2. C MU U sable P rivacy and S ecurity Laboratory http://cups.cs.cmu.edu/ Making privacy visible Lorrie Faith Cranor October 19, 2007

3. C MU U sable P rivacy and S ecurity Laboratory http://cups.cs.cmu.edu/ You can add your name and/or URL to the footer if you want. If your figures overlap the CUPS logo, then suppress the background images 2 Privacy concerns seem inconsistent with behavior People say they want privacy but they don’t take steps to protect it Many hypotheses as to why that is They don’t really care that much about privacy They prefer immediate gratification now to privacy protections that they won’t benefit from until later They don’t understand the privacy implications of their behavior The cost of privacy protection (including figuring out how to protect their privacy) is too high …

4. C MU U sable P rivacy and S ecurity Laboratory http://cups.cs.cmu.edu/ You can add your name and/or URL to the footer if you want. If your figures overlap the CUPS logo, then suppress the background images 3 Making privacy visible Communicate meaningfully about privacy risks Make it easy for people to understand and control privacy options

5. C MU U sable P rivacy and S ecurity Laboratory http://cups.cs.cmu.edu/ You can add your name and/or URL to the footer if you want. If your figures overlap the CUPS logo, then suppress the background images 4 Requirements for meaningful control Individuals must understand what options they have Individuals must understand implications of their options Individuals must have the means to exercise options Costs must be reasonable Money, time, convenience, benefits

6. C MU U sable P rivacy and S ecurity Laboratory http://cups.cs.cmu.edu/ You can add your name and/or URL to the footer if you want. If your figures overlap the CUPS logo, then suppress the background images 5 Privacy policies Inform consumers about privacy practices Consumers can decide whether practices are acceptable, when to opt-out Most policies require college-level skills to understand, long, change without notice Few people read privacy policies Existing privacy policies are not an effective way to inform consumers or give them privacy controls

7. C MU U sable P rivacy and S ecurity Laboratory http://cups.cs.cmu.edu/ You can add your name and/or URL to the footer if you want. If your figures overlap the CUPS logo, then suppress the background images 6 Platform for Privacy Preferences Project (P3P) World Wide Web Consortium (W3C) recommendation Standard machine-readable (XML) format for privacy policies Enables browsers and other tools to Summarize privacy policies Compare policies with user preferences Alert and advise users P3P support built into IE6/7 and Netscape 7

8. C MU U sable P rivacy and S ecurity Laboratory http://cups.cs.cmu.edu/ You can add your name and/or URL to the footer if you want. If your figures overlap the CUPS logo, then suppress the background images 7 Privacy Bird Free download of beta from http://privacybird.org/ “Browser helper object” for IE6 Reads P3P policies automatically Bird icon indicates whether site matches user’s privacy preferences Clicking on bird icon gives more information

9. Bird is privacy indicator

10. Red bird indicates mismatch

11. Privacy settings

12. C MU U sable P rivacy and S ecurity Laboratory http://cups.cs.cmu.edu/ You can add your name and/or URL to the footer if you want. If your figures overlap the CUPS logo, then suppress the background images 11 Privacy Finder Prototype developed at AT&T Labs, improved and deployed by CUPS Uses Google or Yahoo! search API Checks for P3P, evaluates against user’s preferences Composes search result page with privacy annotations and links to “Privacy Report” http://privacyfinder.org/

13. Demo

15. C MU U sable P rivacy and S ecurity Laboratory http://cups.cs.cmu.edu/ You can add your name and/or URL to the footer if you want. If your figures overlap the CUPS logo, then suppress the background images 14 Evaluating Privacy Finder Have enough sites adopted P3P for Privacy Finder to be useful?  S. Egelman, L. Cranor, and A. Chowdhury. An Analysis of P3P-Enabled Web Sites among Top-20 Search Results. Proceedings of the Eighth International Conference on Electronic Commerce August 14-16, 2006, Fredericton, New Brunswick, Canada. Will the prominent display of privacy information cause consumers to take privacy into account when making online purchasing decisions?  J. Gideon, S. Egelman, L. Cranor, and A. Acquisti. Power Strips, Prophylactics, and Privacy, Oh My! In Proceedings of the 2006 Symposium On Usable Privacy and Security, 12-14 July 2006, Pittsburgh, PA.  J. Tsai, S. Egelman, L. Cranor, and A. Acquisti. The Effect of Online Privacy Information on Purchasing Behavior: An Experimental Study. Workshop on the Economics of Information Security, June 7-8, 2007, Pittsburgh, PA.

