privacy and Accountabiltiy Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals, groups, or institutions to determine for themselves when,

573 views • 26 slides
$ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy

$ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy

Presentation Slides $ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy that involves the rights of individuals in relation to information about them that is circulating in society. why privacy is an

429 views • 13 slides
CS305 Topic Privacy Concept Evolution Rights to Privacy Privacy and Technologies

CS305 Topic Privacy Concept Evolution Rights to Privacy Privacy and Technologies

CS305 Topic Privacy Concept Evolution Rights to Privacy Privacy and Technologies US Privacy Laws Sources: Baase: A Gift of Fire and Quinn: Ethics for the Information Age Ethics Spring 2010 Privacy 1 Privacy The original

725 views • 45 slides
Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals,

Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals,

Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is

1.01k views • 76 slides
Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in

Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in

Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in many ways over the years. Usually privacy is concerned with the individual human being. We may talk about privacy as the control over your own

230 views • 21 slides
Engineering privacy by design Privacy by Design Let's have it! Information and Privacy

Engineering privacy by design Privacy by Design Let's have it! Information and Privacy

Engineering privacy by design Privacy by Design Let's have it! Information and Privacy Commissioner of Ontario https://www.ipc.on.ca/images/resources/7foundationalprinciples.pdf Privacy by Design Let's have it! Article 25 European

1.32k views • 118 slides
Anonymity & Privacy Alice Privacy EU directives (e.g. 95/46/EC) to protect privacy.

Anonymity & Privacy Alice Privacy EU directives (e.g. 95/46/EC) to protect privacy.

Anonymity & Privacy Alice Privacy EU directives (e.g. 95/46/EC) to protect privacy. College Bescherming Persoonsgegevens (CBP) What is privacy? Users must be able to determine for themselves when, how, to what extent and

798 views • 45 slides
Privacy Enhancing Technologies Spring 2006 Outline Privacy Overview Course Topics

Privacy Enhancing Technologies Spring 2006 Outline Privacy Overview Course Topics

ECE598NB Privacy Enhancing Technologies Spring 2006 Outline Privacy Overview Course Topics Course Structure Privacy Define privacy Privacy History Privacy has always existed Cities / large populations have made

173 views • 14 slides
Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance Engineering & Public Policy Lorrie Faith Cranor October 29, 2013 y & c S a e v c i u r P r i t e y l b L a a s

245 views • 20 slides
Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance Engineering & Public Policy Lorrie Faith Cranor November 11, 2014 y & c S a e v c i u r P r i t e y l b L a a s

555 views • 21 slides
Bridging Privacy Definitions: Differential Privacy and Concepts from Privacy Law & Policy

Bridging Privacy Definitions: Differential Privacy and Concepts from Privacy Law & Policy

Bridging Privacy Definitions: Differential Privacy and Concepts from Privacy Law & Policy Alexandra Wood Berkman Klein Center for Internet & Society at Harvard University DIMACS/Northeast Big Data Hub Workshop on Overcoming Barriers to

964 views • 54 slides
Privacy and Anonymity 1 Privacy Privacy and society Basic individual right & desire

Privacy and Anonymity 1 Privacy Privacy and society Basic individual right & desire

CS 134 Privacy and Anonymity 1 Privacy Privacy and society Basic individual right & desire (Image from geekologie.com) Relevant to corporations & government agencies Recently increased awareness However, general public

171 views • 16 slides
PRIVACY IN UBIQUITOUS PRIVACY IN UBIQUITOUS Understanding Privacy Technical Approaches

PRIVACY IN UBIQUITOUS PRIVACY IN UBIQUITOUS Understanding Privacy Technical Approaches

Marc Langheinrich: Privacy in Ubiquitous Computing 5/29/2010 Todays Menu PRIVACY IN UBIQUITOUS PRIVACY IN UBIQUITOUS Understanding Privacy Technical Approaches COMPUTING Definitions Challenges 1. History and legal aspects 1.

