Helen Nissenbaum

DOI: https://doi.org/10.1515/til-2019-0008

2019-03-16

Theoretical Inquiries in Law

Abstract:Abstract According to the theory of contextual integrity (CI), privacy norms prescribe information flows with reference to five parameters — sender, recipient, subject, information type, and transmission principle. Because privacy is grasped contextually (e.g., health, education, civic life, etc.), the values of these parameters range over contextually meaningful ontologies — of information types (or topics) and actors (subjects, senders, and recipients), in contextually defined capacities. As an alternative to predominant approaches to privacy, which were ineffective against novel information practices enabled by IT, CI was able both to pinpoint sources of disruption and provide grounds for either accepting or rejecting them. Mounting challenges from a burgeoning array of networked, sensor-enabled devices (IoT) and data-ravenous machine learning systems, similar in form though magnified in scope, call for renewed attention to theory. This Article introduces the metaphor of a data (food) chain to capture the nature of these challenges. With motion up the chain, where data of higher order is inferred from lower-order data, the crucial question is whether privacy norms governing lower-order data are sufficient for the inferred higher-order data. While CI has a response to this question, a greater challenge comes from data primitives, such as digital impulses of mouse clicks, motion detectors, and bare GPS coordinates, because they appear to have no meaning. Absent a semantics, they escape CI’s privacy norms entirely .

Haoran Li,Wei Fan,Yulin Chen,Jiayang Cheng,Tianshu Chu,Xuebing Zhou,Peizhao Hu,Yangqiu Song

2024-08-19

Abstract:Privacy research has attracted wide attention as individuals worry that their private data can be easily leaked during interactions with smart devices, social platforms, and AI applications. Computer science researchers, on the other hand, commonly study privacy issues through privacy attacks and defenses on segmented fields. Privacy research is conducted on various sub-fields, including Computer Vision (CV), Natural Language Processing (NLP), and Computer Networks. Within each field, privacy has its own formulation. Though pioneering works on attacks and defenses reveal sensitive privacy issues, they are narrowly trapped and cannot fully cover people's actual privacy concerns. Consequently, the research on general and human-centric privacy research remains rather unexplored. In this paper, we formulate the privacy issue as a reasoning problem rather than simple pattern matching. We ground on the Contextual Integrity (CI) theory which posits that people's perceptions of privacy are highly correlated with the corresponding social context. Based on such an assumption, we develop the first comprehensive checklist that covers social identities, private attributes, and existing privacy regulations. Unlike prior works on CI that either cover limited expert annotated norms or model incomplete social context, our proposed privacy checklist uses the whole Health Insurance Portability and Accountability Act of 1996 (HIPAA) as an example, to show that we can resort to large language models (LLMs) to completely cover the HIPAA's regulations. Additionally, our checklist also gathers expert annotations across multiple ontologies to determine private information including but not limited to personally identifiable information (PII). We use our preliminary results on the HIPAA to shed light on future context-centric privacy research to cover more privacy regulations, social norms and standards.

Computation and Language,Cryptography and Security

Huichuan Xia

DOI: https://doi.org/10.24251/hicss.2023.292

2023-01-01

Abstract:The Contextual Integrity (CI) theory provides a benchmark for privacy protection or violation according to the appropriateness of information collection and flows in a certain context. As privacy threats and protections develop and vie in various mobile contexts, how smartphone users represent the benchmark CI in their minds deserves exploration. In this study, we inquired into 18 smartphone users’ privacy mental models of CI. We found that they verbalized and visualized three patterns of information flow (i.e., unidirectional lines, branching tree, and complex network) and two categories of information collection (i.e., monetization-oriented and monitoring-based). With these mental models, our participants expressed numerous privacy concerns, such as unstoppable information sharing, data monetization, and surveillance. We discussed these findings and concluded that even though mobile operating systems and apps have claimed to be privacy-friendly and protective, some users remain dubious about such claims even though their privacy mental models may not accurately reflect reality.

Yan Shvartzshnaider,Noah Apthorpe,Nick Feamster,Helen Nissenbaum

DOI: https://doi.org/10.48550/arXiv.1809.02236

2018-09-07

Abstract:In this paper, we demonstrate the effectiveness of using the theory of contextual integrity (CI) to annotate and evaluate privacy policy statements. We perform a case study using CI annotations to compare Facebook's privacy policy before and after the Cambridge Analytica scandal. The updated Facebook privacy policy provides additional details about what information is being transferred, from whom, by whom, to whom, and under what conditions. However, some privacy statements prescribe an incomprehensibly large number of information flows by including many CI parameters in single statements. Other statements result in incomplete information flows due to the use of vague terms or omitting contextual parameters altogether. We then demonstrate that crowdsourcing can effectively produce CI annotations of privacy policies at scale. We test the CI annotation task on 48 excerpts of privacy policies from 17 companies with 141 crowdworkers. The resulting high precision annotations indicate that crowdsourcing could be used to produce a large corpus of annotated privacy policies for future research.

