Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
A Case for Expectation Informed Design - Full
1. A Case for Expectation Informed
Design
Presented by: Marie Joan Kristine T. Gloria
Ph.D. Student in Cognitive Science at RPI & in affiliation with the Cybersecurity & Internet Policy
Initiative at MIT-CSAIL
Tetherless World Constellation at Rensselaer Polytechnic Institute
PrivOn Workshop | ISWC 2015 | October 2015
2. Agenda
I. Problem & Motivation
II. Expectations: understanding choice & consent
III. Eliciting Expectation Project
IV. Preliminary Analysis & Insights
V. Future Work
3. Pew Internet Studies. 2015. “AMERICANS’ ATTITUDES ABOUT PRIVACY, SECURITY AND SURVEILLANCE”. 19 May 2015. http://pewrsr.ch/
1MhwUFI
4. From data breaches (e.g. Anthem, Home Depot, etc.) to unauthorized
surveillance, consumer privacy is plagued by violations. Yet, the amount of
data online continues to increase.
!
The thesis is motivated by this divergence between our collective
understanding of its value in society and our individual ability to protect it.
Problem & Motivation
6. Expectations: understanding choice &
consent
Technical
Social (legal)*
Behavioral
*This talk centers around U.S. legal standards and public policies
7. Vroom’s (1964) expectancy theory postulates how an individual chooses between
alternative forms of behavior within a decision-making scenario. The theory has three
main components:1
[1] Vroom, V.H. Work and Motivation. New York: Wiley, 1964.
Expectations: cognitive psychology POV
Expectancy [effort] x Instrumentality [performance] x Valence [rewards]
= Motivational Force
!
When multiplied together, these three components result in a “motivational force,”
which directs specific behavioral alternatives.
8. Expectations: cognitive psychology POV
Vroom (1964)
“Work & Motivation”
Laufer & Wolfe (1977)
“calculus - the cognitive trade off
among situational constraints”
Culnan & Armstrong (1999)
decisions are negatively affected by
anticipated costs of potential
privacy violation
Dinev & Hart (2006)
“privacy calculus - frames
information disclosure as a tradeoff
of benefits and risks”
McCarthy (2010)
Xu & Gupta (2009)
Acquisti & Grossklags (2007)
Norgberg & Horne (2007)
Keith et. al (2013)
9. • Individuals act in ways that they expect will maximize positive outcomes
and minimize negative ones.
• Expected Utility Hypothesis (Friedman and Savage, 1952)
• Individuals are assumed to be “rational” because they make decisions based
on a cost/benefit tradeoff, engaging in “utility maximization” decision
making
• Perceived privacy risks reduce disclosure intentions while perceived benefits
of information disclosure increase intentions (Dinev & Hart, 2006)
• Privacy paradox: individuals who claim to disclose information still
demonstrate relatively higher levels of actual information disclosure (Acquisti
& Grossklags, 2006)
Information Privacy Studies: Traditional Approaches to Contemporary
Hypotheses
10. Expectations: U.S. Legal POV
The notion of privacy trade-offs and consumer expectation permeates both
legal scholarship as well as corporate technology management practices.2
[2] Bamberger, K. A., & Mulligan, D. K. (2011). Privacy on the Books and on the Ground. Stanford Law Review, 63.
Federal
!
(e.g. 1st Amendment, 4th Amendment, HIPAA, COPPA, ECPA, GLBA, FCRA,
FERPA, CISA, DMCA, ECPA, CFAA, etc.)
State
!
(e.g. State Constitutions, statue - CA SB 568 “Privacy Rights for California
Minors in the Digital World”, CalECPA, etc.)
Layers of legal protection
11. Expectations: U.S. Legal POV
Ex: Fourth Amendment:
surveillance issues: police and government search
“expectation of privacy” legal test
Subjective expectation of privacy – a certain individual's opinion
that a certain location or situation is private; demonstrating
actions to ensure evidence was meant to be private
!
Objective, legitimate, reasonable expectation of privacy – An
expectation of privacy generally recognized by society (e.g.
garbage cans)
12. Expectations: U.S. Legal POV
Ex: Consumer Privacy Bill of Rights3
[3] White House. 2015. Administration Discussion Draft: Consumer Privacy Bill of Rights Act of 2015. Last accessed 2 May 2015.
https://www.whitehouse.gov/sites/default/files/omb/legislative/letters/cpbr-act-of-2015-discussion-draft.pdf
The Principle, Respect for Context (Sec. 103), states that “consumers
have a right to expect that organizations will collect, use, and
disclose personal data in ways that are consistent with the context in
which consumers provide the data.”
!
It outlines for companies a required set of considerations including
“research on consumers’ attitudes and understandings”.
!
The principle also suggests that context should “help determine which
personal data uses are likely to raise the greatest consumer privacy
concerns.”
13. Expectations: Technical manifestation
Privacy as
Confidentiality
“Hiding”
!
• Autonomous (digital)
sphere
!
• Data about persons is
protected so that
unauthorized others
cannot access it
Three Privacy Research Paradigms in Computer Science4
Privacy as Control
“Information Self-
Determination”
!
• User control - what is
shared and how it is
used
!
• Identity Management
Systems
Privacy as Practice
“Identity Construction”
!
• Intervene in the flows
of existing data; re-
negotiate boundaries
!
• Require: feedback,
intervention
[4] Gurses, S. (2010). “Multilateral Privacy Requirements Analysis.” Dissertation. Arenberg Doctoral School of
Science, Engineering & Technology. Faculty of Engineering Department of Computer Science
14. Q1: If an individual has no expectation of privacy, then
what type of information disclosure behaviors manifest
online? and why?
