From Theory to Practice: Empowering Users to Make Privacy Decisions in Mobile Environments
The advent of the smartphone has heralded in an era of unprecedented access to rich user data. This has allowed third-party applications to innovate by supporting new interaction modalities, better integrating with users’ lifestyles, and making relevant information more accessible. At the same time, the abundance of personal data presents very real privacy risks. In this talk, I discuss previous and ongoing human subjects research to help users make more informed choices about how their personal data is accessed. I present previous work on smartphone platforms that has provided insights into users’ behaviors and preferences, as well as how to design systems that empower users to make better privacy decisions by operationalizing Nissenbaum’s theory of “privacy as contextual integrity.” I cover several studies that my group has performed to examine how people currently use smartphones to make decisions, how we have modified the Android platform to facilitate better privacy decision-making, and finally, how we are using our infrastructure to further audit third-party applications for privacy violations at scale.
Serge Egelman is the research director of the Usable Security & Privacy Group at the International Computer Science Institute (ICSI) and also holds an appointment in the Department of Electrical Engineering and Computer Sciences (EECS) at the University of California, Berkeley. He leads the Berkeley Laboratory for Usable and Experimental Security (BLUES), which is the amalgamation of his ICSI and UCB research groups. Serge's research focuses on the intersection of privacy, computer security, and human-computer interaction, with the specific aim of better understanding how people make decisions surrounding their privacy and security, and then creating data-driven improvements to systems and interfaces. This has included human subjects research on social networking privacy, access controls, authentication mechanisms, web browser security warnings, and privacy-enhancing technologies. His work has received multiple best paper awards, including six ACM CHI Honorable Mentions, the 2012 Symposium on Usable Privacy and Security (SOUPS) Distinguished Paper Award for his work on smartphone application permissions, and the 2012 Information Systems Research Best Published Paper Award for his work on consumers' willingness to pay for online privacy. He received his PhD from Carnegie Mellon University and prior to that was an undergraduate at the University of Virginia. He has also performed research at NIST, Brown University, Microsoft Research, and Xerox PARC.