Alessandro Acquisti, Laura Brandimarte, and Jeff Hancock, Are There Evolutionary Roots To Privacy Concerns?

Comment by: Dawn Schrader

PLSC 2013

Workshop draft abstract:

We present a series of experiments aimed at investigating potential evolutionary roots of privacy concerns.

Numerous factors determine our different reactions to offline and online threats. An act that appears inappropriate in one context (watching somebody undressing in their bedroom) is natural in another (on the beach); the physical threat of a stranger following us in the street is more ominous than the worst consequences of an advertiser knowing what we do online; common sense and social conventions tell us that genuine Rolexes are not sold at street corners – but fake Bank of America websites are found at what seem like the right URLs. There is, however, one crucial parallel that connects the scenarios we just described: our responses to threats in the physical world are sensitive to stimuli which we have evolved to recognize as signals of danger. Those signals are absent, subdued, or manipulated, in cyberspace. The “evolutionary” conjecture we posit and experimentally investigate is that privacy (as well as security) decision making in cyberspace may be inherently more difficult than privacy and security decision making in the physical world, because – among other reasons – online we lack, or are less exposed to, the stimuli we have evolved to employ offline as means of detection of potential threats.

Through a series of lab experiments, we are investigating this conjecture indirectly, by measuring the impact that the presence, absence, or changes to an array of stimuli in the physical world (which are mostly unconsciously processed) will have on security and privacy behavior in cyberspace.

 

Our approach focuses on the mostly unconsciously processed stimuli that influence security and privacy behavior in the offline world, and is posited on an evolutionary conjecture: Human beings have evolved sensorial systems selected to detect and recognize threats in their environment via physical, “external” stimuli. These stimuli, or cues, often carry information about the presence of others in one’s space or territory. The evolutionary advantages of being able to process and react to such stimuli are clear: by using these signals to assess threats in their physical proximity, humans reduce the chance of being preyed upon (Darwin, 1859; Schaller, Faulkner, Park, Neuberg & Kenrick, 2005). Under this conjecture, the modern, pre-information age notion of privacy may be an evolutionary by-product of the search for security. Such evolutionary explanation for privacy concerns may help explain why – despite the wide and diverse array of privacy attitudes and behaviors across time and geography – evidence of a desire for privacy, broadly constructed, can be found across most cultures. Furthermore, since in cyberspace, those signals are absent, subdued, or manipulated, generating an evolutionary “deficit,” such an evolutionary story may explain why privacy concerns that would normally be activated in the offline world are suppressed online, and defense behaviors are hampered.

The research we are conducting, therefore, combines lessons from disciplines that have been recently applied to privacy and security (such as usability, economics, or behavioral decision research) with lessons and methodologies from evolutionary psychology (Buss, 1991, 1995). While this gendered, evolutionary perspective is not without criticism, it can explain several patterns in online dating behavior. Women, for example, are more likely to include dated and otherwise deceptive photos in their profile than men (Hancock & Toma, 2009). Physical attractiveness also plays a role, with attractive daters lying less in their profiles and judging those who do lie more harshly than unattractive daters (Toma & Hancock, 2010). Indeed, extant cyber-research has been criticized for ignoring the evolutionary pressures that may shape online behaviors (see Kock, 2004), such as humans’ ability to cognitively adapt to new media, and their evolutionary preferences for certain media characteristics (e.g., synchronicity, collocation).

While we cannot directly test the evolutionary conjecture that the absence of stimuli, which humans have evolved to detect for assessing threats (including cues to the presence of other humans), contributes to our propensity to fall for cyberattacks or online privacy violations, we can test, through a series of human subjects experiments we have started piloting, how the presence, absence, or modifications in an array of stimuli in the physical world affect security and privacy behavior in cyberspace. The term “stimuli,” in the parlance of this proposal, is akin to the term “cues” as used in psychology and cognitive science. Our experiments focus on three types of such stimuli:

S1)    sensorial stimuli: auditory, visual, olfactory cues of the physical proximity of other human beings;
S2)    environmental stimuli: cues that signal to an individual certain characteristics of the physical environment in which the individual is located, such as crowdedness or familiarity;
S3)    observability stimuli: cues that signal whether the individual is possibly being surveilled.

The three categories are not meant as mutually exclusive (for instance, it is through our senses that we receive cues about the environment). Our experiments capture how manipulations of the stimuli in the physical environment of the subject influence both her privacy behavior in cyberspace. Privacy behavior is operationalized in terms of individuals’ propensity to disclose personal or sensitive information, as in previous experiments by the authors.