GKC-CI: A unifying framework for contextual norms and information governance
Corresponding Author
Yan Shvartzshnaider
Department of Electrical Engineering and Computer Science, Lassonde School of Engineering, York University, Toronto, Ontario, Canada
Correspondence
Yan Shvartzshnaider, Department of Electrical Engineering and Computer Science, Lassonde School of Engineering, York University, 4700 Keele Street, Toronto, ON M3J 1P3, Canada.
Email: [email protected]
Search for more papers by this authorMadelyn Rose Sanfilippo
School of Information Sciences, University of Illinois at Urbana-Champaign, Urbana, Illinois, USA
Search for more papers by this authorNoah Apthorpe
Department of Computer Science, Colgate University, Hamilton, New York, USA
Search for more papers by this authorCorresponding Author
Yan Shvartzshnaider
Department of Electrical Engineering and Computer Science, Lassonde School of Engineering, York University, Toronto, Ontario, Canada
Correspondence
Yan Shvartzshnaider, Department of Electrical Engineering and Computer Science, Lassonde School of Engineering, York University, 4700 Keele Street, Toronto, ON M3J 1P3, Canada.
Email: [email protected]
Search for more papers by this authorMadelyn Rose Sanfilippo
School of Information Sciences, University of Illinois at Urbana-Champaign, Urbana, Illinois, USA
Search for more papers by this authorNoah Apthorpe
Department of Computer Science, Colgate University, Hamilton, New York, USA
Search for more papers by this authorFunding information: National Security Agency, Grant/Award Number: H98230-18-D-006
Abstract
Privacy-enhancing technologies that incorporate a socially meaningful conception of privacy, one that meets people's expectations and is ethically defensible, need to factor in contextual privacy norms and information governance as part of their design. This involves understanding what information handling practices users deem acceptable, what factors influence users' perceptions and behaviors, and how informational norms evolve. In this paper, we present GKC-CI, a unifying framework for examining contextual privacy norms and information governance in a given context to help structure research inquiries around these questions.
REFERENCES
- Apthorpe, N., Shvartzshnaider, Y., Mathur, A., Reisman, D., & Feamster, N. (2018). Discovering smart home internet of things privacy norms using contextual integrity. Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies, 2, 1–23. https://doi.org/10.1145/3214262
- Apthorpe, N., Varghese, S., & Feamster, N. (2019). Evaluating the contextual integrity of privacy regulation: Parents' iot toy privacy norms versus COPPA. In 28th USENIX security symposium (USENIX security 19) (pp. 123–140). USENIX Association. Retrieved from https://www.usenix.org/conference/usenixsecurity19/presentation/apthorpe
- Badillo-Urquiola, K., Page, X., & Wisniewski, P. (2018). Literature review: Examining contextual integrity within human-computer interaction. SSRN Electronic Journal, 1–7. http://dx.doi.org/10.2139/ssrn.3309331
- Benthall, S., Gurses, S., & Nissenbaum, H. (2017). Contextual integrity through the lens of computer science. Now Publishers, 2(1), 1–69. http://dx.doi.org/10.1561/3300000016
- Burns, A. J., Young, J., Roberts, T. L., Courtney, J. F., & Ellis, T. S. (2015). Exploring the role of contextual integrity in electronic medical record (EMR) system workaround decisions: An information security and privacy perspective. AIS Transactions on Human-Computer Interaction, 7(3), 142–165.
- Consumer Reports. (2018). Samsung and Roku Smart TVs vulnerable to hacking, consumer reports finds. Retrieved from https://www.consumerreports.org/televisions/samsung-roku-smart-tvs-vulnerable-to-hacking-consumer-l
- Crawford, S. E., & Ostrom, E. (1995). A grammar of institutions. American Political Science Review, 89(3), 582–600.
- Daniel, W. W. (1990). Kruskal–Wallis one-way analysis of variance by ranks. Applied Nonparametric Statistics, 226–234. PWS-Kent.
- Difallah, D., Filatova, E., & Ipeirotis, P. (2018). Demographics and dynamics of mechanical turk workers. In Proceedings of the 11th ACM international conference on web search and data mining (pp. 135–143). ACM.
- Emami Naeini, P., Degeling, M., Bauer, L., Chow, R., Cranor, L. F., Haghighat, M. R., & Patterson, H. (2018). The influence of friends and experts on privacy decision making in iot scenarios. In Proceedings of the ACM on human–computer interaction, 2, (CSCW), 1–26. ACM.
- Frischmann, B. M., Madison, M. J., & Strandburg, K. J. (2014). Governing knowledge commons. Oxford University Press.
