Search

Your search keyword '"Norman Sadeh"' showing total 153 results
Start Over Author "Norman Sadeh"

Refine your results

more »

more »

more »
153 results on '"Norman Sadeh"'

1. Sharing is Not Always Caring: Delving Into Personal Data Transfer Compliance in Android Apps

Author

David Rodriguez, Jose M. Del Alamo, Celia Fernandez-Aller, and Norman Sadeh

Subjects
Android, compliance assessment, data protection, data transfer, dynamic analysis, GDPR, Electrical engineering. Electronics. Nuclear engineering, TK1-9971
Abstract

In an era marked by ubiquitous reliance on mobile applications for nearly every need, the opacity of apps’ behavior poses significant threats to their users’ privacy. Although major data protection regulations require apps to disclose their data practices transparently, previous studies have pointed out difficulties in doing so. To further delve into this issue, this article describes an automated method to capture data-sharing practices in Android apps and assess their proper disclosure according to the EU General Data Protection Regulation. We applied the method to 9,000 random Android apps, unveiling an uncomfortable reality: over 80% of Android applications that transfer personal data off device potentially fail to meet GDPR transparency requirements. We further investigate the role of third-party libraries, shedding light on the source of this problem and pointing towards measures to address it.

Published
2024
Full Text
View/download PDF

8. How Usable Are iOS App Privacy Labels?

Author

Shikun Zhang, Yuanyuan Feng, Yaxing Yao, Lorrie Faith Cranor, and Norman Sadeh

Subjects
General Earth and Planetary Sciences, General Environmental Science
Abstract

Standardized privacy labels that succinctly summarize those data practices that people are most commonly concerned about offer the promise of providing users with more effective privacy notices than full-length privacy policies. With their introduction by Apple in iOS 14 and Google’s recent adoption in its Play Store, mobile app privacy labels are for the first time available at scale to users. We report the first indepth interview study with 24 lay iPhone users to investigate their experiences, understanding, and perceptions of Apple’s privacy labels. We uncovered misunderstandings of and dissatisfaction with the iOS privacy labels that hinder their effectiveness, including confusing structure, unfamiliar terms, and disconnection from permission settings and controls. We identify areas where app privacy labels might be improved and propose suggestions to address shortcomings to make them more understandable, usable, and useful.

Published
2022

9. Nudges (and Deceptive Patterns) for Privacy

Author

Alessandro Acquisti, Idris Adjerid, Laura Brandimarte, Lorrie Faith Cranor, Saranga Komanduri, Pedro Giovanni Leon, Norman Sadeh, Florian Schaub, Yang Wang, and Shomir Wilson

Published
2023

11. Managing Potentially Intrusive Practices in the Browser: A User-Centered Perspective

Author

Daniel Smullen, Norman Sadeh, Arthur Edelstein, Yaxing Yao, Yuanyuan Feng, and Rebecca Weiss

Subjects
understanding, Ethics, browsers, Computer science, 05 social sciences, Perspective (graphical), interaction design, security, QA75.5-76.95, 02 engineering and technology, privacy, BJ1-1725, usability, World Wide Web, mental models, Electronic computers. Computer science, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, General Earth and Planetary Sciences, 0501 psychology and cognitive sciences, preferences, 050107 human factors, settings, General Environmental Science
Abstract

Browser users encounter a broad array of potentially intrusive practices: from behavioral profiling, to crypto-mining, fingerprinting, and more. We study people’s perception, awareness, understanding, and preferences to opt out of those practices. We conducted a mixed-methods study that included qualitative (n=186) and quantitative (n=888) surveys covering 8 neutrally presented practices, equally highlighting both their benefits and risks. Consistent with prior research focusing on specific practices and mitigation techniques, we observe that most people are unaware of how to effectively identify or control the practices we surveyed. However, our user-centered approach reveals diverse views about the perceived risks and benefits, and that the majority of our participants wished to both restrict and be explicitly notified about the surveyed practices. Though prior research shows that meaningful controls are rarely available, we found that many participants mistakenly assume opt-out settings are common but just too difficult to find. However, even if they were hypothetically available on every website, our findings suggest that settings which allow practices by default are more burdensome to users than alternatives which are contextualized to website categories instead. Our results argue for settings which can distinguish among website categories where certain practices are seen as permissible, proactively notify users about their presence, and otherwise deny intrusive practices by default. Standardizing these settings in the browser rather than being left to individual websites would have the advantage of providing a uniform interface to support notification, control, and could help mitigate dark patterns. We also discuss the regulatory implications of the findings.

Published
2021

13. 'Did you know this camera tracks your mood?': Understanding Privacy Expectations and Preferences in the Age of Video Analytics

Author

Anupam Das, Norman Sadeh, Shikun Zhang, Lorrie Faith Cranor, Yuanyuan Feng, and Lujo Bauer

Subjects
Ethics, business.industry, Computer science, video analytics, 05 social sciences, Internet privacy, QA75.5-76.95, 02 engineering and technology, privacy, BJ1-1725, facial recognition, experience sampling, Mood, Analytics, Electronic computers. Computer science, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, General Earth and Planetary Sciences, 0501 psychology and cognitive sciences, business, 050107 human factors, General Environmental Science
Abstract

Cameras are everywhere, and are increasingly coupled with video analytics software that can identify our face, track our mood, recognize what we are doing, and more. We present the results of a 10-day in-situ study designed to understand how people feel about these capabilities, looking both at the extent to which they expect to encounter them as part of their everyday activities and at how comfortable they are with the presence of such technologies across a range of realistic scenarios. Results indicate that while some widespread deployments are expected by many (e.g., surveillance in public spaces), others are not, with some making people feel particularly uncomfortable. Our results further show that individuals’ privacy preferences and expectations are complicated and vary with a number of factors such as the purpose for which footage is captured and analyzed, the particular venue where it is captured, and whom it is shared with. Finally, we discuss the implications of people’s rich and diverse preferences on opt-in or opt-out rights for the collection and use (including sharing) of data associated with these video analytics scenarios as mandated by regulations. Because of the user burden associated with the large number of privacy decisions people could be faced with, we discuss how new types of privacy assistants could possibly be configured to help people manage these decisions.

Published
2021

14. The Best of Both Worlds: Mitigating Trade-offs Between Accuracy and User Burden in Capturing Mobile App Privacy Preferences

Author

Shikun Aerin Zhang, Yuanyuan Feng, Daniel Smullen, and Norman Sadeh

Subjects
profiles, Ethics, Computer science, business.industry, 05 social sciences, Internet privacy, Trade offs, Mobile apps, Information technology, 020207 software engineering, QA75.5-76.95, 02 engineering and technology, privacy, BJ1-1725, usability, Electronic computers. Computer science, 0202 electrical engineering, electronic engineering, information engineering, General Earth and Planetary Sciences, 0501 psychology and cognitive sciences, android, smart-phone permissions, business, contextual integrity, 050107 human factors, General Environmental Science
Abstract

In today’s data-centric economy, data flows are increasingly diverse and complex. This is best exemplified by mobile apps, which are given access to an increasing number of sensitive APIs. Mobile operating systems have attempted to balance the introduction of sensitive APIs with a growing collection of permission settings, which users can grant or deny. The challenge is that the number of settings has become unmanageable. Yet research also shows that existing settings continue to fall short when it comes to accurately capturing people’s privacy preferences. An example is the inability to control mobile app permissions based on the purpose for which an app is requesting access to sensitive data. In short, while users are already overwhelmed, accurately capturing their privacy preferences would require the introduction of an even greater number of settings. A promising approach to mitigating this trade-off lies in using machine learning to generate setting recommendations or bundle some settings. This article is the first of its kind to offer a quantitative assessment of how machine learning can help mitigate this trade-off, focusing on mobile app permissions. Results suggest that it is indeed possible to more accurately capture people’s privacy preferences while also reducing user burden.