Computers and Society

Ran Wolff

2024-05-15

Abstract:The contextual integrity model is a widely accepted way of analyzing the plurality of norms that are colloquially called "privacy norms". Contextual integrity systematically describes such norms by distinguishing the type of data concerned, the three social agents involved (subject, sender, and recipient) and the transmission principle governing the transfer of information. It allows analyzing privacy norms in terms of their impact on the interaction of those agents with one another.

Computers and Society

Wayne Wei Wang

DOI: https://doi.org/10.1016/j.clsr.2024.106030

IF: 2.707

2024-01-01

Computer Law & Security Review

Abstract:This article examines the evolutionary trajectory of perceptual diversification concerning Yinsi, privacy, and personal information in China. It elucidates how efforts to integrate privacy within the constitutional framework, a complex undertaking, have resulted in a heterogeneous system. This system forges an economically rational, technologically trustworthy, and socially experimental infrastructure that simultaneously embodies materialist and post-neoliberal characteristics. The study traces the transformation from collectivist and charismatic conceptualization to judicial unevenness arising from the unwritten nature of de-constitutionalized privacy. This evolution ultimately leads to digital incentive compatibility, reflecting a pressure-driven post-neoliberal economic rationale. Personal information with Chinese characteristics represents a normative construct aimed at harmonizing economic liberties and enhancing market efficiency while exemplifying sovereign statecraft of data production relations. The article underscores China's paternalist yet inertial adaptability, manifested in its pursuit of legal and institutional reforms concerning social identity, shaping socio-economic and performance legitimacy structures. Furthermore, the study introduces a tripartite cognitive and infrastructural schema of identifiability, incorporating legal, technological, and social dimensions to highlight the interchangeable roles that the state, private sector, and individuals have played in institutionalizing identities. The inherent complexities of such systems might expose them to market inefficiencies and digital harms, particularly when hierarchical interventions deviate from the original economic intention of data production and circulation. Consequently, the article advocates for elevating privacy constitutionalism to a more explicit and codified status in both legislative and judicial domains. This elevation would confer formal authority to address imbalances and unchecked competing interests in public and private stakeholderism, ultimately striving for a polycentric and proportionate (re-)equilibrium between the normative efficiency of identity infrastructures and the preservation of moral rights in digital China.

Karoline Brehm,Yan Shvartzshnaider,David Goedicke

2023-03-24

Abstract:The multicontextual nature of immersive VR makes it difficult to ensure contextual integrity of VR-generated information flows using existing privacy design and policy mechanisms. In this position paper, we call on the HCI community to do away with lengthy disclosures and permissions models and move towards embracing privacy mechanisms rooted in Contextual Integrity theory.

Computers and Society

Noah Apthorpe,Yan Shvartzshnaider,Arunesh Mathur,Dillon Reisman,Nick Feamster

DOI: https://doi.org/10.1145/3214262

2018-07-05

Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies

Abstract:The proliferation of Internet of Things (IoT) devices for consumer "smart" homes raises concerns about user privacy. We present a survey method based on the Contextual Integrity (CI) privacy framework that can quickly and efficiently discover privacy norms at scale. We apply the method to discover privacy norms in the smart home context, surveying 1,731 American adults on Amazon Mechanical Turk. For $2,800 and in less than six hours, we measured the acceptability of 3,840 information flows representing a combinatorial space of smart home devices sending consumer information to first and third-party recipients under various conditions. Our results provide actionable recommendations for IoT device manufacturers, including design best practices and instructions for adopting our method for further research.

English Else

Ero Balsa,Yan Shvartzshnaider

2023-12-05

Abstract:Privacy enhancing technologies, or PETs, have been hailed as a promising means to protect privacy without compromising on the functionality of digital services. At the same time, and partly because they may encode a narrow conceptualization of privacy as confidentiality that is popular among policymakers, engineers and the public, PETs risk being co-opted to promote privacy-invasive practices. In this paper, we resort to the theory of Contextual Integrity to explain how privacy technologies may be misused to erode privacy. To illustrate, we consider three PETs and scenarios: anonymous credentials for age verification, client-side scanning for illegal content detection, and homomorphic encryption for machine learning model training. Using the theory of Contextual Integrity, we reason about the notion of privacy that these PETs encode, and show that CI enables us to identify and reason about the limitations of PETs and their misuse, and which may ultimately lead to privacy violations.

