Peer-produced privacy protection

Privacy risks have been addressed through technical solutions such as Privacy-Enhancing Technologies (PETs) as well as regulatory measures including Do Not Track. These approaches are inherently limited as they are grounded in the paradigm of a rational end user who can determine, articulate, and manage consistent privacy preferences. This assumes that self-serving efforts to enact privacy preferences lead to socially optimal outcomes with regard to information sharing. We argue that this assumption typically does not hold true. Consequently, solutions to specific risks are developed - even mandated - without effective reduction in the overall harm of privacy breaches. We present a systematic framework to examine these limitations of current technical and policy solutions. To address the shortcomings of existing privacy solutions, we argue for considering information sharing to be transactions within a community. Outcomes of privacy management can be improved at a lower overall cost if peers, as a community, are empowered by appropriate technical and policy mechanisms. Designing for a community requires encouraging dialogue, enabling transparency, and supporting enforcement of community norms. We describe how peer production of privacy is possible through PETs that are grounded in the notion of information as a common-pool resource subject to community governance.

[1]  Krishna P. Gummadi,et al.  Analyzing facebook privacy settings: user expectations vs. reality , 2011, IMC '11.

[2]  Alessandro Acquisti,et al.  Imagined Communities: Awareness, Information Sharing, and Privacy on the Facebook , 2006, Privacy Enhancing Technologies.

[3]  W. Keith Edwards,et al.  More than meets the eye: transforming the user experience of home network management , 2008, DIS '08.

[4]  Adam J. Lee,et al.  Eyeing your exposure: quantifying and controlling information sharing for improved privacy , 2011, SOUPS.

[5]  Rainer Böhme,et al.  On the Viability of Privacy-Enhancing Technologies in a Self-Regulated Business-to-Consumer Market: Will Privacy Remain a Luxury Good? , 2007, WEIS.

[6]  Bettina Berendt,et al.  PETs in the Surveillance Society: A Critical Review of the Potentials and Limitations of the Privacy as Confidentiality Paradigm , 2010, Data Protection in a Profiled World.

[7]  J. Rubenfeld The Right of Privacy , 1989 .

[8]  Benjamin Edelman,et al.  Adverse selection in online "trust" certifications , 2009, WEIS.

[9]  K. Strater,et al.  Strategies and struggles with privacy in an online social networking community , 2008 .

[10]  Tyler Moore,et al.  The Economics of Information Security , 2006, Science.

[11]  Lee A. Bygrave,et al.  A right to be forgotten? , 2014, Commun. ACM.

[12]  Kristina Höök,et al.  Social navigation: techniques for building more usable systems , 2000, INTR.

[13]  Yosuke Fukuda,et al.  Rational Cooperation in the Finitely Repeated Prisoners' Dilemma , 2013 .

[14]  Sameer Patil,et al.  Are you exposed?: conveying information exposure , 2012, CSCW.

[15]  W. Keith Edwards,et al.  Computer help at home: methods and motivations for informal technical support , 2009, CHI.

[16]  G. Hardin,et al.  The Tragedy of the Commons , 1968, Green Planet Blues.

[17]  Alfred Kobsa,et al.  With a little help from my friends: can social navigation inform interpersonal privacy preferences? , 2011, CSCW.

[18]  Bettina Berendt,et al.  E-privacy in 2nd generation E-commerce: privacy preferences versus actual behavior , 2001, EC '01.

[19]  William Ascher,et al.  Communities and Sustainable Forestry in Developing Countries , 1994 .

[20]  James A. Landay,et al.  Personal privacy through understanding and action: five pitfalls for designers , 2004, Personal and Ubiquitous Computing.

[21]  Aleecia M. McDonald,et al.  The Cost of Reading Privacy Policies , 2009 .

[22]  Alessandro Acquisti,et al.  Misplaced Confidences , 2013, WEIS.

[23]  Adam J. Lee,et al.  PlexC: a policy language for exposure control , 2012, SACMAT '12.

[24]  M. Angela Sasse,et al.  The compliance budget: managing security behaviour in organisations , 2009, NSPW '08.

[25]  Lorrie Faith Cranor,et al.  Power strips, prophylactics, and privacy, oh my! , 2006, SOUPS '06.

[26]  G. Brady Governing the Commons: The Evolution of Institutions for Collective Action , 1993 .

[27]  Elizabeth D. Mynatt,et al.  Challenges in supporting end-user privacy and security management with social navigation , 2009, SOUPS.

[28]  Alfred Kobsa,et al.  Uncovering privacy attitudes and practices in instant messaging , 2005, GROUP.

[29]  D. Feeny,et al.  The benefits of the commons , 1989, Nature.

[30]  E. Ostrom,et al.  Covenants with and without a Sword: Self-Governance Is Possible , 1992, American Political Science Review.

[31]  J. Reeve,et al.  Solutions to problematic polypharmacy: learning from the expertise of patients. , 2015, The British journal of general practice : the journal of the Royal College of General Practitioners.

[32]  Kristen LeFevre,et al.  Privacy wizards for social networking sites , 2010, WWW '10.

[33]  Elizabeth D. Mynatt,et al.  Supporting Privacy Management via Community Experience and Expertise , 2005 .

[34]  R. Posner The Economics of Privacy , 1981 .

[35]  Tyler Moore,et al.  Economics of Information Security and Privacy , 2014 .

[36]  L. Jean Camp,et al.  Reliable Usable Signals to Prevent Masquerade Attacks , 2006, WEIS.

[37]  Robert E. Kraut,et al.  Troubles With the Internet: The Dynamics of Help at Home , 2000, Hum. Comput. Interact..

[38]  Heather Richter Lipford,et al.  The impact of social navigation on privacy policy configuration , 2010, SOUPS.

[39]  Fikret Berkes,et al.  Fishermen and ‘The Tragedy of the Commons’ , 1985, Environmental Conservation.

[40]  Alessandro Acquisti,et al.  Privacy and rationality in individual decision making , 2005, IEEE Security & Privacy.

[41]  Thorsten Strufe,et al.  Improving the Usability of Privacy Settings in Facebook , 2011, ArXiv.

[42]  Paul Dourish,et al.  Culture and Control in a Media Space , 1993, ECSCW.

[43]  Joseph Bonneau,et al.  The Privacy Jungle: On the Market for Data Protection in Social Networks , 2009, WEIS.

[44]  Tyler Moore,et al.  Evaluating the Wisdom of Crowds in Assessing Phishing Websites , 2008, Financial Cryptography.

[45]  Sameer Patil,et al.  My Privacy Policy: Exploring End-user Specification of Free-form Location Access Rules , 2012, Financial Cryptography Workshops.