Published
2020

15. Informing the Design of a Personalized Privacy Assistant for the Internet of Things

Author

Alessandro Acquisti, Norman Sadeh, Yuanyuan Feng, Megan Ung, Sarah Pearman, Tharangini Palanivel, Lorrie Faith Cranor, and Jessica Colnago

Subjects
Data collection, business.industry, Computer science, End user, 05 social sciences, Control (management), Internet privacy, 020207 software engineering, 02 engineering and technology, Service provider, FOS: Psychology, 80602 Computer-Human Interaction, 0202 electrical engineering, electronic engineering, information engineering, 0501 psychology and cognitive sciences, Internet of Things, business, 050107 human factors
Abstract

Internet of Things (IoT) devices create new ways through which personal data is collected and processed by service providers. Frequently, end users have little awareness of, and even less control over, these devices' data collection. IoT Personalized Privacy Assistants (PPAs) can help overcome this issue by helping users discover and, when available, control the data collection practices of nearby IoT resources. We use semi-structured interviews with 17 participants to explore user perceptions of three increasingly more autonomous potential implementations of PPAs, identifying benefits and issues associated with each implementation. We find that participants weigh the desire for control against the fear of cognitive overload. We recommend solutions that address users' differing automation preferences and reduce notification overload. We discuss open issues related to opting out from public data collections, automated consent, the phenomenon of user resignation, and designing PPAs with at-risk communities in mind.

Published
2022
Full Text
View/download PDF

16. Increasing Adoption of Tor Browser Using Informational and Planning Nudges

Author

Peter Story, Daniel Smullen, Rex Chen, Yaxing Yao, Alessandro Acquisti, Lorrie Faith Cranor, Norman Sadeh, and Florian Schaub

Subjects
FOS: Media and communications, General Earth and Planetary Sciences, ComputingMilieux_COMPUTERSANDSOCIETY, 80703 Human Information Behaviour, General Environmental Science
Abstract

Browsing privacy tools can help people protect their digital privacy. However, tools which provide the strongest protections—such as Tor Browser—have struggled to achieve widespread adoption. This may be due to usability challenges, misconceptions, behavioral biases, or mere lack of awareness. In this study, we test the effectiveness of nudging interventions that encourage the adoption of Tor Browser. First, we test an informational nudge based on protection motivation theory (PMT), designed to raise awareness of Tor Browser and help participants form accurate perceptions of it. Next, we add an action planning implementation intention, designed to help participants identify opportunities for using Tor Browser. Finally, we add a coping planning implementation intention, designed to help participants overcome challenges to using Tor Browser, such as extreme website slowness. We test these nudges in a longitudinal field experiment with 537 participants. We find that our PMT-based intervention increased use of Tor Browser in both the short- and long-term. Our coping planning nudge also increased use of Tor Browser, but only in the week following our intervention. We did not find statistically significant evidence of our action planning nudge increasing use of Tor Browser. Our study contributes to a greater understanding of factors influencing the adoption of Tor Browser, and how nudges might be used to encourage the adoption of Tor Browser and similar privacy enhancing technologies.

Published
2022
Full Text
View/download PDF

17. Awareness, Adoption, and Misconceptions of Web Privacy Tools

Author

Lorrie Faith Cranor, Florian Schaub, Norman Sadeh, Peter Story, Yaxing Yao, Daniel Smullen, and Alessandro Acquisti

Subjects
antivirus, Ethics, Web privacy, business.industry, Computer science, Internet privacy, 020207 software engineering, QA75.5-76.95, 02 engineering and technology, technology adoption, tor, privacy, BJ1-1725, vpn, FOS: Psychology, mental models, 80602 Computer-Human Interaction, Electronic computers. Computer science, 020204 information systems, ad blocking, 0202 electrical engineering, electronic engineering, information engineering, General Earth and Planetary Sciences, private browsing, business, General Environmental Science
Abstract

Privacy and security tools can help users protect themselves online. Unfortunately, people are often unaware of such tools, and have potentially harmful misconceptions about the protections provided by the tools they know about. Effectively encouraging the adoption of privacy tools requires insights into people’s tool awareness and understanding. Towards that end, we conducted a demographically-stratified survey of 500 US participants to measure their use of and perceptions about five web browsing-related tools: private browsing, VPNs, Tor Browser, ad blockers, and antivirus software. We asked about participants’ perceptions of the protections provided by these tools across twelve realistic scenarios. Our thematic analysis of participants’ responses revealed diverse forms of misconceptions. Some types of misconceptions were common across tools and scenarios, while others were associated with particular combinations of tools and scenarios. For example, some participants suggested that the privacy protections offered by private browsing, VPNs, and Tor Browser would also protect them from security threats – a misconception that might expose them to preventable risks. We anticipate that our findings will help researchers, tool designers, and privacy advocates educate the public about privacy- and security-enhancing technologies.

Published
2022
Full Text
View/download PDF

18. MAPS: Scaling Privacy Compliance Analysis to a Million Apps

Author

Ziqi Wang, Joel R. Reidenberg, Daniel Smullen, Abhilasha Ravichander, Peter Story, N. Cameron Russell, Sebastian Zimmeck, and Norman Sadeh

Subjects
Ethics, ComputerSystemsOrganization_COMPUTERSYSTEMIMPLEMENTATION, Computer science, business.industry, GeneralLiterature_INTRODUCTORYANDSURVEY, Internet privacy, Information technology, 020207 software engineering, 02 engineering and technology, QA75.5-76.95, BJ1-1725, 020204 information systems, Compliance analysis, Electronic computers. Computer science, mental disorders, 0202 electrical engineering, electronic engineering, information engineering, General Earth and Planetary Sciences, Social media, business, Scaling, General Environmental Science
Abstract

The app economy is largely reliant on data collection as its primary revenue model. To comply with legal requirements, app developers are often obligated to notify users of their privacy practices in privacy policies. However, prior research has suggested that many developers are not accurately disclosing their apps’ privacy practices. Evaluating discrepancies between apps’ code and privacy policies enables the identification of potential compliance issues. In this study, we introduce the Mobile App Privacy System (MAPS) for conducting an extensive privacy census of Android apps. We designed a pipeline for retrieving and analyzing large app populations based on code analysis and machine learning techniques. In its first application, we conduct a privacy evaluation for a set of 1,035,853 Android apps from the Google Play Store. We find broad evidence of potential non-compliance. Many apps do not have a privacy policy to begin with. Policies that do exist are often silent on the practices performed by apps. For example, 12.1% of apps have at least one location-related potential compliance issue. We hope that our extensive analysis will motivate app stores, government regulators, and app developers to more effectively review apps for potential compliance issues.

Published
2019

19. Analyzing Privacy Policies at Scale

Author

Fei Liu, Peter Story, Sebastian Zimmeck, Rohan Ramanath, Noah A. Smith, Kanthashree Mysore Sathyendra, Daniel Smullen, Frederick Liu, Shomir Wilson, Florian Schaub, and Norman Sadeh

Subjects
Computer Networks and Communications, business.industry, Computer science, Privacy policy, 020207 software engineering, 02 engineering and technology, Crowdsourcing, Data science, Task (project management), Work (electrical), Salient, 020204 information systems, Scale (social sciences), 0202 electrical engineering, electronic engineering, information engineering, Internet users, business
Abstract

Website privacy policies are often long and difficult to understand. While research shows that Internet users care about their privacy, they do not have the time to understand the policies of every website they visit, and most users hardly ever read privacy policies. Some recent efforts have aimed to use a combination of crowdsourcing, machine learning, and natural language processing to interpret privacy policies at scale, thus producing annotations for use in interfaces that inform Internet users of salient policy details. However, little attention has been devoted to studying the accuracy of crowdsourced privacy policy annotations, how crowdworker productivity can be enhanced for such a task, and the levels of granularity that are feasible for automatic analysis of privacy policies. In this article, we present a trajectory of work addressing each of these topics. We include analyses of crowdworker performance, evaluation of a method to make a privacy-policy oriented task easier for crowdworkers, a coarse-grained approach to labeling segments of policy text with descriptive themes, and a fine-grained approach to identifying user choices described in policy text. Together, the results from these efforts show the effectiveness of using automated and semi-automated methods for extracting from privacy policies the data practice details that are salient to Internet users’ interests.

Published
2018

20. A Design Space for Privacy Choices: Towards Meaningful Privacy Control in the Internet of Things

Author

Yaxing Yao, Yuanyuan Feng, and Norman Sadeh

Subjects
Information privacy, Notice, Leverage (negotiation), Conceptual framework, business.industry, Process (engineering), Computer science, Taxonomy (general), Data_MISCELLANEOUS, Internet privacy, Control (management), business, Construct (philosophy)
Abstract

“Notice and choice” is the predominant approach for data privacy protection today. There is considerable user-centered research on providing effective privacy notices but not enough guidance on designing privacy choices. Recent data privacy regulations worldwide established new requirements for privacy choices, but system practitioners struggle to implement legally compliant privacy choices that also provide users meaningful privacy control. We construct a design space for privacy choices based on a user-centered analysis of how people exercise privacy choices in real-world systems. This work contributes a conceptual framework that considers privacy choice as a user-centered process as well as a taxonomy for practitioners to design meaningful privacy choices in their systems. We also present a use case of how we leverage the design space to finalize the design decisions for a real-world privacy choice platform, the Internet of Things (IoT) Assistant, to provide meaningful privacy control in the IoT.

Published
2021

21. Toggles, Dollar Signs, and Triangles: How to (In)Effectively Convey Privacy Choices with Icons and Link Texts

Author

Hana Habib, Yixin Zou, Yaxing Yao, Alessandro Acquisti, Lorrie Faith Cranor, Joel R. Reidenberg, Florian Schaub, and Norman Sadeh

Subjects
User testing, Stylized fact, Computer science, business.industry, 05 social sciences, Internet privacy, 020207 software engineering, Icon design, 02 engineering and technology, FOS: Psychology, 80602 Computer-Human Interaction, 0202 electrical engineering, electronic engineering, information engineering, Liberian dollar, Consumer privacy, 0501 psychology and cognitive sciences, Icon, Link (knot theory), business, Personally identifiable information, computer, 050107 human factors, computer.programming_language
Abstract

Increasingly, icons are being proposed to concisely convey privacy-related information and choices to users. However, complex privacy concepts can be difficult to communicate. We investigate which icons effectively signal the presence of privacy choices. In a series of user studies, we designed and evaluated icons and accompanying textual descriptions (link texts) conveying choice, opting-out, and sale of personal information — the latter an opt-out mandated by the California Consumer Privacy Act (CCPA). We identified icon-link text pairings that conveyed the presence of privacy choices without creating misconceptions, with a blue stylized toggle icon paired with “Privacy Options” performing best. The two CCPA-mandated link texts (“Do Not Sell My Personal Information” and “Do Not Sell My Info”) accurately communicated the presence of do-not-sell opt-outs with most icons. Our results provide insights for the design of privacy choice indicators and highlight the necessity of incorporating user testing into policy making.

Published
2021

22. Breaking Down Walls of Text: How Can NLP Benefit Consumer Privacy?

Author

Shomir Wilson, Norman Sadeh, Thomas B. Norton, Alan W. Black, and Abhilasha Ravichander

Subjects
Notice, Computer science, business.industry, Privacy policy, Democratic ideals, Information gap, Social impact, Control (management), Internet privacy, Consumer privacy, Personal autonomy, business
Abstract

Privacy plays a crucial role in preserving democratic ideals and personal autonomy. The dominant legal approach to privacy in many jurisdictions is the “Notice and Choice” paradigm, where privacy policies are the primary instrument used to convey information to users. However, privacy policies are long and complex documents that are difficult for users to read and comprehend. We discuss how language technologies can play an important role in addressing this information gap, reporting on initial progress towards helping three specific categories of stakeholders take advantage of digital privacy policies: consumers, enterprises, and regulators. Our goal is to provide a roadmap for the development and use of language technologies to empower users to reclaim control over their privacy, limit privacy harms, and rally research efforts from the community towards addressing an issue with large social impact. We highlight many remaining opportunities to develop language technologies that are more precise or nuanced in the way in which they use the text of privacy policies.

Published
2021

23. Fighting the Fog: Evaluating the Clarity of Privacy Disclosures in the Age of CCPA

Author

Aleecia M. McDonald, Fei Fang, Rex Chen, Norman Sadeh, and Thomas B. Norton

Subjects
FOS: Computer and information sciences, Computer science, business.industry, media_common.quotation_subject, Privacy policy, Internet privacy, Ambiguity, Opt-out, law.invention, Computer Science - Computers and Society, law, Computers and Society (cs.CY), CLARITY, Data Protection Act 1998, Consumer privacy, Privacy law, business, Personally identifiable information, media_common
Abstract

Vagueness and ambiguity in privacy policies threaten the ability of consumers to make informed choices about how businesses collect, use, and share their personal information. The California Consumer Privacy Act (CCPA) of 2018 was intended to provide Californian consumers with more control by mandating that businesses (1) clearly disclose their data practices and (2) provide choices for consumers to opt out of specific data practices. In this work, we explore to what extent CCPA's disclosure requirements, as implemented in actual privacy policies, can help consumers to answer questions about the data practices of businesses. First, we analyzed 95 privacy policies from popular websites; our findings showed that there is considerable variance in how businesses interpret CCPA's definitions. Then, our user survey of 364 Californian consumers showed that this variance affects the ability of users to understand the data practices of businesses. Our results suggest that CCPA's mandates for privacy disclosures, as currently implemented, have not yet yielded the level of clarity they were designed to deliver, due to both vagueness and ambiguity in CCPA itself as well as potential non-compliance by businesses in their privacy policies., Comment: 31 pages; 5 tables; 1 figure; to be published in Proceedings of the 20th Workshop on Privacy in the Electronic Society (WPES '21)

Published
2021
Full Text
View/download PDF

24. From Prescription to Description: Mapping the GDPR to a Privacy Policy Corpus Annotation Scheme

Author

Norman Sadeh, Ellen Poplavska, Shomir Wilson, and Thomas B. Norton

Subjects
Scheme (programming language), Annotation, Information retrieval, Computer science, Privacy policy, Medical prescription, computer, computer.programming_language
Abstract

