Seda Gürses, “Privacy is don’t ask, confidentiality is don’t tell” An empirical study of privacy definitions, assumptions and methods in computer science research and Robert Sprague and Nicole Barberis, An Ontology of Privacy Law Derived from Probabilistic Topic Modeling Applied to Scholarly Works Using Latent Dirichlet Allocation (joint workshop)
Comment by: Helen Nissenbaum
Workshop draft abstract:
Since the end of the 60s, computer scientists have engaged in research on privacy and information systems. Over the years, this research has led to a whole palette of “privacy solutions”. These vary from design principles and privacy tools, to the application of privacy enhancing techniques. These solutions originate from diverse sub-fields of computer science, e.g., security engineering, databases, software engineering, HCI, and artificial intelligence. From a bird’s eye view, all of these researchers are studying privacy. However, a closer look reveals that each community of researchers relies on diﬀerent, sometimes even conflicting, definitions of privacy, and on a variety of social and technical assumptions. At best, they are referring to diﬀerent facets of privacy and, at worst, they fail to take into account the diversity of existing definitions and to integrate knowledge on the phenomenon generated by other communities (Gürses and Diaz, 2013). Researchers do have a tradition of assessing the (implicit) definitions and assumptions that un- derlie the studies in their respective communities (Goldberg, 2002; Patil et al., 2006). However, a systematic evaluation of privacy research prac- tice across the diﬀerent computer science communities is so far absent. This paper contributes to closing this gap through an empirical study of privacy research in computer science. The focus of the paper is on the diﬀerent notions of privacy that the 30 interviewed privacy researchers employ, as well as on the dominant worldviews that inform their practice. Through a qualitative analysis of their responses using grounded theory we consider how the researchers framing of privacy aﬀects what counts as “worthwhile problems” and “acceptable scientific evidence” in their studies (Orlikowski and Baroudi, 1991). We further analyze how these conceptions of the problem prestructure the potential solutions to privacy in their fields (Van Der Ploeg, 2005).
We expect the results to be of interest beyond the confines of computer science. Previous studies on how privacy is conceived and addressed in practice have brought new perspectives to “privacy on the books” (Bamberger and Mulligan, 2010): users’ changing articulations of privacy in networked publics (danah boyd, 2007), the evolution of privacy as practiced by private organizations (Bamberger and Mulligan, 2010), the conceptualization of privacy in legal practice (Solove, 2006), or the framing of privacy in media coverage in diﬀerent cultural contexts (Petrison and Wang, 1995). However, few studies have turned their gaze on the re- searchers themselves with the objective of providing a critical reflection of the field (Smith et al., 2011). The few studies that exist in computer science focus on artifacts produced by the researchers, e.g., publications, or provide an analysis of the state-of-the-art written by insiders. While these are valuable contributions, we expect the comparative and the empirical nature of our study to provide deep and holistic insight into privacy research in computer science.
Kenneth A. Bamberger and Deirdre K. Mulligan. Privacy on the Books and on the Ground. Stanford Law Review, 63:247 – 316, 2010.
danah boyd. Why Youth (Heart) Social Network Sites: The Role of Net- worked Publics in Teenage Social Life. The John D. and Catherine T. MacArthur Foundation Series on Digital Media and Learning, pages 119–142,
2007. URL http://www.mitpressjournals.org/doi/abs/10.1162/dmal.9780262524834.119.
Ian Goldberg. Privacy-enhancing technologies for the Internet, II: Five years later. In Proc. of PET 2002, LNCS 2482, pages 1–12. Springer, 2002.
Seda Gu¨rses and Claudia Diaz. An activist and a consumer meet at a social network … IEEE Security and Privacy (submitted), 2013.
Wanda J. Orlikowski and Jack. J. Baroudi. Studying Information Technology in Organizations: Research Approaches and Assumptions. Information Systems Research, 2(1):1 – 28, 1991.
Sameer Patil, Natalia Romero, and John Karat. Privacy and HCI: Methodologies for studying privacy issues. In CHI ’06 Extended Abstracts on Human Factors in Computing Systems, CHI EA ’06, pages 1719–1722, New York, NY, USA,
2006. ACM. ISBN 1-59593-298-4. doi: 10.1145/1125451.1125771. URL http://doi.acm.org/10.1145/1125451.1125771.
Lisa A. Petrison and Paul Wang. Exploring the dimensions of consumer privacy: an analysis of coverage in british and american media. Journal of Direct Marketing, 9(4):19–37, 1995. ISSN 1522-7138. doi: 10.1002/dir.4000090404. URL http://dx.doi.org/10.1002/dir.4000090404.
H. Jeﬀ Smith, Tamara Dinev, and Heng Xu. Information Privacy Research: An interdisciplinary review. MIS Quarterly, 35(4):989–1016, December 2011.
ISSN 0276-7783. URL http://dl.acm.org/citation.cfm?id=2208940.2208950.
Daniel J. Solove. A Taxonomy of Privacy. University of Pennsylvania Law Review, 154(3), January 2006.
Irma Van Der Ploeg. Keys To Privacy. Translations of “the privacy problem” in Information Technologies, pages 15–36. Maastricht: Shaker, 2005.