- Jones, K. M., & LeClere, E. (2018). Contextual expectations and emerging informational harms: A primer on academic library participation in learning analytics initiatives. In Applying library values to emerging technology: Decision-making in the age of open access, maker spaces, and the ever-changing library. Chicago: Association of College and Research Libraries.
- Kumar, P., Naik, S. M., Devkar, U. R., Chetty, M., Clegg, T. L., & Vitak, J. (2017). No telling passcodes out because they're private: Understanding children's mental models of privacy and security online. In Proceedings of the ACM on human–computer interaction, 1(CSCW), 1–21. ACM.
- Lau, J., Zimmerman, B., & Schaub, F. (2018). Alexa, are you listening?: Privacy perceptions, concerns and privacy-seeking behaviors with smart speakers. In Proceedings of the ACM on human–computer interaction, 2(CSCW), 1–31. ACM.
- Lee, H., & Kobsa, A. (2016). Understanding user privacy in internet of things environments. In 2016 IEEE 3rd world forum on internet of things (WF-IOT) (pp. 407–412). IEEE.
- Martin, K., & Nissenbaum, H. (2016). Measuring privacy: An empirical test using context to expose confounding variables. Columbia Science and Technology Law Review, 18, 176–218.
- McReynolds, E., Hubbard, S., Lau, T., Saraf, A., Cakmak, M., & Roesner, F. (2017). Toys that listen: A study of parents, children, and internet-connected toys. In Proceedings of the 2017 CHI conference on human factors in computing systems (pp. 5197–5207). ACM.
- Mir, D. J., Shvartzshnaider, Y., & Latonero, M. (2018). It takes a village: A community based participatory framework for privacy design. In IEEE European symposium on security and privacy workshops (EuroS&PW) (pp. 112–115). IEEE.
- Naeini, P. E., Bhagavatula, S., Habib, H., Degeling, M., Bauer, L., Cranor, L. F., & Sadeh, N. (2017). Privacy expectations and preferences in an iot world. In Thirteenth symposium on usable privacy and security (SOUPS) (pp. 399–412). USENIX Association.
- Nissenbaum, H. (2009). Privacy in context: Technology, policy, and the integrity of social life. Stanford Law Books.
- Paolacci, G., Chandler, J., & Ipeirotis, P. G. (2010). Running experiments on amazon mechanical turk. Judgment and Decision making, 5(5), 411–419.
- Saldana, J. (2016). The coding manual for qualitative researchers. SAGE Publications.
- Sanfilippo, M. R., Frischmann, B. M., & Strandburg, K. J. (2018). Privacy as commons: Case evaluation through the governing knowledge commons framework. Journal Information Policy, 8(1), 116–166. https://doi.org/10.5325/jinfopoli.8.2018.0116
- Sanfilippo, M. R., & Strandburg, K. J. (2019). Privacy governing knowledge in public facebook groups for political activism. Information, Communication & Society., 24(7), 960–977. https://doi.org/10.1080/1369118X.2019.1668458
- Shvartzshnaider, Y., Apthorpe, N., Feamster, N., & Nissenbaum, H. (2019). Going against the (appropriate) flow: A contextual integrity approach to privacy policy analysis. Proceedings of the AAAI Conference on Human Computation and Crowdsourcing, 7(1), 162–170.
- Shvartzshnaider, Y., Tong, S., Wies, T., Kift, P., Nissenbaum, H., Subramanian, L., & Mittal, P. (2016). Learning privacy expectations by crowdsourcing contextual informational norms. In Fourth AAAI conference on human computation and crowdsourcing. AAAI.
- Strandburg, K. J., Frischmann, B. M., & Madison, M. J. (2017). Governing medical knowledge commons. Cambridge University Press.
- Turow, J., Hennessy, M., & Draper, N. (2018). Persistent misperceptions: Americans? Misplaced confidence in privacy policies, 2003–2015. Journal of Broadcasting & Electronic Media, 62(3), 461–478. http://dx.doi.org/10.1080/08838151.2018.1451867
- UserBob. (2019). Retrieved from userbob.com
- Wijesekera, P., Baokar, A., Hosseini, A., Egelman, S., Wagner, D., & Beznosov, K. (2015). Android permissions remystified: A field study on contextual integrity. In 24th USENIX security symposium (USENIX security 15) (pp. 499–514). USENIX Association.
- Wilcoxon, F. (1992). Individual comparisons by ranking methods. In Breakthroughs in statistics (pp. 196–202). Springer.
- Zheng, S., Apthorpe, N., Chetty, M., & Feamster, N. (2018). User perceptions of smart home iot privacy. In Proceedings of the ACM on human–computer interaction, 2(CSCW), 1–20.
- Zimmer, M. (2018). Addressing conceptual gaps in big data research ethics: An application of contextual integrity. Social Media Society, 4(2). https://doi.org/10.1177/2056305118768300