The European Union’s General Data Protection Regulation (GDPR) has compelled businesses and other organizations to update their privacy policies to state specific information about their data practices. Simultaneously, researchers in natural language processing (NLP) have developed corpora and annotation schemes for extracting salient information from privacy policies, often independently of specific laws. To connect existing NLP research on privacy policies with the GDPR, we introduce a mapping from GDPR provisions to the OPP-115 annotation scheme, which serves as the basis for a growing number of projects to automatically classify privacy policy text. We show that assumptions made in the annotation scheme about the essential topics for a privacy policy reflect many of the same topics that the GDPR requires in these documents. This suggests that OPP-115 continues to be representative of the anatomy of a legally compliant privacy policy, and that the legal assumptions behind it represent the elements of data processing that ought to be disclosed within a policy for transparency. The correspondences we show between OPP-115 and the GDPR suggest the feasibility of bridging existing computational and legal research on privacy policies, benefiting both areas.

Published
2020

25. 'It's a scavenger hunt': Usability of Websites' Opt-Out and Data Deletion Choices

Author

Jiamin Wang, Sarah Pearman, Hana Habib, Yixin Zou, Alessandro Acquisti, Florian Schaub, Norman Sadeh, and Lorrie Faith Cranor

Subjects
business.industry, Computer science, Privacy policy, 05 social sciences, Internet privacy, 020207 software engineering, Usability, 02 engineering and technology, Opt-out, FOS: Psychology, 80602 Computer-Human Interaction, email marketing, 0202 electrical engineering, electronic engineering, information engineering, Targeted advertising, 0501 psychology and cognitive sciences, Set (psychology), business, 050107 human factors
Abstract

We conducted an in-lab user study with 24 participants to explore the usefulness and usability of privacy choices offered by websites. Participants were asked to find and use choices related to email marketing, targeted advertising, or data deletion on a set of nine websites that differed in terms of where and how these choices were presented. They struggled with several aspects of the interaction, such as selecting the correct page from a site's navigation menu and understanding what information to include in written opt-out requests. Participants found mechanisms located in account settings pages easier to use than options contained in privacy policies, but many still consulted help pages or sent email to request assistance. Our findings indicate that, despite their prevalence, privacy choices like those examined in this study are difficult for consumers to exercise in practice. We provide design and policy recommendations for making these website opt-out and deletion choices more useful and usable for consumers.

Published
2020

26. Finding a Choice in a Haystack: Automatic Extraction of Opt-Out Statements from Privacy Policy Text

Author

Sushain Cherivirala, Hana Habib, Peter Story, Florian Schaub, Norman Sadeh, Roger Iyengar, Lorrie Faith Cranor, Margaret Hagan, Vinayshekhar Bannihatti Kumar, Shomir Wilson, Yuanyuan Feng, and Namita Nisal

Subjects
Computer science, business.industry, Privacy policy, media_common.quotation_subject, Usability, Extension (predicate logic), Hyperlink, Opt-out, World Wide Web, Presentation, Haystack, Heuristics, business, media_common
Abstract

Website privacy policies sometimes provide users the option to opt-out of certain collections and uses of their personal data. Unfortunately, many privacy policies bury these instructions deep in their text, and few web users have the time or skill necessary to discover them. We describe a method for the automated detection of opt-out choices in privacy policy text and their presentation to users through a web browser extension. We describe the creation of two corpora of opt-out choices, which enable the training of classifiers to identify opt-outs in privacy policies. Our overall approach for extracting and classifying opt-out choices combines heuristics to identify commonly found opt-out hyperlinks with supervised machine learning to automatically identify less conspicuous instances. Our approach achieves a precision of 0.93 and a recall of 0.9. We introduce Opt-Out Easy, a web browser extension designed to present available opt-out choices to users as they browse the web. We evaluate the usability of our browser extension with a user study. We also present results of a large-scale analysis of opt-outs found in the text of thousands of the most popular websites.

Published
2020

27. Personalized Privacy Assistants for the Internet of Things: Providing Users with Notice and Choice

Author

Martin Degeling, Daniel Smullen, Anupam Das, and Norman Sadeh

Subjects
Information privacy, Ubiquitous computing, Data collection, Notice, business.industry, Computer science, 05 social sciences, Control (management), Internet privacy, 02 engineering and technology, Computer Science Applications, Opt-out, Computational Theory and Mathematics, 020204 information systems, Opt-in email, 0202 electrical engineering, electronic engineering, information engineering, 0501 psychology and cognitive sciences, Set (psychology), business, 050107 human factors, Software
Abstract

As we interact with an increasingly diverse set of sensing technologies, it becomes difficult to keep up with the many different ways in which data about ourselves is collected and used. Study after study has shown that while people generally care about their privacy, they feel they have little awareness of-let alone control over-the collection and use of their data. This article summarizes ongoing research to develop and field privacy assistants designed to empower people to regain control over their privacy in the Internet of Things (IoT). Specifically, we focus on the infrastructure we have developed and deployed to support privacy assistants for the IoT. This infrastructure enables the assistants to discover IoT resources (sensors, apps, services, devices, and so on) in the vicinity of their users, and selectively inform users about the data practices associated with these resources. It also supports the discovery of user-configurable settings for IoT resources (opt in, opt out, data erasure, and so on) if there are any, enabling privacy assistants to help users configure their IoT experience in accordance with their privacy expectations. We also discuss how, using machine learning to build and refine models of users privacy expectations and preferences, we plan to developed personalized privacy assistants capable of selectively informing their users about the data practices they actually care about and of helping them configure associated privacy settings.

Published
2018

28. Enabling Live Video Analytics with a Scalable and Privacy-Aware Framework

Author

Padmanabhan Pillai, Brandon Amos, Anupam Das, Norman Sadeh, Mahadev Satyanarayanan, and Junjue Wang

Subjects
Multimedia, Computer Networks and Communications, business.industry, Computer science, Inter frame, 020206 networking & telecommunications, Cloud computing, 02 engineering and technology, computer.software_genre, Frame rate, Facial recognition system, Hardware and Architecture, Analytics, Scalability, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Cloudlet, business, computer, Edge computing
Abstract

We show how to build the components of a privacy-aware, live video analytics ecosystem from the bottom up, starting with OpenFace, our new open-source face recognition system that approaches state-of-the-art accuracy. Integrating OpenFace with interframe tracking, we build RTFace, a mechanism for denaturing video streams that selectively blurs faces according to specified policies at full frame rates. This enables privacy management for live video analytics while providing a secure approach for handling retrospective policy exceptions. Finally, we present a scalable, privacy-aware architecture for large camera networks using RTFace and show how it can be an enabler for a vibrant ecosystem and marketplace of privacy-aware video streams and analytics services.

