Frameworks for Personalized Privacy and Privacy Auditing

Samavi, M. Reza

13 August 2013

As individuals are increasingly benefiting from the use of online services, there are growing concerns about the treatment of personal information. Society’s ongoing response to these concerns often gives rise to privacy policies expressed in legislation and regulation. These policies are written in natural language (or legalese) as privacy agreements that users must agree to, or presented as a set of privacy settings and options that users must opt in or out of in order to receive the service they want. But comprehensibility of privacy policies and settings is becoming increasingly challenging as agreements become longer and there are many privacy options to choose from. Additionally, organizations face the challenge of assuring compliance with policies that govern collecting, using, and sharing of personal data. This thesis proposes frameworks for personalized privacy and privacy auditing to address these two problems. In this thesis, we focus our investigation on the comprehensibility issues of personalized privacy using the concrete application domain of personal health data as recorded in systems known as personal health records (PHR). We develop the Privacy Goals and Settings Mediator (PGSM) model, which is based on i* multi-agent modelling techniques, as a way to help users comprehend privacy settings when employing multiple services over a web platform. Additionally, the PGSM model helps privacy experts contribute their privacy knowledge to the users’ privacy decision-making task. To address the privacy auditing problem, we propose two light-weight ontologies, L2TAP and SCIP, that are designed for deployment as Linked Data, an emerging standard for representing and publishing web data. L2TAP (Linked Data Log to Transparency, Accountability and Privacy) provides flexible and extensible provenance-enabled logging of privacy events. SCIP (Simple Contextual Integrity Privacy) provides a simple target for mapping the key concepts of Contextual Integrity and enables SPARQL query-based solutions for two important privacy processes: compliance checking and obligation derivation. This thesis validates the premise of PHR users’ privacy concerns, attitudes and behaviour through an empirical study. The usefulness of the PGSM model for privacy experts is evaluated through interviews with experts. Finally, the scalability and practical benefits of L2TAP+SCIP for log-based privacy auditing are validated experimentally.

Privacy

Ontology

Audit log

Linked Data

Personal Health Record

Personal Web

Compliance queries

0790

Frameworks for Personalized Privacy and Privacy Auditing

Samavi, M. Reza

13 August 2013

As individuals are increasingly benefiting from the use of online services, there are growing concerns about the treatment of personal information. Society’s ongoing response to these concerns often gives rise to privacy policies expressed in legislation and regulation. These policies are written in natural language (or legalese) as privacy agreements that users must agree to, or presented as a set of privacy settings and options that users must opt in or out of in order to receive the service they want. But comprehensibility of privacy policies and settings is becoming increasingly challenging as agreements become longer and there are many privacy options to choose from. Additionally, organizations face the challenge of assuring compliance with policies that govern collecting, using, and sharing of personal data. This thesis proposes frameworks for personalized privacy and privacy auditing to address these two problems. In this thesis, we focus our investigation on the comprehensibility issues of personalized privacy using the concrete application domain of personal health data as recorded in systems known as personal health records (PHR). We develop the Privacy Goals and Settings Mediator (PGSM) model, which is based on i* multi-agent modelling techniques, as a way to help users comprehend privacy settings when employing multiple services over a web platform. Additionally, the PGSM model helps privacy experts contribute their privacy knowledge to the users’ privacy decision-making task. To address the privacy auditing problem, we propose two light-weight ontologies, L2TAP and SCIP, that are designed for deployment as Linked Data, an emerging standard for representing and publishing web data. L2TAP (Linked Data Log to Transparency, Accountability and Privacy) provides flexible and extensible provenance-enabled logging of privacy events. SCIP (Simple Contextual Integrity Privacy) provides a simple target for mapping the key concepts of Contextual Integrity and enables SPARQL query-based solutions for two important privacy processes: compliance checking and obligation derivation. This thesis validates the premise of PHR users’ privacy concerns, attitudes and behaviour through an empirical study. The usefulness of the PGSM model for privacy experts is evaluated through interviews with experts. Finally, the scalability and practical benefits of L2TAP+SCIP for log-based privacy auditing are validated experimentally.