Cryptography and Security,Computers and Society,Information Theory

Jessica Vitak,Michael Zimmer

DOI: https://doi.org/10.1177/2056305120948250

2020-07-01

Social Media + Society

Abstract:The global coronavirus pandemic has raised important questions regarding how to balance public health concerns with privacy protections for individual citizens. In this essay, we evaluate contact tracing apps, which have been offered as a technological solution to minimize the spread of COVID-19. We argue that apps such as those built on Google and Apple’s “exposure notification system” should be evaluated in terms of the contextual integrity of information flows; in other words, the appropriateness of sharing health and location data will be contextually dependent on factors such as who will have access to data, as well as the transmission principles underlying data transfer. We also consider the role of prevailing social and political values in this assessment, including the large-scale social benefits that can be obtained through such information sharing. However, caution should be taken in violating contextual integrity, even in the case of a pandemic, because it risks a long-term loss of autonomy and growing function creep for surveillance and monitoring technologies.

communication

Ido Sivan-Sevilla,Parthav Poudel

2024-12-20

Abstract:The collapse of social contexts has been amplified by digital infrastructures but surprisingly received insufficient attention from Web privacy scholars. Users are persistently identified within and across distinct web contexts, in varying degrees, through and by different websites and trackers, losing the ability to maintain a fragmented identity. To systematically evaluate this structural privacy harm we operationalize the theory of Privacy as Contextual Integrity and measure persistent user identification within and between distinct Web contexts. We crawl the top-700 popular websites across the contexts of health, finance, news & media, LGBTQ, eCommerce, adult, and education websites, for 27 days, to learn how persistent browser identification via third-party cookies and JavaScript fingerprinting is diffused within and between web contexts. Past work measured Web tracking in bulk, highlighting the volume of trackers and tracking techniques. These measurements miss a crucial privacy implication of Web tracking - the collapse of online contexts. Our findings reveal how persistent browser identification varies between and within contexts, diffusing user IDs to different distances, contrasting known tracking distributions across websites, and conducted as a joint or separate effort via cookie IDs and JS fingerprinting. Our network analysis can inform the construction of browser storage containers to protect users against real-time context collapse. This is a first modest step in measuring Web privacy as contextual integrity, opening new avenues for contextual Web privacy research.

Cryptography and Security,Computers and Society,Human-Computer Interaction

Le Cheng,Xitao Hu

DOI: https://doi.org/10.1177/21582440241299677

IF: 2.032

2024-01-01

SAGE Open

Abstract:Personal information security has become a critical concern in the digital era, so it is imperative to clearly delimit and define personal information. This study examines personal information legislation from a sociosemiotic perspective to identify the similarities and differences between legislation in the United States and China. It reviews the evolution of personal information in both countries, and explores their differences in the definition of privacy, the status quo of personal information legislation, the definition of personal information and cross-border personal information flow. The findings indicate that (1) personal information, noted as a social sign, has context-sensitive characteristics, i.e., spatiality and temporality; (2) the meaning-making process of personal information is a continuum; and (3) there exists an intersemiotic operation between language, law and society. Such a sociosemiotic exploration can shed light on relevant studies in the sociosemiotic analysis of legal discourse in particular as well as other context-sensitive discourses in general.

Andy Crabtree,Peter Tolmie,Will Knight

DOI: https://doi.org/10.1007/s10606-017-9276-y

Abstract:In this paper we examine the notion of privacy as promoted in the digital economy and how it has been taken up as a design challenge in the fields of CSCW, HCI and Ubiquitous Computing. Against these prevalent views we present an ethnomethodological study of digital privacy practices in 20 homes in the UK and France, concentrating in particular upon people's use of passwords, their management of digital content, and the controls they exercise over the extent to which the online world at large can penetrate their everyday lives. In explicating digital privacy practices in the home we find an abiding methodological concern amongst members to manage the potential 'attack surface' of the digital on everyday life occasioned by interaction in and with the networked world. We also find, as a feature of this methodological preoccupation, that privacy dissolves into a heterogeneous array of relationship management practices. Accordingly we propose that 'privacy' has little utility as a focus for design, and suggest instead that a more productive way forward would be to concentrate on supporting people's evident interest in managing their relationships in and with the networked world.

Shruti Sannon,Andrea Forte

DOI: https://doi.org/10.48550/arXiv.2206.15037

IF: 6.4588

2022-06-30

Human-Computer Interaction

Abstract:People who are marginalized experience disproportionate harms when their privacy is violated. Meeting their needs is vital for developing equitable and privacy-protective technologies. In response, research at the intersection of privacy and marginalization has acquired newfound urgency in the HCI and social computing community. In this literature review, we set out to understand how researchers have investigated this area of study. What topics have been examined, and how? What are the key findings and recommendations? And, crucially, where do we go from here? Based on a review of papers on privacy and marginalization published between 2010-2020 across HCI, Communication, and Privacy-focused venues, we make three main contributions: (1) we identify key themes in existing work and introduce the Privacy Responses and Costs framework to describe the tensions around protecting privacy in marginalized contexts, (2) we identify understudied research topics (e.g., race) and other avenues for future work, and (3) we characterize trends in research practices, including the under-reporting of important methodological choices, and provide suggestions for establishing shared best practices for this growing research area.

