Jens Grossklags, Na Wang & Heng Xu: A field study of social applications’ data practices & authentication and authorization dialogues

By privacylaw | May 23, 2013 at 07:44 pm

Comment by: Ross Anderson

PLSC 2012

Workshop draft abstract:

Several studies have documented the constantly evolving privacy practices of social networking sites and users’ misunderstandings about them. Justifiably, users have criticized the interfaces to “configure” their privacy preferences as opaque, disjointed, uninformative and ultimately ineffective. The same problems have also plagued the constantly growing economy of third-party applications and their equally troubling authentication and authorization dialogues with important options being unavailable at installation time and/or widely distributed across the sites’ privacy options pages.

In this paper, we report the results of a field study of the current authorization dialogue as well as four novel designs of installation dialogues for the dominant social networking site. In particular, we study and document the effectiveness of installation-time configuration and awareness-enhancing interface changes when 250 users investigate our experimental application in the privacy of their homes.

Jens Grossklags & Nigel Barradale, Social Status and the demand for security and privacy

By privacylaw | May 22, 2013 at 09:32 pm

Jens Grossklags & Nigel Barradale, Social Status and the demand for security and privacy

Comment by: Alice Marwick

PLSC 2011

Workshop draft abstract:

The majority of the stakeholders of the political process argue for consistently increased funding for defense, anti-terrorism activities and domestic security. However, it is far from obvious whether these concerns for superior security activities are shared by the majority of citizens. Specifically, we argue that individuals belonging to different social status categories perceive the need for security and the sometimes associated privacy tradeoff in substantially different ways.

The method of investigation used is experimental, with 146 subjects interacting in high- or low-status assignments and the subsequent change in the demand for security and privacy being related to status assignment with a significant t-statistic up to 2.9, depending on the specification. We find that a high-status assignment strongly increases the demand for security. This effect is observable for two predefined sub-dimensions of security (i.e., personal and societal concerns) as well as for the composite measure. We find only weak support for an increase in the demand for privacy with a low-status manipulation.

Hence high status decision-makers, including the political elite, will be inclined to over-spend on security measures relative to the demand of the populace.

Kirsty Hughes, A Behavioural Understanding of Privacy as a Right to Respect for Barriers

By privacylaw | May 17, 2013 at 06:22 pm

Kirsty Hughes, A Behavioural Understanding of Privacy as a Right to Respect for Barriers

Comment by: Jens Grossklags

PLSC 2010

Workshop draft abstract:

The existing scholarship has tended to focus upon the identification of privacy interests and problems. However, when one examines human behaviour it is apparent that privacy is highly subjective and that it is experienced in various forms. Drawing upon theories of privacy developed in the behavioural sciences the paper argues that we need a theory of privacy, which reflects the way that privacy is experienced. Privacy experiences are mutually created ones. They require an individual to successfully mobilise privacy barriers to prevent others from accessing him or her and they are dependent upon others respecting those barriers. Thus privacy barriers play a fundamental role in privacy experiences.

Samuel Rickless developed the original barrier theory in an article published in the San Diego Law Review in 2007. Rickless’s theory is based upon the idea that we should respect those barriers that individuals use to prevent us from discovering personal facts about them. The idea that privacy is concerned with the preservation of barriers is similar to accounts of privacy developed in the behavioural sciences, but this is not explored in Rickless’s account. Moreover, Rickless’s theory is restricted to the preservation of private information.

The paper harnesses the insights of the behavioural sciences and builds upon Rickless’s work to develop a theory of privacy that reflects understandings of privacy experiences. The paper argues that the right to privacy can be explained as a right to respect for those barriers that individuals use to prevent others from accessing them. Three types of privacy barriers are identified and analysed: (i) physical; (ii) behavioural; and (iii) normative. The paper argues that an invasion of privacy occurs when these barriers are penetrated.

Eric Goldman, Reputational Information: A Research Agenda

By privacylaw | May 16, 2013 at 11:17 pm

Eric Goldman, Reputational Information: A Research Agenda

Comment by: Jens Grossklags

PLSC 2009

Published version available here: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1754628

Workshop draft abstract:

This paper looks at the supply, demand and regulation of reputational information. I define “reputational information” as information about an individual or company’s past performance that helps a decision-maker predict the individual or company’s future performance. Reputational information plays a critical role in marketplaces because it can help reward good producers and punish poor performers. As a result, any defect in the supply or demand of reputational information can seriously distort the marketplace generally.

My first observation is that consumers know lots of valuable reputational information but that information does not help other consumers make marketplace decisions so long as it remains private information. Consumers do “communicate” their views through their marketplace decisions (such as continuing as a repeat customer, or switching to a new option), but each individual consumer’s decision is often not readily observable by other consumers, and the rationales for consumer decision-making (such as why the consumer chose one product or competitor over others) is rarely publicly available either. The marketplace mechanism might improve with better supply of this private information.

My second observation is that many reputational systems exist, but they are regulated quite differently. For example, compare credit scores, where both supply and demand are heavily regulated, with recommendation letters, which are virtually unregulated. This heterogeneity of regulatory structures for reputational systems raises some questions. Why the differences? Can we use our experiences with one reputational system to craft better regulations of other reputational systems?

Expanding on these two observations, this paper will have four parts. The first part will inventory the various types of reputational systems and describe their similarities and differences. The second part will consider supply factors of reputational information, including how financial incentives can stimulate production, how disincentives (such as the threat of legal action for providing negative comments) may suppress supply, the credibility of reputational information (including pay-for-play and how supplying reputational information affect the supplier’s reputation), the role of intermediaries and the role of anonymity.

The third part will consider demand factors of reputational information, including credibility concerns of consumers of reputational information (and how consumers reduce transaction costs by “outsourcing” reputational assessments), privacy concerns and the potential for consumers to misinterpret aggregated reputational information.

The final part will develop policy guidelines for regulatory intervention into the supply and demand of reputational information. This part will conclude by identifying situations where the heterogeneity of current regulatory structures might be suboptimal.

Archives