The Experts below are selected from a list of 9873 Experts worldwide ranked by ideXlab platform
Larry Korba - One of the best experts on this subject based on the ideXlab platform.
-
Personal Privacy Policies
Computer and Information Security Handbook, 2020Co-Authors: Larry KorbaAbstract:The rapid growth of the Internet has been accompanied by a similar growth in the availability of Internet e-services (such as online booksellers and stockbrokers). This proliferation of e-services has in turn fueled the need to protect the personal Privacy of e-service users or consumers. This chapter proposes the use of personal Privacy Policies to protect Privacy. It is evident that the content must match the user’s Privacy preferences as well as Privacy legislation. It is also evident that the construction of a personal Privacy policy must be as easy as possible for the consumer. Further, the content and construction must not result in negative unexpected outcomes (an unexpected outcome that harms the user in some manner). The chapter begins with the derivation of policy content based on Privacy legislation, followed by a description of how a personal Privacy policy may be constructed semiautomatically. It then shows how to additionally specify Policies so that negative unexpected outcomes can be avoided. Finally, it describes our Privacy Management Model that explains how to use personal Privacy Policies to protect Privacy, including what is meant by a “match” of consumer and service provider Policies and how nonmatches can be resolved through negotiation. difficulty. Hence, it has become hard for individuals to manage and control their personal spheres. Both legal and technical means are needed to protect Privacy and to (re-)establish the individuals’ control. This chapter provides an overview to the area of Privacy-enhancing Technologies (PETs), which help to protect Privacy by technically enforcing legal Privacy principles. It will start with defining the legal foundations of PETs, and will present a classification of PETs as well as a definition of traditional Privacy properties that PETs are addressing and metrics for measuring the level of Privacy that PETs are providing. Then, a selection of the most relevant PETs is presented.
-
Semiautomatic Derivation and Use of Personal Privacy Policies in E-Business
International Journal of E-business Research, 2020Co-Authors: Larry KorbaAbstract:The growth of the Internet has been accompanied by the growth of Internet e-business services (e.g., electronic bookseller services, electronic stock-transaction services). This proliferation of e-business services has in turn fueled the need to protect the personal Privacy of e-business users or consumers. We advocate a Privacy policy approach to protecting personal Privacy. However, it is evident that the specification of a personal Privacy policy must be as easy as possible for the consumer. In this paper, we define the content of personal Privacy Policies using Privacy principles that have been enacted into legislation. We then present two semiautomated approaches for the derivation of personal Privacy Policies. The first approach makes use of common Privacy rules obtained through community consensus. This consensus can be obtained from research and/or surveys. The second approach makes use of existing Privacy Policies in a peer-to-peer community. We conclude the paper by explaining how personal Privacy Policies can be applied in e-business to protect consumer Privacy.
-
Semi-Automated Seeding of Personal Privacy Policies in E-Services
Encyclopedia of E-Commerce E-Government and Mobile Commerce, 2020Co-Authors: Larry KorbaAbstract:The rapid growth of the Internet has been accompanied by a proliferation of e-services targeting consumers. E-services are available for banking, shopping, learning, government online, and healthcare. However, each of these services requires a consumer’s personally identifiable information (PII) in one form or another. This leads to concerns over Privacy. In order for e-services to be successful, Privacy must be protected (Ackerman, Cranor, & Reagle, 1999). An effective and flexible way of handling Privacy is management via Privacy Policies. In this approach, a consumer of an e-service has a personal Privacy policy that describes what private information the consumer is willing to give up to the e-service, with which parties the provider of the e-service may share the private information, and how long the private information may be kept by the provider. The provider likewise has a provider Privacy policy describing similar Privacy constraints as in the consumer’s policy, but from the viewpoint of the provider, (i.e., the nature of the private information and the disclosure/retention requirements that are needed by the e-service). Before the consumer engages the e-service, the provider’s Privacy policy must match with the consumer’s Privacy policy. In this way, the consumer’s Privacy is protected, assuming that the provider complies with the consumer’s Privacy policy. Note