Archives

Pedro Giovanni Leon, Justin Cranshaw, Lorrie Faith Cranor, Jim Graves, Manoj Hastak, Blase Ur and Guzi Xu, What Do Online Behavioral Advertising Disclosures Communicate to Users?

By privacylaw | Posted on

Pedro Giovanni Leon, Justin Cranshaw, Lorrie Faith Cranor, Jim Graves, Manoj Hastak, Blase Ur and Guzi Xu, What Do Online Behavioral Advertising Disclosures Communicate to Users?

Comment by: Mary Culnan

PLSC 2012

Workshop draft abstract:

In this paper we present the results of a large online user study that

evaluates the industry-promoted mechanism designed to empower users to manage their online behavioral advertising privacy preferences.  700 [we expect about 1200] participants were presented with simulated behavioral advertisements in the context of a simulated and controlled web-browsing session. Subjects were divided into conditions to test two online behavioral advertisement disclosure icons, seven taglines (including no tagline), and five opt-out landing pages. Following this simulation, we surveyed the users about their understanding and perception of the OBA notification elements that they saw. Our [preliminary] results show that users often do not notice the icons or taglines, and that the industry-promoted tagline does a poor job of communicating with users. On the other hand, users found many of the opt-out landing pages to be informative and understandable.

Our results show various levels of effectiveness of disclosure taglines across three dimensions: clickability, notice, and choice. We found that only out about a quarter of participants ever recalled having seen the taglines, and that no tagline was effective at communicating all three concepts to users. We also found that “AdChoices,” the current tagline promoted by industry groups, was among the least communicative of the taglines we tested.  Conversely we found that the tagline “Why did I get this ad?” which has recently been adopted by the Google AdSense Network, performed well at communicating clickability and notice. Our work suggests that taglines that suggest an action are more effective at conveying the clickability of the link, which is a critical aspect of the disclosure, allowing users to seek more information or configure their OBA preferences. Furthermore, although none of the symbols was particularly effective at providing notice and choice, we found that the symbols are important at communicating clickability. In particular, the poweri symbol better conveyed clickability than the asterisk man symbol.

We tested the opt-out landing pages provided by AOL, Yahoo!,

Microsoft, Goolge, and Monster [and may test a few more].  All but the Monster Career Ad Network were perceived as informative and

understandable. AOL and Microsoft opt-out pages were shown to be more effective at encouraging users to opt out.

Mary J. Culnan, Accountability as the Basis for Regulating Privacy: Can Information Security Regulations Inform a New Policy Regime for Privacy?

By privacylaw | Posted on

Mary J. Culnan: Accountability as the Basis for Regulating Privacy: Can Information Security Regulations Inform a New Policy Regime for Privacy?

Comment by: Joe Alhadeff

PLSC 2011

Workshop draft abstract:

There is an emerging consensus that the current regulatory regime for privacy based on notice/choice or harm is not effective and needs to be revisited. In general, the current approaches place too much burden on individuals, frequently deal with privacy only after harm has occurred, and have failed to motivate organizations to address privacy proactively by implementing effective risk management processes. This paper adopts Solove’s view that privacy is best characterized as a set of problems resulting from the ways organizations process information. As a result, the most effective way to address privacy is for organizations to proactively avoid causing privacy problems through accountability.

First, the paper first argues why a new approach based on accountability is both necessary and appropriate. Next, the requirements of three information security laws (GLB Safeguards Rule, HIPAA Security Rule and the Massachusetts Standards for the Protection of Personal Information) were analyzed against the elements of accountability and the feasibility of adapting these requirements to privacy were assessed. These laws require organizations to develop security programs appropriate to the organization’s size, its available resources, and the amount and sensitivity of stored data. While these security laws are judged to provide a good starting point for privacy legislation, there are also additional challenges that need to be addressed for privacy and these are described. The paper concludes by reviewing arguments in favor of adopting a delegation approach to privacy regulation rather than the traditional compliance approach.

Priscilla M. Regan & Gerald FitzGerald, Generational Views of Privacy?

By privacylaw | Posted on

Priscilla M. Regan & Gerald FitzGerald, Generational Views of Privacy?

Comment by: Mary Culnan

PLSC 2010

Workshop draft abstract:

There is a growing body of social science research about the behavior and attitudes of young people online (Valentine and Halloway 2002, Livingstone and Bober 2003, Steeves 2006) and especially in social-networking sites, such as Facebook (Lenhart and Madden 2007).  I propose to expand on that research in several ways: by focusing on privacy rather than on a larger set of values; by examining attitudes rather than behavior; and by comparing attitudes across age groups rather than examining a specific age group in detail.  Specifically, I propose to perform an age cohort analysis of responses to “concern about privacy and technology” using data from a range of public opinion surveys beginning in the early 1980s and including the privacy surveys of Alan Westin and Lou Harris, and the Pew Internet and American Life surveys.  The goal of this part of the research is to determine if there are indeed generational patterns in concerns about privacy, to identify consistencies and disjunctures among generational attitudes, and to determine how these patterns have emerged over time.  Although scholars have analyzed changes in concern about privacy over time (Gandy 2003), no one has examined how age cohorts’ views of privacy are different or similar and how those age cohorts’ views change or endure over time.  The central argument/hypothesis of this research is that as generations increasingly use computer and information technologies in seamlessly mediating their online and offline worlds they see these technologies as integral to their way of “presenting themselves” (Goffman 1959) and that this in turn causes/contributes to a fundamental change in the way the generations conceptualize privacy as a value in their lives.

Ira Rubinstein, Anonymity Reconsidered

By privacylaw | Posted on

Ira Rubinstein, Anonymity Reconsidered

Comment by: Mary Culnan

PLSC 2009

Workshop draft abstract:

According to the famous New Yorker cartoon, “On the Internet, nobody knows you’re a dog.”  Today-about 15 years later-this caption is less apt; if “they” don’t know who you are they at least know what brand of dog food you prefer and who you run with.  Internet anonymity remains very problematic.  On the one hand, many privacy experts would say that anonymity is defunct, citing as evidence the increasing use of the Internet for data mining and surveillance purposes.  On the other, a wide range of commentators are equally troubled by the growing lack of trust on the Internet and many view as a leading cause of this problem the absence of a native “identity layer”-i.e., a reliable way of identifying the individuals with whom we communicate and the Web sites to which we connect.  While the need for stronger security and better online identity mechanisms grows more apparent, the design and implementation of identity systems inevitably raises longstanding concerns over the loss of privacy and civil liberties. Furthermore, with both beneficial and harmful uses, the social value of Internet anonymity remains highly contested.  For many, this tension between anonymity and identity seems irresolvable, leading to vague calls for balancing solutions or for simply preserving the status quo because proposed changes would only make matters worse.  This paper offers a fresh look at some of the underlying assumptions of the identity-anonymity standoff by re-examining the meaning of anonymity and raising questions about three related claims: 1) anonymity is the default in cyberspace; 2) anonymity is essential to protecting online privacy; and, 3) the First Amendment confers a right of anonymity.  Based on the results of this analysis, the paper concludes by critically evaluating a recently issued CSIS report entitled “Securing Cybersecurity for the 44th Presidency,” which includes 7 major recommendations, one of which is that the government require strong authentication for access to critical infrastructure.