Visible to the public Operationalizing Contextual Integrity - January 2020Conflict Detection Enabled

Submitted by Serge Egelman on Wed, 02/05/2020 - 4:22pm

PI(s), Co-PI(s), Researchers: Serge Egelman, Primal Wijesekera, Alisa Frik, and Julia Bernd (ICSI); Helen Nissenbaum (Cornell Tech)

HARD PROBLEM(S) ADDRESSED
Human Behavior: We are designing human subjects studies to examine how privacy perceptions change as a function of contextual privacy norms. Our goal is to design and develop future privacy controls that have high usability because their design principles are informed by empirical research.

Metrics: We seek to build models of human behavior by studying it in both the laboratory and the field. These models will inform the design of future privacy controls.

Policy-Governed Secure Collaboration: One goal of this project is to examine how policies surrounding the acceptable use of personal data can be adapted to support the theory of contextual integrity.

Scalability and Comporsability: Ultimately, our goal is to be able to design systems that function on contextual integrity's principles, by automatically applying inferred privacy norms from one context and applying them to future contexts.

PUBLICATIONS

Nathan Malkin, Serge Egelman, and David Wagner. 2019. Privacy controls for always-listening devices. In Proceedings of the New Security Paradigms Workshop (NSPW '19). Association for Computing Machinery, New York, NY, USA, 78-91. DOI:https://doi.org/10.1145/3368860.3368867

KEY HIGHLIGHTS

We have been developing a mobile application that will allow us to perform usability studies within people's homes. In the planned study, the mobile phone app will simulate an "always listening assistant" that will then be used to survey participants about how they might make use of such a device, as well as to gauge their privacy concerns. Specifically, the app will ask them about recent conversations that they had within their home, how a voice-enabled IoT device might offer services based on that conversation, and then any privacy concerns that they may have. Our goal is to collect data about varying realistic scenarios, so that we can use the contextual integrity framework to model participants' privacy concerns (thus allowing us to predict them in the future). We are testing the software to collect this data and expect to perform the experiment in the next quarter.

In a related vein, we're planning several additional experiments in which we evaluate a proposed IoT access control system. The basic idea is that if devices are constantly monitoring their environments for input (e.g., audio, video, etc.), and if they act as platforms for third-party apps to access this sensor data, access control mechanisms will be needed to regulate how and under what circumstances these apps can access the data. Our NSPW paper lays out some of the details. We're now implementing several of these systems so that we can perform studies to evaluate them.

Received the 2020 Privacy Papers for Policymakers Best Student Paper for "Privacy Attitudes of Smart Speaker Users" by Nathan Malkin, Joe Deatrick, Allen Tong, Primal Wijesekera, Serge Egelman, and David Wagner (reported in a prior quarter; the paper was published at PETS 2019).

COMMUNITY ENGAGEMENTS

EDUCATIONAL ADVANCES:

The above publication will be the framework for a Ph.D. thesis (Nathan Malkin).

Groups: