Disaster privacy/privacy disaster

Privacy expectations during disasters differ significantly from non-emergency situations. Recent scandals, such as inappropriate disclosures from FEMA to contractors, illustrate that tradeoffs between emergencies and privacy must be made carefully. Increased use of social technologies to facilitate communication and support first responders provide more opportunities for privacy infringements, despite increased regulation of disaster information flows to government agencies and with trusted partners of the government. This paper specifically explores the actual practices followed by popular disaster apps. Our empirical study compares content analysis of privacy policies and government agency policies, structured by the contextual integrity (CI) framework, with static and dynamic app analysis documenting the personal data they send. We identify substantive gaps between regulation and guidance, privacy policies, and information flows generated by apps/platforms, resulting from ambiguities and exploitation of exemptions. Results also indicate gaps between governance and practice, including: (1) many apps ignore transmission principles self-defined in policy; (2) while some policies state they “might” access location data under certain conditions, those conditions are not met as 12 apps included in our study capture location immediately upon download; and (3) not all third parties data recipients are identified in policy, including instances that violate expectations of trusted third parties. We visually map disaster information flows during disasters and around third party and government apps within the disaster response domain, and emphasize information exchanges between specific actors and the differences between actual flows of personal information and regulatory and policy specifications.

[1]  John W Farnham Disaster and emergency communications prior to computers/Internet: a review , 2006, Critical care.

[2]  Helen Nissenbaum,et al.  Going against the (Appropriate) Flow: A Contextual Integrity Approach to Privacy Policy Analysis , 2019, HCOMP.

[3]  Madelyn Sanfilippo,et al.  Methodological Transparency and Big Data: A Critical Comparative Analysis of Institutionalization , 2019, iConference.

[4]  Russell C. Coile The role of amateur radio in providing emergency electronic communication for disaster management , 1997 .

[5]  Sherry J. Holladay,et al.  The Handbook of Crisis Communication , 2010 .

[6]  L. Palen,et al.  Crisis informatics—New data for extraordinary times , 2016, Science.

[7]  Jing Zhang Emergency notification on mobile devices : a trade-off between protection motivation, privacy concern and personalised notification. , 2017 .

[8]  Christian Reuter,et al.  Retrospective Review and Future Directions for Crisis Informatics , 2021, Information Refinement Technologies for Crisis Informatics.

[9]  Narseo Vallina-Rodriguez,et al.  “Won’t Somebody Think of the Children?” Examining COPPA Compliance at Scale , 2018, Proc. Priv. Enhancing Technol..

[10]  David A. Wagner,et al.  Android Permissions Remystified: A Field Study on Contextual Integrity , 2015, USENIX Security Symposium.

[11]  Leysia Palen,et al.  The Evolving Role of the Public Information Officer: An Examination of Social Media in Emergency Management , 2012 .

[12]  Martin L. Griss,et al.  Overseer: A Mobile Context-Aware Collaboration and Task Management System for Disaster Response , 2010, 2010 Eighth International Conference on Creating, Connecting and Collaborating through Computing.

[13]  Patric R. Spence,et al.  Variability in Twitter Content Across the Stages of a Natural Disaster: Implications for Crisis Communication , 2015 .

[14]  Nastaran Pourebrahim,et al.  Understanding communication dynamics on Twitter during natural disasters: A case study of Hurricane Sandy , 2019, International Journal of Disaster Risk Reduction.

[15]  Daniel J. Bachmann,et al.  Emergency Preparedness and Disaster Response: There’s An App for That , 2015, Prehospital and Disaster Medicine.

[16]  Hideo Joho,et al.  An analysis of natural disaster‐related information‐seeking behavior using temporal stages , 2018, J. Assoc. Inf. Sci. Technol..

[17]  Narseo Vallina-Rodriguez,et al.  Haystack: A Multi-Purpose Mobile Vantage Point in User Space , 2015, 1510.01419.

[18]  Fei Wang,et al.  The evolution of stakeholders' perceptions of disaster: A model of information flow , 2016, J. Assoc. Inf. Sci. Technol..

[19]  I. Nourbakhsh,et al.  Mapping disaster zones , 2006, Nature.

[20]  Nick Feamster,et al.  Discovering Smart Home Internet of Things Privacy Norms Using Contextual Integrity , 2018, Proc. ACM Interact. Mob. Wearable Ubiquitous Technol..

[21]  Adnan Yazici,et al.  Hybrid Approach for Disaster Recovery using P2P Communications in Android , 2018, 2018 IEEE 43rd Conference on Local Computer Networks Workshops (LCN Workshops).

[22]  E. Ostrom,et al.  A Grammar of Institutions , 1995, American Political Science Review.

[23]  David A. Wagner,et al.  The Feasibility of Dynamically Granted Permissions: Aligning Mobile Privacy with User Preferences , 2017, 2017 IEEE Symposium on Security and Privacy (SP).