BYU logo Computer Science
CS 465 Introduction to Security and Privacy

Privacy Frameworks

Reading

What is Privacy?

  • defining privacy is difficult

  • many conceptions!

    • sensitivity of information
    • awareness and control of information
    • privacy states (anonymity, intimacy)
    • privacy as a fundamental right
    • privacy as a commodity
    • fundamental aspect of democracy
    • privacy as a legal concept (“as long as we get consent and provide opt-out, our company is legally covered to collect and use this consumer data”)

  • HCI (socio-technical academic work) often uses a privacy framework

  • Review key concepts

    • Privacy is a complex, multifaceted concept
    • Being aware of different privacy theories and frameworks is the first step toward advancing modern privacy
    • Privacy is contextual
    • Being aware of diverse privacy perspectives can help researchers, practitioners, and policy-makers ensure that they are considering privacy holistically and not unintentionally missing key components.

  • Additional Reading

Privacy Calculus

  • people often use a cost-benefit analysis when deciding whether to disclose or withhold information

  • often used in economic research

  • research has identified both benefits and drawbacks to disclosure of information in a variety of scenarios

  • Solove has developed a taxonomy of privacy threats

    • informaton collection (collecting sensitive information)
    • information processing (how data is used and stored)
    • informaton dissemination (unauthorized sharing)
    • invasion (too much information, constant interruptions)

  • Uses and Gratifications theory — “users purposely select the media they consume to satisfy their social and psychological needs, hence, it provides an explanation of individual media usage behaviors in terms of specific underlying motives and socio-psychological characteristics”

Privacy paradox

  • seeming contradiction between stated privacy concerns and actual behavior
  • cost benefits may not always be weighed in a rational way
  • bounded rationality — people select a decision that is satisfactory rather than optimal
    • satisficing — look to the simplest, most readily accessible solution, regardless of more effective options being available at greater cost and time
    • future consequences may not be weighted as heavily as immediate gratifications
  • paradox may be explained by usability (people want control but it is hard to actually control information)
  • paradox may be explained by impracticalities (people can’t avoid Facebook privacy issues because Facebook is central to neighborhood / community / politics / family)
  • paradox may be explained by people imagining they are disclosing to a given audience, when this does not match up with the reality of who is privy to that information

Privacy as Social Context, Norms, and Values

  • social norms — “shared standards of acceptable behavior by groups”

  • privacy norms are grounded in contexts, “where each context is associated with expectations for who should share what type of information to whom and in what circumstances”

  • contextual integrity framework

    • actors
      • information owner
      • information sender
      • information receiver
    • type of information
    • transmisson principles — rules for how information can be transferred from actor to actor

  • example

    • “A school sending a student’s parents their academic records through a password-protected parent portal”
    • What if “it is a different student’s records, or if the recipient is a journalist, or if the records are posted on a website?

  • example

    • “sharing accurate details about patient behavior and health habits may help physicians hone in on a more accurate diagnosis, improving quality of life”
    • “yet, the same information may be considered incriminating in a workplace context if health information can lead to discrimination against those whose are perceived as having less healthy habits”

  • example

    • “study on drone bystanders’ privacy shows that people’s privacy concerns about drone usage are highly dependent on context and purpose (e.g., using a drone in a friend’s party for personal recording use causes less concerns)""

  • “While much past privacy research has emphasized giving users control over their data, the CI framework asserts that people are more interested in appropriate information disclosures.”

  • “Probing on these various dimensions of who, what, where, when, why, and how can give a fuller picture of privacy norms. ”

  • Type of information matters — “studies have shown that people may worry about inferences made based on their past purchases, web browsing history, or emails”

  • Read this example: “In 2018, Uber and Lyft garnered negative press from news media as some drivers were caught livestreaming their rides over the Internet…”

  • “While many of the examples in the previous sections involve data connected to a readily identifiable individual, note that privacy threats still exist even when data is collected from anonymous users. The data can still lead to identification of an individual because of inferences made from the content or the record of the user’s social connections. Thus, context is key to the interpretability of any given information, and simply removing typical personal identifiers does not guarantee privacy.”

  • Additional reading