264 views • 13 slides
Privacy in Wireless Networks privacy notions and metrics; privacy in RFID systems; location

Privacy in Wireless Networks privacy notions and metrics; privacy in RFID systems; location

Mobile Networks - Module H2 Privacy in Wireless Networks privacy notions and metrics; privacy in RFID systems; location privacy in vehicular networks; privacy preserving routing in ad hoc networks; Slides adapted from Security and

909 views • 55 slides
EVALUATION & QUALITY CARE CONSORTIUM Opening REMARKS Kent Bassett-Spiers Stuart Howe Peter

EVALUATION & QUALITY CARE CONSORTIUM Opening REMARKS Kent Bassett-Spiers Stuart Howe Peter

SCI IMPLEMENTATION EVALUATION & QUALITY CARE CONSORTIUM Opening REMARKS Kent Bassett-Spiers Stuart Howe Peter Athanasopoulos Anne Hayes Mark Bayley Cathy Craven Dalton Wolfe Jerry Mings Welcome! SCI IMPLEMENTATION EVALUATION &

524 views • 23 slides
Bootstrapping with Models: Confidence Intervals for Off-Policy Evaluation Josiah Hanna 1 Peter

Bootstrapping with Models: Confidence Intervals for Off-Policy Evaluation Josiah Hanna 1 Peter

Bootstrapping with Models: Confidence Intervals for Off-Policy Evaluation Josiah Hanna 1 Peter Stone 1 Scott Niekum 2 1 Learning Agents Research Group, UT Austin 2 Personal Autonomous Robotics Lab, UT Austin May 10th, 2017 Josiah Hanna , Peter

487 views • 46 slides
Lecture 5 Lecturer: Daniel Russo Scribe: Sharon Huang, Wenjun Wang, Jalaj Bhandari 1 Change of

Lecture 5 Lecturer: Daniel Russo Scribe: Sharon Huang, Wenjun Wang, Jalaj Bhandari 1 Change of

B9140 Dynamic Programming & Reinforcement Learning Lecture 5 - 09 Oct 2017 Lecture 5 Lecturer: Daniel Russo Scribe: Sharon Huang, Wenjun Wang, Jalaj Bhandari 1 Change of notation We introduce some change of notation with respect to the

287 views • 6 slides
Measuring for Success: Using Data to Reach Your Target Communities and Improve Enrollment

Measuring for Success: Using Data to Reach Your Target Communities and Improve Enrollment

Measuring for Success: Using Data to Reach Your Target Communities and Improve Enrollment Strategies August 6, 2015 2:00 PM Agenda Overview and Introductions From Statewide Tracking to On-the- Ground Impact: Metrics and Evaluation with

1.19k views • 71 slides
Digital Marketing Plan Checklist DIY Tourism Marketing Workshop Is it part of some larger

Digital Marketing Plan Checklist DIY Tourism Marketing Workshop Is it part of some larger

Digital Marketing Plan Checklist DIY Tourism Marketing Workshop Is it part of some larger objective? What are your business goals? Example : If seasonality is a significant business concern, that should affect your messaging, media, timing,

453 views • 24 slides
FACEBOOK ADVERTISING 101 #WOWWEBINAR Private and Confidential. Property of Whereoware, LLC.

FACEBOOK ADVERTISING 101 #WOWWEBINAR Private and Confidential. Property of Whereoware, LLC.

FACEBOOK ADVERTISING 101 #WOWWEBINAR Private and Confidential. Property of Whereoware, LLC. ABOUT US PRIVATELY HELD DIGITAL AGENCY 17 YEARS OF EXPERIENCE PERSONALIZED WEBSITES EMAIL CAMPAIGNS SEO & PPC

749 views • 70 slides
Unit 2 - The Role of Marketing U i 2 Th R l f M k i in a Modern Organisation in a Modern

Unit 2 - The Role of Marketing U i 2 Th R l f M k i in a Modern Organisation in a Modern

Unit 2 - The Role of Marketing U i 2 Th R l f M k i in a Modern Organisation in a Modern Organisation Planning and the Marketing Process Planning and the Marketing Process 1 CuuDuongThanCong.com https://fb.com/tailieudientucntt

354 views • 33 slides
DIGITAL MARKETING BOOTCAMP C H E R Y L L U Z E T I 1 0 . 0 3 . 2 0 2 0 S U C C E S S F U L L

DIGITAL MARKETING BOOTCAMP C H E R Y L L U Z E T I 1 0 . 0 3 . 2 0 2 0 S U C C E S S F U L L

WA G A D A S D I G I TA L M A R K E T I N G DIGITAL MARKETING BOOTCAMP C H E R Y L L U Z E T I 1 0 . 0 3 . 2 0 2 0 S U C C E S S F U L L Y D E L I V E R I N G O N L I N E V I S I B I L I T Y F O R A M B I T I O U S C L I E N T S

392 views • 38 slides

More recommend