15. Eliciting Expectations Project
We simply ask:
What are these expectations of privacy? if any; and
How do we measure for them?
what we learned from the pilot study & focus groups:
•administered the pilot study using a snowball sample on Facebook and email
•two focus groups (consisting of freshman to senior RPI undergrads) were also
queried about the survey and its structure
changes made:
•discarded the “digital natives” sample due to lack of responses to the two case
scenarios
•health device: not interested in tracking health & lack of expendable income to
purchase device
•mobile payment systems: skewed heavily towards older students/participants; lack of
access to personal income thus no need for such apps
•likert scale was adjusted to a 4pt scale in order to force participant answer beyond
neutral
•discarded “health device application” scenario in order to focus only on mobile
payment systems
16. Eliciting Expectations Project v2
Survey Basics: [ IRB Approved 1422 ]
• Comprised of 3 main sections
• Section 1: evaluates expert vs. novice participants
• Section 2: explores across three levels of expectations
• Section 3: demographics
• Participant will answer 51 questions (approx. 20mins to complete)
• Dependencies: expert vs. novice
• Two case studies:
• location based services (e.g. Google Maps, FourSquare etc.)
• mobile payment systems (e.g. Square Cash, Apple Pay, etc.)
• Upon completing the survey, participants may be asked to volunteer
in a semi-structured interview
• Utilizes Qualtrics survey platform
• Sampling: convenience
QR: To what extent does a user’s knowledge of and preference for how data is
used impact his or her own information disclosure behaviors?
17. section I
Determines “expert” vs. “novice” participants.
Borrows from Rogers (2003), the following measurement categories of Internet
Expertise5:
!
Conative: What users “do” online - time and habits online
Cognitive: What users “thinks” online - technical and privacy knowledge
Affect: What the user “feels” online - feeling and attitudes while online
Conative
Cognitive
Affective
High Activity level Mid-Activity level Low Activity level
A C F
Positive Neutral Negative
[5] Rogers, B.L. Measuring Online Experience: It’s About More Than Time! Usability News, 5.2, 2003. Last accessed 1 April 2015. http://
psychology.wichita.edu/surl/usabilitynews/52/experience.htm
alpha-
grading similar to
quizzes
18. Explores the three level of privacy expectations
Grounded in legal theory and prior survey items:
•Expectations of privacy (EP): What a person’s expectations of
privacy is and what privacy rights should be expected.
•Expectations of violations (EV): What a person thinks will /can
happen when privacy rights are violated.
•Expectations of agency (EA): What a person thinks he/she can do to
control or protect his/her privacy rights.
section II
19. Hypothesis: Expectations are non-conditional of expertise or novice
level traits.6, 7
Informant Group
Expectation of
Privacy
(E
Expectation of
Violation
(E
Expectation of
Agency (E
Experts no effect no effect no effect
Novice no effect no effect no effect
[6] Kang, R., Dabbish, L., Fruchter, N., & Kiesler, S. (2015). “My Data Just Goes Everywhere”: User Mental Models of the
Internet and Implications for Privacy & Security. 11th Annual Symposium on Usable Privacy and Security. Ottawa, Canada.
https://www.usenix.org/system/files/conference/soups2015/soups15-paper-kang.pdf
[7] Monteleone, S., van Bavel, R., Rodríguez-Priego, N., & Esposito, G. (2015). “Nudges to Privacy Behaviour:
Exploring an Alternative Approach to Privacy Notices?” JRC Science and Policy Report. EU Commission. http://
publications.jrc.ec.europa.eu/repository/bitstream/JRC96695/jrc96695.pdf
20. Informant Group
Expectation of
Privacy
(E
Expectation of
Violation
(E
Expectation of
Agency (E
Legal Professionals
(e.g. lawyers,
policymakers, etc.)
HIGH HIGH Neutral
• First batch of informants: legal practitioners, policymakers, etc.
• Survey distribution:
• Convenience: via email & surveillance-coalition mailing list
• 11 total survey responses as of Aug 2015
• 10 chose the location- based mobile scenario
• 1 chose the mobile payment system
• Descriptive statistical analysis for the location-based respondents
Preliminary Analysis & Insights
21. Expectation of Privacy (EP)
When asked to indicate a level of agreement with the following statement:
“I agree that my location data should be collected and shared by third
parties in order to. . ”
Respondents disagreed or strongly disagreed with four of the five conditions with
the fifth condition receiving 5 “agree” responses.
22. Expectation of Violations (EV)
When asked to indicate a level of agreement with the following statement:
“My personal identity is private and cannot be discovered and or used in
nefarious ways by unauthorized persons.”
23. Preliminary Analysis & Insights
•CAVEAT: small dataset & not representative - still gathering
data
•What we’ve learned so far. .
• a) transparency and openness overlook concerns of
exposure;
• b) a continued and problematic underestimation of the
consumer8
; and,
• c) the need for relevance, respect and integrity as elements
of context.
[8] Turow, J., Hennessy, M., and Drape, N. The Tradeoff Fallacy: How Marketers Are Misrepresenting American
Consumers and Opening Them up to Exploitation. Annenberg School for Communication University of Pennsylvania.
(2015). https://www.asc.upenn.edu/sites/default/files/TradeoffFallacy_1.pdf
24. FUTURE WORK
• Continued data gathering for general survey
• Drill-down experiment: behavioral tracking on mobile
devices
• Open questions:
•How confident are we of the methods used to evaluate user
expectations are fit for purpose?
•How can this be helpful in shaping public policy regarding
the purpose and use of data?