that policy compliance is outside the scope of this work but see Yee and Korba (July, 2004). Initial attempts at conserving consumer Privacy for e-services over the last few years have focused on the use of Web site Privacy Policies that state the Privacy rules or preferences of the Web site or service provider. Some of these Policies are merely statements in plain English and it is up to the consumer to read it. This has the drawback that very few consumers take the trouble to read it. Even when they do take the time to look at it, online Privacy Policies have been far too complicated for consumers to understand and suffer from other deficiencies (Lichtenstein, Swatman, & Babu, 2003; Jensen & Potts, 2004). Still other Privacy Policies are specified using P3P (W3C) that allows a consumer’s browser to automatically check the Privacy policy via a browser plug-in. This, of course, is better than plain English Policies but a major drawback is that it is a “take-it-or-leave-it” approach. There is no recourse for the consumer who has a conflict with the Web site’s P3P policy, except to try another Web site. In this case, we have advocated a negotiations approach to resolve the conflict (Yee & Korba, Jan., May, 2003). However, this requires a machine-processable personal Privacy policy for the consumer. We assume that providers in general have sufficient resources to generate their Privacy Policies. Certainly, the literature is full of works relating to enterprise Privacy Policies and models (e.g., Barth & Mitchell, 2005; Karjoth & Schunter 2002). Consumers, on the other hand, need help in formulating machine-processable Privacy Policies. In addition, the creation of such Policies needs to be as easy as possible or consumers would simply avoid using them. Existing Privacy specification languages such as P3P, APPEL (W3C; W3C, 2002), and EPAL (IBM) are far too complicated for the average internet user to understand. Understanding or changing a Privacy policy expressed in these languages effectively requires knowing how to program. Moreover, most of these languages suffer from inadequate expressiveness (Stufflebeam, Anton, He, & Jain, 2004). What is needed is an easy, semi-automated way of seeding a personal Privacy policy with a consumer’s Privacy preferences. In this work, we present two semi-automated approaches for obtaining consumer personal Privacy Policies for e-services through seeding. This article is based on our work in Yee and Korba (2004). The section “Background” examines related work and the content of personal Privacy Policies. The section “Semi-Automated Seeding of Personal Privacy Policies” shows how personal Privacy Policies can be semi-automatically seeded or generated. The section “Future Trends” identifies some of the developments we see in this area over the next few years. We end with ”Conclusion”.
-
Privacy Policies and Their Negotiation in Distance Education
Instructional Technologies, 2020Co-Authors: Larry KorbaAbstract:This chapter begins by introducing the reader to Privacy Policies, e-services, and Privacy management. It then derives the contents of a Privacy policy and explains “policy matching”. It next presents an approach for the negotiation of Privacy Policies for an e-learning service. Both negotiating under certainty and uncertainty are treated. The type of uncertainty discussed is uncertainty of what offers and counter-offers to make during the negotiation. The approach makes use of common interest and reputation to arrive at a list of candidates who have negotiated the same issues in the past, from whom the negotiator can learn the possible offers and counter-offers that could be made. Negotiation in this work is done through human-mediated computer-assisted interaction rather than through autonomous agents. The chapter concludes with a discussion of issues and future research in this area.
-
Comparing and Matching Privacy Policies Using Community Consensus
Managing Modern Organizations Through Information Technology, 2005Co-Authors: George Yee, Larry KorbaAbstract:The growth of the Internet is increasing the deployment of e-services in such areas as e-commerce, e-learning, and e-health. In parallel, service providers and consumers are realizing the need for Privacy. Managing Privacy using Privacy Policies is a promising approach. In this approach, an e-service consumer and an e-service provider each have separate Privacy Policies. Before an e-service is engaged, the consumer’s policy must “match” the provider’s policy. However, how is this matching defined? We propose a method for comparing consumer and provider Privacy Policies by comparing the Privacy levels of Privacy preferences in the Policies. A “match” between consumer and provider Privacy Policies is then defined using this method. Since the notion of Privacy is subjective and can vary from individual to individual, the Privacy levels of individual preferences are obtained through community consensus.
Kenneth D Mandl - One of the best experts on this subject based on the ideXlab platform.