Published
2018

29. PrivOnto: A semantic framework for the analysis of privacy policies

Author

N. Cameron Russell, Peter Story, Thomas B. Norton, Alessandro Oltramari, Dhivya Piraviperumal, Joel R. Reidenberg, Florian Schaub, Norman Sadeh, Shomir Wilson, and Sushain Cherivirala

Subjects
Information privacy, Privacy by Design, Computer Networks and Communications, Computer science, Privacy software, business.industry, Privacy policy, Internet privacy, Semantic framework, 020207 software engineering, 02 engineering and technology, Computer Science Applications, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, business, Information Systems
Published
2018

30. Nudges for Privacy and Security

Author

Idris Adjerid, Florian Schaub, Saranga Komanduri, Norman Sadeh, Rebecca Balebako, Manya Sleeper, Lorrie Faith Cranor, Shomir Wilson, Pedro Giovanni Leon, Laura Brandimarte, Alessandro Acquisti, and Yang Wang

Subjects
Information privacy, General Computer Science, Nudge theory, Privacy by Design, business.industry, Computer science, 05 social sciences, Internet privacy, Information technology, 020207 software engineering, 02 engineering and technology, Information security, Computer security, computer.software_genre, Behavioral economics, Theoretical Computer Science, Paternalism, 0202 electrical engineering, electronic engineering, information engineering, 0501 psychology and cognitive sciences, business, computer, Personally identifiable information, 050107 human factors
Abstract

Advancements in information technology often task users with complex and consequential privacy and security decisions. A growing body of research has investigated individuals’ choices in the presence of privacy and information security tradeoffs, the decision-making hurdles affecting those choices, and ways to mitigate such hurdles. This article provides a multi-disciplinary assessment of the literature pertaining to privacy and security decision making. It focuses on research on assisting individuals’ privacy and security choices with soft paternalistic interventions that nudge users toward more beneficial choices. The article discusses potential benefits of those interventions, highlights their shortcomings, and identifies key ethical, design, and research challenges.

Published
2017

31. Question Answering for Privacy Policies: Combining Computational and Legal Perspectives

Author

Thomas B. Norton, Norman Sadeh, Alan W. Black, Abhilasha Ravichander, and Shomir Wilson

Subjects
FOS: Computer and information sciences, Computer Science - Computation and Language, business.industry, Computer science, Privacy policy, Internet privacy, 02 engineering and technology, 010501 environmental sciences, 16. Peace & justice, 01 natural sciences, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Question answering, Baseline (configuration management), business, Computation and Language (cs.CL), 0105 earth and related environmental sciences
Abstract

Privacy policies are long and complex documents that are difficult for users to read and understand, and yet, they have legal effects on how user data is collected, managed and used. Ideally, we would like to empower users to inform themselves about issues that matter to them, and enable them to selectively explore those issues. We present PrivacyQA, a corpus consisting of 1750 questions about the privacy policies of mobile applications, and over 3500 expert annotations of relevant answers. We observe that a strong neural baseline underperforms human performance by almost 0.3 F1 on PrivacyQA, suggesting considerable room for improvement for future systems. Further, we use this dataset to shed light on challenges to question answerability, with domain-general implications for any question answering system. The PrivacyQA corpus offers a challenging corpus for question answering, with genuine real-world utility., Comment: EMNLP 2019

Published
2019

32. Enforcing Context-Sensitive Policies in Collaborative Business Environments

Author

Alberto Sardinha, Jinghai Rao, and Norman Sadeh

Subjects
80399 Computer Software not elsewhere classified, FOS: Computer and information sciences, Collaborative software, Knowledge management, Computer science, business.industry, computer.internet_protocol, Authorization, XACML, Access control, Context (language use), Service-oriented architecture, computer.software_genre, Scalability, Web service, Software architecture, business, computer, Semantic Web, computer.programming_language
Abstract

As enterprises seek to engage in increasingly rich and agile forms of collaboration, they are turning towards service-oriented architectures that enable them to selectively expose different levels of functionality to both existing and prospective business partners. This includes enforcing access control policies whose elements are tied to changing contractual relationships or to information obtained from external sources (e.g. ratings, credit worthiness, export restrictions, etc.). To ensure maximum openness, we argue that such sources of contextual information should themselves be represented as web services that can be identified and accessed on the fly. as required to enforce relevant policies. We propose an architecture for enforcing context-sensitive access control policies in which sources of information can be annotated with rich semantic profiles. This includes a meta-control architecture for dynamically orchestrating policy reasoning together with the identification and access of external sources of information required to enforce policies. We show that this architecture can be implemented as an extension to XACML's PIP and context handler functionality. We proceed to show that our architecture extends to a broader class of corporate and regulatory policies. The paper also presents computational experiments aimed at evaluating the scalability of our architecture.

Published
2018
Full Text
View/download PDF

33. Supervised and Unsupervised Methods for Robust Separation of Section Titles and Prose Text in Web Documents

Author

Shomir Wilson, Norman Sadeh, and Abhijith Athreya Mysore Gopinath

Subjects
Hierarchy, Markup language, Syntax (programming languages), Computer science, business.industry, Section (typography), 02 engineering and technology, computer.software_genre, Semantics, Automatic summarization, Information extraction, ComputingMethodologies_DOCUMENTANDTEXTPROCESSING, 0202 electrical engineering, electronic engineering, information engineering, Question answering, 020201 artificial intelligence & image processing, Artificial intelligence, business, computer, Natural language processing
Abstract

The text in many web documents is organized into a hierarchy of section titles and corresponding prose content, a structure which provides potentially exploitable information on discourse structure and topicality. However, this organization is generally discarded during text collection, and collecting it is not straightforward: the same visual organization can be implemented in a myriad of different ways in the underlying HTML. To remedy this, we present a flexible system for automatically extracting the hierarchical section titles and prose organization of web documents irrespective of differences in HTML representation. This system uses features from syntax, semantics, discourse and markup to build two models which classify HTML text into section titles and prose text. When tested on three different domains of web text, our domain-independent system achieves an overall precision of 0.82 and a recall of 0.98. The domain-dependent variation produces very high precision (0.99) at the expense of recall (0.75). These results exhibit a robust level of accuracy suitable for enhancing question answering, information extraction, and summarization.

Published
2018

34. Towards a Roadmap for Privacy Technologies and the General Data Protection Regulation: A Transatlantic Initiative

Author

Gabriela Zanfir-Fortuna, Florian Schaub, Bettina Berendt, Norman Sadeh, Triin Siil, Kim Wuyts, Seda Gürses, Martin Degeling, Robert Riemann, Stefan Schiffner, Achim Klabunde, Jules Polonetsky, Massimo Attoresi, Medina, Manel, Mitrakas, Andreas, Rannenberg, Kai, Schweighofer, Erich, and Tsouroulas, Nikolaos

Subjects
050502 law, business.industry, Best practice, media_common.quotation_subject, 05 social sciences, ComputingMilieux_LEGALASPECTSOFCOMPUTING, 020206 networking & telecommunications, Context (language use), 02 engineering and technology, Public relations, Transparency (behavior), State (polity), Software deployment, General Data Protection Regulation, Political science, 0202 electrical engineering, electronic engineering, information engineering, business, 0505 law, media_common
Abstract

© Springer Nature Switzerland AG 2018. The EU’s General Data Protection Regulation is poised to present major challenges in bridging the gap between law and technology. This paper reports on a workshop on the deployment, content and design of the GDPR that brought together academics, practitioners, civil-society actors, and regulators from the EU and the US. Discussions aimed at advancing current knowledge on the use of abstract legal terms in the context of applied technologies together with best practices following state of the art technologies. Five themes were discussed: state of the art, consent, de-identification, transparency, and development and deployment practices. Four traversal conflicts were identified, and research recommendations were outlined to reconcile these conflicts. ispartof: pages:24-42 ispartof: Proceedings of the Annual Privacy Forum 2018, 13-14 June 2018, Barcelona vol:11079 LNCS pages:24-42 ispartof: Annual Privacy Forum 2018 location:Barcelona date:13 Jun - 14 Jun 2018 status: published