16. C MU U sable P rivacy and S ecurity Laboratory http://cups.cs.cmu.edu/ You can add your name and/or URL to the footer if you want. If your figures overlap the CUPS logo, then suppress the background images 15 Does Privacy Finder influence purchases? Online shopping studies Pay participants to make online purchases with their own credit cards Some use Privacy Finder and some use generic search engine Lab studies  Study of college students purchasing power strips and condoms, no price incentive (reimburse cost)  Study of Pittsburgh residents purchasing batteries and sex toys, with price incentive (keep the change)

17. C MU U sable P rivacy and S ecurity Laboratory http://cups.cs.cmu.edu/ You can add your name and/or URL to the footer if you want. If your figures overlap the CUPS logo, then suppress the background images 16 Lab study design 16 participants in each condition Condition 1: No information Condition 2: Irrelevant information Condition 3: Privacy information Products Non-privacy Sensitive - batteries Privacy sensitive - sex toy Participants paid fixed amount and told to “keep the change”

18. C MU U sable P rivacy and S ecurity Laboratory http://cups.cs.cmu.edu/ You can add your name and/or URL to the footer if you want. If your figures overlap the CUPS logo, then suppress the background images 17 Condition 1 No information

19. C MU U sable P rivacy and S ecurity Laboratory http://cups.cs.cmu.edu/ You can add your name and/or URL to the footer if you want. If your figures overlap the CUPS logo, then suppress the background images 18 Condition 2 Irrelevant information

20. C MU U sable P rivacy and S ecurity Laboratory http://cups.cs.cmu.edu/ You can add your name and/or URL to the footer if you want. If your figures overlap the CUPS logo, then suppress the background images 19 Condition 3 Privacy information Privacy premium: $0.69 4.8% Privacy premium: $0.69 4.8%

21. C MU U sable P rivacy and S ecurity Laboratory http://cups.cs.cmu.edu/ You can add your name and/or URL to the footer if you want. If your figures overlap the CUPS logo, then suppress the background images 20 BatteriesSex Toy Results

22. C MU U sable P rivacy and S ecurity Laboratory http://cups.cs.cmu.edu/ You can add your name and/or URL to the footer if you want. If your figures overlap the CUPS logo, then suppress the background images 21 Conclusions Accessible privacy information affects consumer behavior Consumers willing to pay for better privacy Privacy Finder helps users make privacy informed decisions

23. C MU U sable P rivacy and S ecurity Laboratory http://cups.cs.cmu.edu/ You can add your name and/or URL to the footer if you want. If your figures overlap the CUPS logo, then suppress the background images 22 Ongoing and future work Study on impact of privacy information timing Privacy Finder provides info in search results Privacy Bird provides info after users have arrived at web site Privacy Finder field study Interested in partnering with major search engine provider Design and testing of standardized privacy policy formats Policies are complex and nuanced Users don’t know privacy jargon or understand risks Explore what people understand about privacy and ways to educate them about privacy risks Make informed consent meaningful Interfaces for visualizing and controlling other aspects of privacy

24. C MU U sable P rivacy and S ecurity Laboratory http://cups.cs.cmu.edu/ You can add your name and/or URL to the footer if you want. If your figures overlap the CUPS logo, then suppress the background images 23 P3P Expandable Grid

25. Expandable Grids

26. Office Students AliceBob LabKitchenWindows computer Key Not used Heavily used Visitors + - CindyDwayneEdith Students AliceBobVisitors + + StudentsAliceBobVisitors + + StudentsAliceBobVisitors ++ 10/25/06 3:30PM Thursday Tuesday Monday Sunday Saturday Friday Thursday Friday Saturday Sunday Monday Monday, 10/23/06, 9:00am Bob said open You said Bob could open You own Kitchen

27. C MU U sable P rivacy and S ecurity Laboratory http://cups.cs.cmu.edu/

28. You can add your name and/or URL to the footer if you want. If your figures overlap the CUPS logo, then suppress the background images 27 Privacy as control “the claim of individuals… to determine for themselves when, how, and to what extent information about them is communicated to others.” - Alan Westin, 1967

29. C MU U sable P rivacy and S ecurity Laboratory http://cups.cs.cmu.edu/ You can add your name and/or URL to the footer if you want. If your figures overlap the CUPS logo, then suppress the background images 28 Control process “Each individual is continually engaged in a personal adjustment process in which he balances the desire for privacy with the desire for disclosure and communication….” - Alan Westin, 1967