-
availability and quality of mobile health app Privacy Policies
Journal of the American Medical Informatics Association, 2014Co-Authors: Ali Sunyaev, Tobias Dehling, Patrick L Taylor, Kenneth D MandlAbstract:Mobile health (mHealth) customers shopping for applications (apps) should be aware of app Privacy practices so they can make informed decisions about purchase and use. We sought to assess the availability, scope, and transparency of mHealth app Privacy Policies on iOS and Android. Over 35 000 mHealth apps are available for iOS and Android. Of the 600 most commonly used apps, only 183 (30.5%) had Privacy Policies. Average policy length was 1755 (SD 1301) words with a reading grade level of 16 (SD 2.9). Two thirds (66.1%) of Privacy Policies did not specifically address the app itself. Our findings show that currently mHealth developers often fail to provide app Privacy Policies. The Privacy Policies that are available do not make information Privacy practices transparent to users, require college-level literacy, and are often not focused on the app itself. Further research is warranted to address why Privacy Policies are often absent, opaque, or irrelevant, and to find a remedy.
Norman Sadeh - One of the best experts on this subject based on the ideXlab platform.
-
APF - Which Apps Have Privacy Policies
Privacy Technologies and Policy, 2018Co-Authors: Peter Story, Sebastian Zimmeck, Norman SadehAbstract:Smartphone app Privacy Policies are intended to describe smartphone apps’ data collection and use practices. However, not all apps have Privacy Policies. Without prominent Privacy Policies, it becomes more difficult for users, regulators, and Privacy organizations to evaluate apps’ Privacy practices. We answer the question: “Which apps have Privacy Policies?” by analyzing the metadata of over one million apps from the Google Play Store. Only about half of the apps we examined link to a policy from their Play Store pages. First, we conducted an exploratory data analysis of the relationship between app metadata features and whether apps link to Privacy Policies. Next, we trained a logistic regression model to predict the probability that individual apps will have policy links. Finally, by comparing three crawls of the Play Store, we observe an overall-increase in the percent of apps with links between September 2017 and May 2018 (from 41.7% to 51.8%).
-
crowdsourcing annotations for websites Privacy Policies can it really work
The Web Conference, 2016Co-Authors: Shomir Wilson, Norman Sadeh, Florian Schaub, Rohan Ramanath, Noah A SmithAbstract:Website Privacy Policies are often long and difficult to understand. While research shows that Internet users care about their Privacy, they do not have time to understand the Policies of every website they visit, and most users hardly ever read Privacy Policies. Several recent efforts aim to crowdsource the interpretation of Privacy Policies and use the resulting annotations to build more effective user interfaces that provide users with salient policy summaries. However, very little attention has been devoted to studying the accuracy and scalability of crowdsourced Privacy policy annotations, the types of questions crowdworkers can effectively answer, and the ways in which their productivity can be enhanced. Prior research indicates that most Internet users often have great difficulty understanding Privacy Policies, suggesting limits to the effectiveness of crowdsourcing approaches. In this paper, we assess the viability of crowdsourcing Privacy policy annotations. Our results suggest that, if carefully deployed, crowdsourcing can indeed result in the generation of non-trivial annotations and can also help identify elements of ambiguity in Policies. We further introduce and evaluate a method to improve the annotation process by predicting and highlighting paragraphs relevant to specific data practices.
-
automatic categorization of Privacy Policies a pilot study
2012Co-Authors: Waleed Ammar, Norman Sadeh, Shomir Wilson, Noah A SmithAbstract:Privacy Policies are a nearly ubiquitous feature of websites and online services, and the contents of such Policies are legally binding for users. However, the obtuse language and sheer length of most Privacy Policies tend to discourage users from reading them. We describe a pilot experiment to use automatic text categorization to answer simple categorical questions about Privacy Policies, as a first step toward developing automated or semi-automated methods to retrieve salient features from these Policies. Our results tentatively demonstrate the feasibility of this approach for answering selected questions about Privacy Policies, suggesting that further work toward user-oriented analysis of these Policies could be fruitful.
-
generating default Privacy Policies for online social networks
Human Factors in Computing Systems, 2010Co-Authors: Eran Toch, Norman Sadeh, Jason HongAbstract:Default Privacy Policies have a significant impact on the overall dynamics and success of online social networks, as users tend to keep their initial Privacy Policies. In this work-in-progress, we present a new method for suggesting Privacy Policies for new users by exploring knowledge of existing Policies. The defaults generation process performs a collaborative analysis of the Policies, finding personalized and representative suggestions. We show how the process can be extended to a wide range of domains, and present results based on 543 Privacy Policies obtained from a live location-based social network. Finally, we present a user interaction model that lets the user retain control over the default Policies, allowing the user to make knowledgeable decisions regarding which default policy to take.