Published
2018
Full Text
View/download PDF

35. Which Apps Have Privacy Policies?

Author

Peter Story, Sebastian Zimmeck, and Norman Sadeh

Subjects
Data collection, GeneralLiterature_INTRODUCTORYANDSURVEY, Computer science, business.industry, InformationSystems_INFORMATIONSYSTEMSAPPLICATIONS, Privacy policy, Internet privacy, 020206 networking & telecommunications, 02 engineering and technology, GeneralLiterature_MISCELLANEOUS, Metadata, Exploratory data analysis, mental disorders, Smartphone app, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, business
Abstract

Smartphone app privacy policies are intended to describe smartphone apps’ data collection and use practices. However, not all apps have privacy policies. Without prominent privacy policies, it becomes more difficult for users, regulators, and privacy organizations to evaluate apps’ privacy practices. We answer the question: “Which apps have privacy policies?” by analyzing the metadata of over one million apps from the Google Play Store. Only about half of the apps we examined link to a policy from their Play Store pages. First, we conducted an exploratory data analysis of the relationship between app metadata features and whether apps link to privacy policies. Next, we trained a logistic regression model to predict the probability that individual apps will have policy links. Finally, by comparing three crawls of the Play Store, we observe an overall-increase in the percent of apps with links between September 2017 and May 2018 (from 41.7% to 51.8%).

Published
2018

36. Factoring Games to Isolate Strategic Interactions

Author

Kathleen M. Carley, Norman Sadeh, George B. Davis, and Michael Benisch

Subjects
Bondareva–Shapley theorem, 80399 Computer Software not elsewhere classified, FOS: Computer and information sciences, Mathematical optimization, Computer Science::Computer Science and Game Theory, Sequential game, Computer science, Symmetric game, Normal-form game, Combinatorial game theory, Strategic Network Formation, Screening game, Game complexity, Minimax, Extensive-form game, symbols.namesake, Example of a game without a value, Nash equilibrium, Best response, Repeated game, symbols, Algorithmic game theory, Game theory, Mathematical economics, Implementation theory
Abstract

Game theoretic reasoning about multi-agent systems has been made more tractable by algorithms that exploit various types of independence in agents' utilities. However, previous work has assumed that a game's precise independence structure is given in advance. This paper addresses the problem of finding independence structure in a general form game when it is not known ahead of time, or of finding an approximation when full independence does not exist. We give an expected polynomial time algorithm to divide a bounded-payout normal form game into factor games that isolate independent strategic interactions. We also show that the best approximate factoring can be found in polynomial time for a specific interaction that is not fully independent. Once known, factors aide computation of game theoretic solution concepts, including Nash equilibria (or e-equilibria for approximate factors), in some cases guaranteeing polynomial complexity where previous bounds were exponential.

Published
2018
Full Text
View/download PDF

37. Assisting Users in a World Full of Cameras: A Privacy-Aware Infrastructure for Computer Vision Applications

Author

Norman Sadeh, Mahadev Satyanarayanan, Anupam Das, Junjue Wang, Martin Degeling, and Xiaoyou Wang

Subjects
Information privacy, Multimedia, business.industry, Computer science, Privacy software, 05 social sciences, Control (management), 02 engineering and technology, computer.software_genre, Facial recognition system, World Wide Web, Software deployment, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, 0501 psychology and cognitive sciences, Computer vision, Artificial intelligence, Internet of Things, business, computer, 050107 human factors
Abstract

Computer vision based technologies have seen widespread adoption over the recent years. This use is not limited to the rapid adoption of facial recognition technology but extends to facial expression recognition, scene recognition and more. These developments raise privacy concerns and call for novel solutions to ensure adequate user awareness, and ideally, control over the resulting collection and use of potentially sensitive data. While cameras have become ubiquitous, most of the time users are not even aware of their presence. In this paper we introduce a novel distributed privacy infrastructure for the Internet-of-Things and discuss in particular how it can help enhance user's awareness of and control over the collection and use of video data about them. The infrastructure, which has undergone early deployment and evaluation on two campuses, supports the automated discovery of IoT resources and the selective notification of users. This includes the presence of computer vision applications that collect data about users. In particular, we describe an implementation of functionality that helps users discover nearby cameras and choose whether or not they want their faces to be denatured in the video streams.

Published
2017

38. A Scalable and Privacy-Aware IoT Service for Live Video Analytics

Author

Anupam Das, Mahadev Satyanarayanan, Brandon Amos, Junjue Wang, Norman Sadeh, and Padmanabhan Pillai

Subjects
Service (systems architecture), Multimedia, business.industry, Computer science, ComputingMethodologies_IMAGEPROCESSINGANDCOMPUTERVISION, 020206 networking & telecommunications, Cloud computing, 02 engineering and technology, computer.software_genre, Frame rate, Facial recognition system, Analytics, Scalability, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Cloudlet, business, computer, Edge computing, Computer network
Abstract

We present OpenFace, our new open-source face recognition system that approaches state-of-the-art accuracy. Integrating OpenFace with inter-frame tracking, we build RTFace, a mechanism for denaturing video streams that selectively blurs faces according to specified policies at full frame rates. This enables privacy management for live video analytics while providing a secure approach for handling retrospective policy exceptions. Finally, we present a scalable, privacy-aware architecture for large camera networks using RTFace.

Published
2017

39. Towards Privacy-Aware Smart Buildings: Capturing, Communicating, and Enforcing Privacy Policies and Preferences

Author

Martin Degeling, William Melicher, Lujo Bauer, Primal Pappachan, Roberto Yus, Pardis Emami Naeini, Shikun Zhang, Anupam Das, Sruti Bhagavatula, Norman Sadeh, Nalini Venkatasubramanian, Alfred Kobsa, and Sharad Mehrotra

Subjects
Information privacy, Data collection, Privacy by Design, business.industry, Privacy software, Computer science, Privacy policy, 05 social sciences, Internet privacy, 020207 software engineering, 02 engineering and technology, Computer security, computer.software_genre, Intelligent sensor, 0202 electrical engineering, electronic engineering, information engineering, 0501 psychology and cognitive sciences, business, Productivity, computer, 050107 human factors, Building automation
Abstract

The Internet of Things (IoT) is changing the way we interact with our environment in domains as diverse as health, transportation, office buildings and our homes. In smart building environments, information captured about the building and its inhabitants will aid in development of services that improve productivity, comfort, social interactions, safety, energy savings and more. However, by collecting and sharing information about building's inhabitants and their activities, these services also open the door to privacy risks. In this paper, we introduce a framework where IoT Assistants capture and manage the privacy preferences of their users and communicate them to privacy-aware smart buildings, which enforce them when collecting user data or sharing it with building services. We outline elements necessary to support such interactions and also discuss important privacy policy attributes that need to be captured. This includes looking at attributes necessary to describe -- (1) the data collection and sharing practices associated with deployed sensors and services in smart buildings as well as (2) the privacy preferences to help users manage their privacy in such environments.