Nicolas Anciaux,van Harold Heerde,Ling Feng,Peter M. G. Apers

2006-01-01

Abstract:Ambient intelligence (AmI) environments continuously monitor surrounding individuals' context (e.g., location, activity, etc.) to make existing applications smarter, i.e., make decision without requiring user interaction. Such AmI smartness ability is tightly coupled to quantity and quality of the available (past and present) context. However, context is often linked to an individual (e.g., location of a given person) and as such falls under privacy directives. The goal of this paper is to enable the difficult wedding of privacy (automatically fulfilling users' privacy whishes) and smartness in the AmI. interestingly, privacy requirements in the AmI are different from traditional environments, where systems usually manage durable data (e.g., medical or banking information), collected and updated trustfully either by the donor herself, her doctor, or an employee of her bank. Therefore, proper information disclosure to third parties constitutes a major privacy concern in the traditional studies.

Qingsheng Zhang,Yong Qi,Jizhong Zhao,Di Hou,Tianhai Zhao,Liang Li

DOI: https://doi.org/10.1109/icccn.2007.4318009

2007-01-01

Abstract:By using personal information in a pervasive computing environment, context-aware applications can provide appropriate services for people. This personal information is often involved in personal privacy. In order to protect personal privacy concerns about personal information, privacy role is proposed to control access personal information. We also construct an information system about the privacy decision of personal information disclosure based on people's interaction history. In the initial period of personal information disclosure, the privacy decision is made by people and the information system is constructed based on the decision data. Then privacy disclosure policies are extracted from this information system using rough set theory. According to deducing from the privacy disclosure policies and people's context information, the context-aware application is assigned to an adequate privacy role. It reduces the distraction of privacy decision for people. A case study further shows the proposed method is effective. Finally, it provides about the overload performance of privacy role analysis engine.

Nan Wang,Likun Qin,Tianshuo Qiu

2023-08-27

Abstract:This paper delves into the intricate landscape of privacy notions, specifically honed in on the local setting. Central to our discussion is the juxtaposition of point-wise protection and average-case protection, offering a comparative analysis that highlights the strengths and trade-offs inherent to each approach. Beyond this, we delineate between context-aware and context-free notions, examining the implications of both in diverse application scenarios. The study further differentiates between the interactive and non-interactive models, illuminating the complexities and nuances each model introduces. By systematically navigating these core themes, our goal is to provide a cohesive framework that aids researchers and practitioners in discerning the most suitable privacy notions for their specific requirements in the local setting.

Cryptography and Security

Joseph S. Schafer,Annie Denton,Chloe Seelhoff,Jordyn Vo,Kate Starbird

2023-12-18

Abstract:When designing multi-stakeholder privacy systems, it is important to consider how different groups of social media users have different goals and requirements for privacy. Additionally, we must acknowledge that it is important to keep in mind that even a single creator's needs can change as their online visibility and presence shifts, and that robust multi-stakeholder privacy systems should account for these shifts. Using the framework of contextual integrity, we explain a theoretical basis for how to evaluate the potential changing privacy needs of users as their profiles undergo a sudden rise in online attention, and ongoing projects to understand these potential shifts in perspectives.

Social and Information Networks,Computers and Society

V. Hinze-Hoare

DOI: https://doi.org/10.48550/arXiv.0707.3638

2007-07-25

Abstract:The History of HCI is briefly reviewed together with three HCI models and structure including CSCW, CSCL and CSCR. It is shown that a number of authorities consider HCI to be a fragmented discipline with no agreed set of unifying design principles. An analysis of usability criteria based upon citation frequency of authors is performed in order to discover the eight most recognised HCI principles.

Human-Computer Interaction

Zhang Qingsheng,Qi Yong,Zhao Jizhong,Hou Di,Niu Yujie

DOI: https://doi.org/10.1109/ICSMC.2007.4414056

2007-01-01

Abstract:In pervasive environment, context-aware service provider can use personal information to customize the adequate services for end users. Personal information is people's privacy concern. Therefore, people need privacy control methods. In this paper, we analyzed privacy control from two aspects: personal privacy model about information disclosure and the function of context-aware service provider. According to the analysis, we designed the components about context-aware privacy control in order to minimize the burden of personal privacy decision about personal information disclosure. The simulation experiment shows that it is possible method for the proposed privacy protection mechanism. Finally, we also proposed conceptual context-aware architecture to control personal information disclosure.