Jason Hong - One of the best experts on this subject based on the ideXlab platform.
-
generating default Privacy Policies for online social networks
Human Factors in Computing Systems, 2010Co-Authors: Eran Toch, Norman Sadeh, Jason HongAbstract:Default Privacy Policies have a significant impact on the overall dynamics and success of online social networks, as users tend to keep their initial Privacy Policies. In this work-in-progress, we present a new method for suggesting Privacy Policies for new users by exploring knowledge of existing Policies. The defaults generation process performs a collaborative analysis of the Policies, finding personalized and representative suggestions. We show how the process can be extended to a wide range of domains, and present results based on 543 Privacy Policies obtained from a live location-based social network. Finally, we present a user interaction model that lets the user retain control over the default Policies, allowing the user to make knowledgeable decisions regarding which default policy to take.
Annie I. Antón - One of the best experts on this subject based on the ideXlab platform.
-
WPES - Specifying Privacy Policies with P3P and EPAL: lessons learned
Proceedings of the 2004 ACM workshop on Privacy in the electronic society - WPES '04, 2004Co-Authors: William Stufflebeam, Annie I. Antón, Qingfeng He, Neha JainAbstract:As computing becomes more ubiquitous and Internet use continues to rise, it is increasingly important for organizations to construct accurate and effective Privacy Policies that document their information handling and usage practices. Most Privacy Policies are derived and specified in a somewhat ad-hoc manner, leading to Policies that are of limited use to the consumers they are intended to serve. To make Privacy Policies more readable and enforceable, two Privacy policy specification languages have emerged, P3P and EPAL. This paper discusses a case study in which the authors systematically formalized two real and complex, healthcare website Privacy statements, and measured the results against well-known requirements engineering criteria.
-
specifying Privacy Policies with p3p and epal lessons learned
Workshop on Privacy in the Electronic Society, 2004Co-Authors: William Stufflebeam, Annie I. Antón, Qingfeng He, Neha JainAbstract:As computing becomes more ubiquitous and Internet use continues to rise, it is increasingly important for organizations to construct accurate and effective Privacy Policies that document their information handling and usage practices. Most Privacy Policies are derived and specified in a somewhat ad-hoc manner, leading to Policies that are of limited use to the consumers they are intended to serve. To make Privacy Policies more readable and enforceable, two Privacy policy specification languages have emerged, P3P and EPAL. This paper discusses a case study in which the authors systematically formalized two real and complex, healthcare website Privacy statements, and measured the results against well-known requirements engineering criteria.
-
precluding incongruous behavior by aligning software requirements with security and Privacy Policies
Information & Software Technology, 2003Co-Authors: Annie I. Antón, Julia B. Earp, Ryan A CarterAbstract:Keeping sensitive information secure is increasingly important in e-commerce and web-based applications in which personally identifiable information is electronically transmitted and disseminated. This paper discusses techniques to aid in aligning security and Privacy Policies with system requirements. Early conflict identification between requirements and Policies enables analysts to prevent incongruous behavior, misalignment's and unfulfilled requirements, ensuring that security and Privacy are built in rather than added on as an after-thought. Validated techniques to identify conflicts between system requirements and the governing security and Privacy Policies are presented. The techniques are generalizable to other domains, in which systems contain sensitive information.
-
Goal-Mining to Examine Health Care Privacy Policies
2001Co-Authors: Annie I. Antón, Julia B. EarpAbstract:Privacy has recently become a prominent issue in the context of electronic electronic commerce Web sites. Increasingly, Privacy Policies posted on such Web sites are receiving considerable attention from the government and consumers. We have used goal-mining, the extraction of pre-requirements goals from post-requirements text artifacts, as a technique for analyzing Privacy Policies. The identified goals are useful for analyzing implicit internal conflicts within Privacy Policies and conflicts with the corresponding web sites and their manner of operation. These goals can be used to reconstruct the implicit requirements met by the Privacy Policies. We present the results of our analysis of 23 Internet Privacy Policies for companies in three health care industries: pharmaceutical, health insurance and online drugstores.
