Cookies, Lies and Consent Enrico Gerding. What is this talk about? The Biggest Lie.

Slides:

Advertisements

Similar presentations

Data Protection Law In India iPleaders and Intelligent Legal Risk management LLP.

Advertisements

UnFriendly: Multi-Party Privacy Risks in Social Networks Kurt Thomas, Chris Grier, David M. Nicol.

Consumers & Online Privacy: Agenda Background and objectives General attitudes to the internet Attitudes to online data and privacy Attitudes to.

Privacy in the Next Generation Internet Data Protection in the Context of European Union Policy Alberto Escudero-Pascual Royal Institute of Technology.

Quantifying Privacy Choices with Experimental Economics College of Management North Carolina State University WEIS Harvard University June 2-3, 2005 David.

Handle with care : Digital marketing and online behavioural advertising Global guidance to help improve consumer trust in practice, techniques and messages.

Ask for the Review, Get the Review, and Improve your Online Reputation.

Communication and interactive policy development Wednesday 2nd of July.

Tracking, Privacy, You & The 21 st Century When you talk online the internet listens.

Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.

Taking Steps to Protect Privacy A presentation to Hamilton-area Physiotherapy Managers by Bob Spence Communications Co-ordinator Office of the Ontario.

MANAGING YOUR ONLINE PROFILE WHAT DOES THIS MEAN AND WHY SHOULD YOU CARE? Sarah Morris UT Libraries.

The Future and Accessibility OZeWAI Conference 2011 Jacqui van Teulingen Director, Web Policy 1.

CHUCK YOUNG MANAGING DIRECTOR OFFICE OF PUBLIC AFFAIRS GOVERNMENT ACCOUNTABILITY OFFICE to AGA BOSTON CHAPTER PROFESSIONAL DEVELOPMENT CONFERENCE MARCH.

Introduction Our Topic: Mobile Security Why is mobile security important?

CPS Acceptable Use Policy Day 2 – Technology Session.

Using the Internet to Conduct Research What Investigators and IRB Members Should Know -- January 29, Lisa Shickle, MS Analyst, VCU Massey Cancer.

Equality Purchase Cycle Produce Spec Evaluate Quotes / Tenders Vendor Selection Issue RFQ/T Requirement to Purchase Negotiate Vendor Paid Place / Award.

Watch this! 0 – 5mins only

Privacy, P3P and Internet Explorer 6 P3P Briefing – 11/16/01.

Chloe Miles IMPROVING PRODUCTIVITY USING IT. Menu Using Word Advantages Disadvantages Conclusion E-Safety Social Media Dangers of Social Media Sites Staying.

Privacy of Home Energy Usage Data Jim Williams June 26, 2012 Jim Williams June 26, 2012.

Banking & Retail in the Digital Age Hiba Fayad Al-Iktissad #DGTLU.

Privacy in computing Material/text on the slides from Chapter 10 Textbook: Pfleeger.

BEHAVIORAL TARGETING IN ADVERTISING By Rita Aliperti.

The Framework for Privacy Policies in the UK: Is telling people what information is gathered about them part of the framework? Does it need to be? Emma.

Identity Management: A Technical Perspective Richard Cissée DAI-Labor; Technische Universität Berlin

An Online GoToMeeting Presentation with Richard Lord.

Computer Issues Acceptable Use Policy Online Safety Photo Permission Forms Rachel Gorsuch Stephanie Herbin Natalie Wu Acceptable Use Policy Online Safety.

Marketing / Law / Digital Keith Arrowsmith. Court ActionPress Complaints CommissionTrading StandardsGambling Commission.

PRIVACY BOOTCAMP Jack Vale - Social Media Experiement.

APEC Engineers Workshop Legal Considerations - Central Register Sept 2015 Angela Frawley, General Counsel.

E-Safety Many people around the world use internet For entertainment, social lives and Work. However, nobody knows what YOU could be getting yourself.

Protecting your search privacy A lesson plan created & presented by Maria Bernhey (MLS) Adjunct Information Literacy Instructor

Course : Study of Digital Convergence. Name : Srijana Acharya. Student ID : Date : 11/28/2014. Big Data Analytics and the Telco : How Telcos.

THREATS, VULNERABILITIES IN ANDROID OS BY DNYANADA PRAMOD ARJUNWADKAR AJINKYA THORVE Guided by, Prof. Shambhu Upadhyay.

Business Challenges in the evolution of HOME AUTOMATION (IoT)

Creating a Culture of Privacy Michael Kaiser Executive Director National Cyber Security

Christian Citizenship in a Digital World Lesson 4:Digital Etiquette.

Using Analytics and Metrics to Turn App Users into Gold Brian G. Burton, Ed.D. Assistant Professor of Digital Entertainment & Information Technology Abilene.

Visibook is instant, simple, and dynamic appointment booking We're headquartered in San Francisco, California "Visibook is awesome. My entire studio was.

Alexander County Schools Review of Board of Education Policies Technology Responsible Use 3225/4312/7320 Internet Safety 3226/4205 Technology In The Educational.

Geospatial Analytics Market to Global Analysis and Forecasts by Type, Technology and Application No of Pages: 150 Publishing Date: Jan 2017 Single.