Published
2017

40. Automated Analysis of Privacy Requirements for Mobile Apps

Author

Florian Schaub, Norman Sadeh, Lieyong Zou, Sebastian Zimmeck, Roger Iyengar, Steven M. Bellovin, Shomir Wilson, Joel R. Reidenberg, Bin Liu, and Ziqi Wang

Subjects
World Wide Web, Computer science, 0202 electrical engineering, electronic engineering, information engineering, Mobile apps, 020207 software engineering, 020201 artificial intelligence & image processing, 02 engineering and technology
Published
2017

41. Crowdsourcing Annotations for Websites' Privacy Policies

Author

Rohan Ramanath, Frederick Liu, Noah A. Smith, Shomir Wilson, Fei Liu, Florian Schaub, and Norman Sadeh

Subjects
Information privacy, Privacy by Design, Privacy software, Computer science, business.industry, Privacy policy, Internet privacy, 020207 software engineering, 02 engineering and technology, Crowdsourcing, 020204 information systems, Scalability, 0202 electrical engineering, electronic engineering, information engineering, User interface, business
Abstract

Website privacy policies are often long and difficult to understand. While research shows that Internet users care about their privacy, they do not have time to understand the policies of every website they visit, and most users hardly ever read privacy policies. Several recent efforts aim to crowdsource the interpretation of privacy policies and use the resulting annotations to build more effective user interfaces that provide users with salient policy summaries. However, very little attention has been devoted to studying the accuracy and scalability of crowdsourced privacy policy annotations, the types of questions crowdworkers can effectively answer, and the ways in which their productivity can be enhanced. Prior research indicates that most Internet users often have great difficulty understanding privacy policies, suggesting limits to the effectiveness of crowdsourcing approaches. In this paper, we assess the viability of crowdsourcing privacy policy annotations. Our results suggest that, if carefully deployed, crowdsourcing can indeed result in the generation of non-trivial annotations and can also help identify elements of ambiguity in policies. We further introduce and evaluate a method to improve the annotation process by predicting and highlighting paragraphs relevant to specific data practices.

Published
2016

42. Nudges for Privacy and Security: Understanding and Assisting Userss Choices Online

Author

Rebecca Balebako, Alessandro Acquisti, Saranga Komanduri, Shomir Wilson, Laura Brandimarte, Yang Wang, Idris Adjerid, Pedro Giovanni Leon, Florian Schaub, Norman Sadeh, Lorrie Faith Cranor, and Manya Sleeper

Subjects
Nudge theory, business.industry, Internet privacy, Psychological intervention, Key (cryptography), Information technology, Information security, business, Behavioral economics, Paternalism, Task (project management)
Abstract

Advancements in information technology often task users with complex and consequential privacy and security decisions. A growing body of research has investigated individuals’ choices in the presence of privacy and information security trade-offs, the decision making hurdles affecting those choices, and ways to mitigate those hurdles. This article provides a multi-disciplinary assessment of the literature pertaining to privacy and security decision making. It focuses on research on assisting individuals’ privacy and security choices with soft paternalistic interventions that nudge users towards more beneficial choices. The article discusses potential benefits of those interventions, highlights their shortcomings, and identifies key ethical, design, and research challenges.

Published
2016

43. A comparative study of location-sharing privacy preferences in the United States and China

Author

Jason Hong, Michael Benisch, Shaohui Guo, Jialiu Lin, Banghui Lu, Norman Sadeh, and Jianwei Niu

Subjects
Location sharing, Work (electrical), Hardware and Architecture, Computer science, business.industry, Internet privacy, Key (cryptography), Mobile computing, Management Science and Operations Research, China, business, Computer Science Applications
Abstract

While prior studies have provided us with an initial understanding of people's location-sharing privacy preferences, they have been limited to Western countries and have not investigated the impact of the granularity of location disclosures on people's privacy preferences. We report findings of a 3-week comparative study collecting location traces and location-sharing preferences from two comparable groups in the United States and China. Results of the study shed further light on the complexity of people's location-sharing privacy preferences and key attributes influencing willingness to disclose locations to others and to advertisers. While our findings reveal many similarities between US and Chinese participants, they also show interesting differences, such as differences in willingness to share location at "home" and at "work" and differences in the granularity of disclosures people feel comfortable with. We conclude with a discussion of implications for the design of location-sharing applications and location-based advertising.

Published
2012

44. Capturing location-privacy preferences: quantifying accuracy and user-burden tradeoffs

Author

Patrick Gage Kelley, Michael Benisch, Lorrie Faith Cranor, and Norman Sadeh

Subjects
Measure (data warehouse), education.field_of_study, Computer science, business.industry, Population, Mobile computing, Usability, Management Science and Operations Research, computer.software_genre, Computer Science Applications, Variety (cybernetics), Time of day, Hardware and Architecture, Human–computer interaction, Data mining, education, business, computer
Abstract

We present a 3-week user study in which we tracked the locations of 27 subjects and asked them to rate when, where, and with whom they would have been comfortable sharing their locations. The results of analysis conducted on over 7,500 h of data suggest that the user population represented by our subjects has rich location-privacy preferences, with a number of critical dimensions, including time of day, day of week, and location. We describe a methodology for quantifying the effects, in terms of accuracy and amount of information shared, of privacy-setting types with differing levels of complexity (e.g., setting types that allow users to specify location- and/or time-based rules). Using the detailed preferences we collected, we identify the best possible policy (or collection of rules granting access to one's location) for each subject and privacy-setting type. We measure the accuracy with which the resulting policies are able to capture our subjects' preferences under a variety of assumptions about the sensitivity of the information and user-burden tolerance. One practical implication of our results is that today's location-sharing applications may have failed to gain much traction due to their limited privacy settings, as they appear to be ineffective at capturing the preferences revealed by our study.

Published
2010

45. Pushing the limits of rational agents: The trading agent competition for supply chain management

Author

Norman Sadeh, John Collins, Wolfgang Ketter, Department of Technology and Operations Management, and National Science Foundation

Subjects
Progress in artificial intelligence, Engineering, Supply chain management, business.industry, Supply chain, Automated Trading, Context (language use), Rational agent, computer.software_genre, Competition (economics), Intelligent agent, Artificial Intelligence, Open market operation, Computer Science, Artificial intelligence, business, computer, Supply Chain Management, Agent Architectures, Empirical Game Theory, Economic Market Modeling, Stochastic Optimization, Online learning, reasoning under uncertainty, Industrial organization
Abstract

Over the years, competitions have been important catalysts for progress in artificial intelligence. We describe one such competition, the Trading Agent Competition for Supply Chain Management (TAC SCM). We discuss its significance in the context of today's global market economy as well as AI research, the ways in which it breaks away from limiting assumptions made in prior work, and some of the advances it has engendered over the past six years. TAC SCM requires autonomous supply chain entities, modeled as agents, to coordinate their internal operations while concurrently trading in multiple dynamic and highly competitive markets. Since its introduction in 2003, the competition has attracted more than 150 entries and brought together researchers from AI and beyond in the form of 75 competing teams from 25 different countries. Copyright © 2010, Association for the Advancement of Artificial Intelligence.

