"Necessary But Not Sufficient: Standardized Mechanisms for Privacy Notice and Choice" (CRCS Lunch Seminar)

Presentation Date: 

Monday, May 6, 2013

CRCS Lunch Seminar

Date: Monday, May 6, 2013
Speaker: Lorrie Faith Cranor, Carnegie Mellon University
Title: Necessary But Not Sufficient: Standardized Mechanisms for Privacy Notice and Choice

Abstract: Website privacy policies are supposed to help users make informed decisions about when to share data with websites. But, as anyone who has ever tried to read a privacy policy knows, privacy policies are generally not all that helpful to users. Suggestions are emerging for technical mechanisms that would provide privacy policies in machine-readable form, allowing web browsers, mobile devices, and other tools to act on them automatically and distill them into simple icons for end users. Other proposals are focused on allowing users to signal to websites, through their web browsers, that they do not wish their online activities to be tracked. Industry organizations have brought us web sites where users can opt-out of targeted advertising by their member companies, and a number of software vendors and open source developers are distributing tools that help users block cookies, trackers, or advertising. Facilitating transparency and control through easily recognizable symbols and software privacy controls are laudable goals. However, after more than 15 years of attempts at providing privacy “notice and choice,” we still have a dearth of usable and effective tools that empower consumers to make meaningful privacy choices. In this talk I will review a number of the proposals and tools that have emerged over the years. I’ll talk about the lessons we have learned from these experiences and how they may serve to inform current policy discussions. I’ll also report on some of our research assessing the usability and effectiveness of consumer privacy tools.

Bio: Lorrie Faith Cranor is an Associate Professor of Computer Science and of Engineering and Public Policy at Carnegie Mellon University where she is director of the CyLab Usable Privacy and Security Laboratory (CUPS). She is also a co-founder of Wombat Security Technologies, Inc. During her 2012-13 sabbatical, Lorrie is making art quilts (some on privacy-related themes) as part of her fellowship at the Carnegie Mellon STUDIO for Creative Inquiry. She has authored over 100 research papers on online privacy and usable security. She has played a key role in building the usable privacy and security research community, having co-edited the seminal book Security and Usability (O’Reilly 2005) and founded the Symposium On Usable Privacy and Security (SOUPS). She also chaired the Platform for Privacy Preferences Project (P3P) Specification Working Group at the W3C and authored the book Web Privacy with P3P (O’Reilly 2002). She has served on a number of boards, including the Electronic Frontier Foundation Board of Directors, and on the editorial boards of several journals. In 2003 she was named one of the top 100 innovators 35 or younger by Technology Review magazine. She was previously a researcher at AT&T-Labs Research and taught in the Stern School of Business at New York University. http://lorrie.cranor.org