Geospatial Analytics Market to Global Analysis and Forecasts by Type, Technology and Application No of Pages: 150 Publishing Date: Feb 2017 Single.

Internet Business Associate v2.0

Facebook privacy policy

Student Privacy in an Ever-Changing Digital World

Dr. Victoria Banti-Markouti

Evaluating Survey Data Collection Methods

A Parent Guide to creating a student (under 13) Apple ID

BA 625: Privacy Law and Policy

Importance of Privacy Internet Safety

Information Security Footprint.

2016 Annual CPNI Training CPNI & PI Awareness Beth Slough,

DATA e-Privacy Regulation Proposal

Digital $$ Quiz Test your knowledge.

Living Online Consumer research to inform consumer protections in the digital economy ACCAN Conference 12 Sept 2018 Lauren Solomon Chief Executive Officer.

CASE − Cognitive Agents for Social Environments

ANDROID. There are so many applications that run well today on various android mobile devices and different-2 languages can be used for designing such.

Being Aware of What You Share

Our internet, our choice

Online Safety: Rights and Responsibilities

Digital Citizen.

Our internet, our choice

Software Agent.

Personal Mobile Device Acceptable Use Policy Training Slideshow

Our internet, our choice

Our internet, our choice

Online Safety; Privacy and Sharing

Online Safety; Privacy and Sharing

Presentation transcript:

Cookies, Lies and Consent Enrico Gerding

What is this talk about? The Biggest Lie

Solution 1: Read all terms and conditions Alex Hern: "I read all the small print on the internet and it made me want to die " /15/i-read-all-the-small-print-on-the-internet

Issues It is impossible to read all terms and conditions Even if we read them, they are clouded in legal language and difficult to understand what it means in practice There is no choice: there is no negotiation of the terms; it's `take it or leave it'

Consequences We do not know what we agree to Consent becomes meaningless Leads to mistrust in businesses Privacy Index

Why is this important? Increasing amount information is being collected – Browsing – Social media – Mobile devices – Internet of Things Potential privacy issues Often not clear what information is collected and for which purpose

Samsung SmartTV Samsung SmartTV has a voice command feature. The privacy policy reads: “Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party,” Source: The Daily Beast, 5 Feb 2015

Mobile App Permissions University of Southampton Campus App has access to: – Device & app history Includes browsing history and information about other apps – Identity Includes accounts – Contacts Reading all contacts – Location – Photos/Media/Files Can access files on device including photos and videos taken – Device ID & Call Information Phone number, whether calls are `active', remote number connected to phone, etc

Solution 2: Change the Law EU Cookie Law, adopted May 2011 The goal was to `make consumers aware of how information about them is collected and used online, and give them a choice to allow it or not' Issues: – Not many people understand what cookies are – Still not clear how information is being used – Often there is no choice

Towards Meaningful Consent in the Digital Economy How can we make consent more meaningful? Multi-disciplinary EPSRC-funded project – ECS: m.c schraefel (PI), Enrico Gerding, Tim Baarslag, Richard Gomer, Dion Kitchener, Anna Soska – Economics: Michael Vlassopoulis, Helia Marreiros

Towards Meaningful Consent in the Digital Economy Research questions: Understand to what extent people care about privacy, and in which context Can we make consent more meaningful than talking about cookie technologies? Can consent be automated using agent-based technologies? Can consent be negotiated?

Current Situation Service Provider User Yes/No Privacy Policy

Agent-Based Privacy Negotiation (1) Service Provider User Privacy Preferences Agent Negotiation

Agent-Based Privacy Negotiation (2) UserAgent Service Provider Preference Elicitation Negotiation Determine which information is needed to reach an optimal outcome No cognitive costs but risky if user model is inaccurate Find the right time to ask the user for feedback Find the most information- revealing questions to ask Incurs cognitive costs Provider Model User Model

Example Suppose the agent can make 3 different offers to the service provider Offer 1 Offer 2 Offer 3 User Model Provider Model Probability Utility Acceptance Probability = 0.7 Acceptance Probability = 0.5 Acceptance Probability = 0.2

Trade offs Agent can make an offer, but if accepted is bound to the offer – Risk Agent can ask the user to get more accurate information about its preferences but this incurs a cognitive cost

Pandora’s problem

Pandora’s Policy Example

Pandora’s Policy With these indexes, Pandora follows these simple rules: SELECTION RULE: If a box is to be opened, it should be the closed box with highest index. STOPPING RULE: Terminate search whenever the maximum sampled reward exceeds the index of every closed box Pandora’s policy is optimal in terms of expected reward We adapted Pandora’s Policy for the privacy negotiation setting Tim Baarslag and Enrico H. Gerding. Optimal incremental preference elicitation during negotiation. In Proceedings of the Twenty-fourth International Joint Conference on Artificial Intelligence (IJCAI). AAAI Press, 2015

Negotiating Consent in Practice

Development of mobile app which collects potentially sensitive user information Users receive monetary reward in return for granting permissions (data) Field studies with real users and their data Research questions: – How privacy sensitive are users in practice (as opposed to what they say they are) – User bother vs accuracy – Effectiveness of agent based approach

Conclusions Nobody reads terms and conditions Privacy an ever-important issue Meaningful consent is an interaction issue CS solutions: – Agent-based approaches – HCI Website