Published
2010

46. Coordinated selection of procurement bids in finite capacity environments

Author

Jiong Sun and Norman Sadeh

Subjects
80399 Computer Software not elsewhere classified, FOS: Computer and information sciences, Marketing, Supply chain management, Job shop scheduling, Operations research, Computer Networks and Communications, Computer science, Service provider, computer.software_genre, Profit (economics), Computer Science Applications, Procurement, Management of Technology and Innovation, Revenue, Operations management, Web service, Heuristic procedure, computer
Abstract

Pressure to increase agility and reduce costs is pushing enterprises to dynamically select among offers from a broader range of suppliers. This process is facilitated by the adoption of web services standards. An important requirement in this context is the ability to move away from unidimensional price-based e-procurement models and develop richer solutions that are capable of capturing other important attributes in the selection of supplier bids. Research on the evaluation and selection of supplier bids (''winner determination'') has traditionally ignored the temporal and finite capacity constraints under which manufacturers and service providers often operate. We consider the problem faced by a firm that procures multiple key components or services from a number of possible suppliers. Bids submitted by suppliers include both a price and a delivery date. The firm has to select a combination of supplier bids that will maximize its overall profit. Profit is determined by the revenue generated by the products (or services) sold by the firm, the costs of the components (or services) it acquires as well as late delivery penalties it incurs if it fails to deliver its products/services in time to its own customers. We provide a formal model of this important class of problems, discuss its complexity and introduce rules that can be used to efficiently prune the resulting search space. We proceed to show that our model can be characterized as a pseudo-early/tardy scheduling problem and use this observation to build an efficient heuristic search procedure. Computational results show that our heuristic procedure typically yields solutions that are within a few percent from the optimum. They further indicate that taking into account the manufacturer/service provider's capacity can significantly improve its bottom line.

Published
2009

47. CMieux: Adaptive strategies for competitive supply chain trading

Author

James Andrews, Ramprasad Ravichandran, Michael Benisch, Alberto Sardinha, and Norman Sadeh

Subjects
Marketing, Supply chain management, Computer Networks and Communications, Supply chain, Service management, Bidding, ComputingMethodologies_ARTIFICIALINTELLIGENCE, Computer Science Applications, Competition (economics), Procurement, Software agent, Management of Technology and Innovation, Economics, Central element, Industrial organization
Abstract

Supply chains are a central element of today's global economy. Existing management practices consist primarily of static interactions between established partners. Global competition, shorter product life cycles and the emergence of Internet-mediated business solutions create an incentive for exploring more dynamic supply chain practices. The supply chain trading agent competition (TAC SCM) was designed to explore approaches to dynamic supply chain trading between automated software agents. TAC SCM pits trading agents developed by teams from around the world against one another. Each agent is responsible for running the procurement, planning and bidding operations of a PC assembly company, while competing with others for both customer orders and supplies under varying market conditions. This paper presents Carnegie Mellon University's 2005 TAC SCM entry, the CMieux supply chain trading agent. CMieux implements a novel approach for coordinating supply chain bidding, procurement and planning, with an emphasis on the ability to rapidly adapt to changing market conditions. We present empirical results based on 200 games involving agents entered by 25 different teams during what can be seen as the most competitive phase of the 2005 tournament. Not only did CMieux perform among the top five agents, it significantly outperformed these agents in procurement while matching their bidding performance. We also simulated 40 games against the best publicly available agent binaries. Our results show CMieux has significantly better average overall performance than any of these agents.

Published
2009

48. A meta-control architecture for orchestrating policy enforcement across heterogeneous information sources

Author

Jinghai Rao, Norman Sadeh, and Alberto Sardinha

Subjects
Service (systems architecture), Computer Networks and Communications, business.industry, Computer science, Service discovery, XACML, Access control, computer.software_genre, Social Semantic Web, Human-Computer Interaction, World Wide Web, Web service, WS-Policy, business, Semantic Web, computer, Software, computer.programming_language
Abstract

There is increasing demand from both organizations and individuals for technology capable of enforcing sophisticated, context-sensitive policies, whether security and privacy policies, corporate policies or policies reflecting various regulatory requirements. In open environments, enforcing such policies requires the ability to reason about the policies themselves as well as the ability to dynamically identify and access heterogeneous sources of information. This article introduces a semantic web framework and a meta-control model to orchestrate policy reasoning with the identification and access of relevant sources of information. Specifically, sources of information are modeled as web services with rich semantic profiles. Policy Enforcing Agents rely on meta-control strategies to dynamically interleave semantic web reasoning and service discovery and access. Meta-control rules can be customized to best capture the requirements associated with different domains and different sets of policies. This architecture has been validated in the context of different environments, including a collaborative enterprise domain as well as several mobile and pervasive computing applications deployed on Carnegie Mellon's campus. We show that, in the particular instance of access control policies, the proposed framework can be viewed as an extension of the XACML architecture, in which Policy Enforcing Agents offer a particularly powerful way of implementing XACML's Policy Information Point (PIP) and Context Handler functionality. At the same time, our proposed architecture extends to a much wider range of policies and regulations. Empirical results suggest that the semantic framework introduced in this article scales favorably on problems with up to hundreds of services and tens of service directories.

Published
2009

49. Understanding and capturing people’s privacy policies in a mobile social networking application

Author

Lorrie Faith Cranor, Ian Fette, Jinghai Rao, Patrick Gage Kelley, Jason Hong, Madhu Prabaker, and Norman Sadeh

Subjects
Information privacy, Privacy by Design, business.industry, Computer science, Privacy software, Privacy policy, Internet privacy, Mobile computing, Context (language use), Audit, Management Science and Operations Research, Computer Science Applications, World Wide Web, Hardware and Architecture, User interface, business
Abstract

A number of mobile applications have emerged that allow users to locate one another. However, people have expressed concerns about the privacy implications associated with this class of software, suggesting that broad adoption may only happen to the extent that these concerns are adequately addressed. In this article, we report on our work on PeopleFinder, an application that enables cell phone and laptop users to selectively share their locations with others (e.g. friends, family, and colleagues). The objective of our work has been to better understand people's attitudes and behaviors towards privacy as they interact with such an application, and to explore technologies that empower users to more effectively and efficiently specify their privacy preferences (or "policies"). These technologies include user interfaces for specifying rules and auditing disclosures, as well as machine learning techniques to refine user policies based on their feedback. We present evaluations of these technologies in the context of one laboratory study and three field studies.

Published
2008

50. Your Location has been Shared 5,398 Times!

Author

Lorrie Faith Cranor, Hazim Almuhimedi, Joshua Gluck, Florian Schaub, Alessandro Acquisti, Norman Sadeh, Idris Adjerid, and Yuvraj Agarwal

Subjects
Information privacy, Nudge theory, Computer science, Privacy software, business.industry, Qualitative evidence, Control (management), Internet privacy, Mobile apps, Permission, GeneralLiterature_MISCELLANEOUS, Field (computer science), World Wide Web, business
Abstract

Smartphone users are often unaware of the data collected by apps running on their devices. We report on a study that evaluates the benefits of giving users an app permission manager and sending them nudges intended to raise their awareness of the data collected by their apps. Our study provides both qualitative and quantitative evidence that these approaches are complementary and can each play a significant role in empowering users to more effectively control their privacy. For instance, even after a week with access to the permission manager, participants benefited from nudges showing them how often some of their sensitive data was being accessed by apps, with 95% of participants reassessing their permissions, and 58% of them further restricting some of their permissions. We discuss how participants interacted both with the permission manager and the privacy nudges, analyze the effectiveness of both solutions, and derive some recommendations.

Published
2015

Catalog

Books, media, physical & digital resources
See catalog results