Designing a Coordination Mechanism for Managing Privacy as a Common-Pool Resource
Ubiquitous computing technologies such as “smart” door locks, thermostats, fitness trackers and video monitors can help make users’ lives safer and more efficient. These devices automatically collect data about users and their activities within their homes, which are then combined and processed by algorithms on a cloud server owned by the service provider. This enables beneficial system functionality that would not be possible from the devices in isolation. However, aggregating data from different points in time and about many different devices and users can also produce potentially invasive insights and inferences about individuals and households that can be surprising, unsettling or harmful when used for purposes users do not expect. This creates a social dilemma for users: the “derived data” produced by aggregation can have both positive and negative effects.
People adhere to rules and norms for offline privacy-related behaviors. However, because the collection and processing capabilities in ubiquitous computing systems are invisible and embedded in everyday objects, users cannot currently develop a shared understanding about which uses of derived data are acceptable, such as those that make the system perform better, and those that are unacceptable, like making sensitive inferences that are unrelated to system operation. This project will investigate norms for acceptable uses of derived data, as well as develop and evaluate tools to support collective privacy management decisions. The social norm studies include semi-structured interviews to identify norms, and validation experiments involving simulated norms violation and responses. Building on frameworks for analyzing social-ecological common pool resource systems, the project will perform iterative design and prototyping of a privacy coordination mechanism based on home automation systems. The system will be installed and evaluated in a real-world test to evaluate effectiveness and usability, as well as qualitative analysis of unexpected events.
This project addresses a problem with broad social importance: as “smart” devices with embedded sensors become more common, privacy in ubiquitous computing systems will increasingly be an issue that nearly everyone will encounter. This represents a shift in conceptualizing information privacy problems from the self-management model, in which users are individually responsible for making up-front decisions about what information to protect and what to disclose, to a collective governance model that will allow users to make decisions about how to manage the derived data for themselves. Demonstrating that derived data can be collectively managed like a common pool resource will point to new kinds of solutions for digital privacy issues, and the outcomes of this project have the potential to shape discussions about policy and regulation. The project also includes substantial training at both the undergraduate and graduate levels in interdisciplinary, multi-method team-based research.
PI: Emilee Rader
Emilee Rader. “Effects of Data Aggregation Awareness on Information Privacy Concern” Proceedings of the Symposium on Usable Privacy and Security (SOUPS). Menlo Park, CA. July 2014. ( Link )