Privacy

Ontology

Audit log

Linked Data

Personal Health Record

Personal Web

Compliance queries

0790

Psychological and workplace attributes that influence personal web use (PWU) : a dissertation presented in partial fulfilment of the requirements for the degree of Doctor of Philosophy in Industrial/Organisational Psychology, Massey University, Albany, New Zealand

Polzer-Debruyne, Andrea M

January 2008

Using the Internet during work time for personal interest is defined as personal web use (PWU), yet only limited knowledge is available on why people engage in varying degrees in this activity. To address this shortcoming, this research project tested a heavily moderated theoretical model of thirteen psychological and workplace attributes expected to influence differences in individuals’ PWU: moral norms, boredom, workgroup norms, workload, use of the ‘ledger neutralisation strategy’, certainty about PWU rules, attitude towards work, reactance, supervisor treatment, attitude towards PWU control, status, tenure and social loafing risk. Five facets of PWU were measured as separate criterion variables: past frequency, habitual PWU, duration, and two PWU activity types. Data for the model testing was gathered through an extensive on-line questionnaire. The responses of 267 participants with varying demographics and work situations were used to test the theoretical model, using moderated regression analyses. Significant interactions were explored further through the Modgraph procedure. The model testing results showed that PWU was more common in respondents who morally approved of PWU and who were bored at their work. How often people engaged in PWU (either out of habit or in general), for how long and in what types of activities, was influenced by specific combinations of the remaining attributes. Only four of the hypothesised twelve interactions played statistically significant roles, only habitual PWU was influenced by workload; and only information-seeking activities were influenced by workgroup norms. Attributes with ‘revenge’ connotations were noticeably absent as significant influences. The findings are discussed in some detail. To further explore the context of PWU, thematic analysis was undertaken of answers to two open-response questions provided by a sub-sample of 119 participants. Results supported the role of workplace boredom in PWU situations, specified the moral issues of PWU approval, and suggested that PWU is best understood and examined in the wider context of organisational culture. The thesis concludes with synthesis and discussion of statistical and qualitative analyses results, identifying the contributions the research has made to the field of study. Suggested practical applications of the findings, limitations of the research project and suggestions for future studies conclude the documentation.

Organisational Psychology

Personal Web Use

Semantic Analysis of Web Pages for Task-based Personal Web Interactions

Manjunath, Geetha

January 2013

Mobile widgets now form a new paradigm of simplified web. Probably, the best experience of the Web is when a user has a widget for every frequently executed task, and can execute it anytime, anywhere on any device. However, the current method of programmatically creating personally relevant mobile widgets for every user does not scale. Creation of these mobile web widgets requires application programming as well as knowledge of web-related protocols. Furthermore, these mobile widgets are also limited to smart phones with data connectivity and such smart phones form just about 15% of the mobile phones in India. How do we make web accessible on devices that most people can afford? How does one create simple relevant tasks for the numerous diverse needs of every person? In this thesis, we attempt to address these issues and propose a new method of web simplification that enables an end-user to create simple single-click widgets for a complex personal task - without any programming. The proposed solution enables even low-end phones to access personal web tasks over SMS and voice. We propose a system that enables end users to create personal widgets via programming-by-browsing. A new concept called Tasklets to represent a user’s personal interaction, and a notion of programming over websites using a Web Virtual Machine are presented. Ensuring correct execution of these end user widgets posed interesting problems in web data mining and required us to investigate new methods to characterize and semantically model browser-based interactions. In particular, an instruction set for programming over web sites, new domain-specific similarity measures using ontologies, algorithms for frequent-pattern mining of web interactions and change detection with a proof of its NP-completeness are presented. A quantitative metric to measure the interaction complexity of web browsing and a method of classifying relational data using semantics hidden in the schema are introduced as well. This new web architecture to enable multi-device access to user's personal tasks over low-end phones was piloted with real users, as a solution named SiteOnMobile, and has received very positive response.

Mobile Widgets

Web Virtual Machine

Tasklets

Personal Web Interactions

Web Change Detection

SiteOnMobile

Web Interaction Language

Web Widgets

Web Tasks

Web Page Design

Web Interactions

Computer Science