An Automated Negotiation Agent for Permission Management

The digital economy is based on data sharing yet citizens have little control about how their personal data is being used. While data management during web and app-based use is already a challenge, as the Internet of Things (IoT) scales up, the number of devices accessing and requiring personal data will go beyond what a person can manually assess in terms of data access requests. Therefore, new approaches are needed for managing privacy preferences at scale and providing active consent around data sharing that can improve fidelity of operation in alignment with user intent. To address this challenge, we introduce a novel agent-based approach to negotiate the permission to exchange private data between users and services. Our agent negotiates based on learned preferences from actual users. To evaluate our agent-based approach, we developed an experimental tool to run on people's own smartphones, where users were asked to share their private, real data (e.g. photos, contacts, etc) under various conditions. The agent autonomously negotiates potential agreements for the user, which they can refine by manually continuing the negotiation. The agent learns from these interactions and updates the user model in subsequent interactions. We find that the agent is able to effectively capture the preferences and negotiate on the user's behalf but, surprisingly, does not reduce user engagement with the system. Understanding how interaction interplays with agent-based automation is a key component to successful deployment of negotiating agents in real-life settings and within the IoT context in particular.

[1]  Heather Richter Lipford,et al.  Mapping User Preference to Privacy Default Settings , 2015, TCHI.

[2]  Abdulsalam Yassine,et al.  An intelligent agent-based framework for privacy payoff negotiation in virtual environments , 2009, 2009 IEEE Workshop on Computational Intelligence in Virtual Environments.

[3]  Ilaria Liccardi,et al.  Negotiation as an Interaction Mechanism for Deciding App Permissions , 2016, CHI Extended Abstracts.

[4]  Sarit Kraus,et al.  Strategic Negotiation in Multiagent Environments , 2001, Intelligent robots and autonomous agents.

[5]  Hamed Haddadi,et al.  Valorising the IoT Databox: creating value for everyone , 2016, Trans. Emerg. Telecommun. Technol..

[6]  Sören Preibusch Privacy Negotiations with P3P , 2006 .

[7]  Takayuki Ito,et al.  AgentK: Compromising Strategy based on Estimated Maximum Utility for Automated Negotiating Agents , 2012, New Trends in Agent-Based Complex Automated Negotiations.

[8]  J. Such,et al.  A survey of privacy in multi-agent systems , 2013, The Knowledge Engineering Review.

[9]  Abdulsalam Yassine,et al.  Privacy and the market for private data: A negotiation model to capitalize on private data , 2008, 2008 IEEE/ACS International Conference on Computer Systems and Applications.

[10]  Sarvapali D. Ramchurn,et al.  A field study of human-agent interaction for electricity tariff switching , 2014, AAMAS.

[11]  Alessandro Acquisti,et al.  Privacy and rationality in individual decision making , 2005, IEEE Security & Privacy.

[12]  Julita Vassileva,et al.  P2U: A Privacy Policy Specification Language for Secondary Data Sharing and Usage , 2014, 2014 IEEE Security and Privacy Workshops.

[13]  Peter Langendörfer,et al.  Automated negotiation of privacy contracts , 2005, 29th Annual International Computer Software and Applications Conference (COMPSAC'05).

[14]  Ponnurangam Kumaraguru,et al.  Privacy Indexes: A Survey of Westin's Studies , 2005 .

[15]  Kent E. Seamons,et al.  Or Best Offer: A Privacy Policy Negotiation Protocol , 2008, 2008 IEEE Workshop on Policies for Distributed Systems and Networks.

[16]  H. Varian Economic Aspects of Personal Privacy , 2009 .

[17]  Elisa Bertino,et al.  Achieving privacy in trust negotiations with an ontology-based approach , 2006, IEEE Transactions on Dependable and Secure Computing.

[18]  Dickson K. W. Chiu,et al.  Enabling Web Services Policy Negotiation with Privacy preserved using XACML , 2007, 2007 40th Annual Hawaii International Conference on System Sciences (HICSS'07).

[19]  Avi Rosenfeld,et al.  NegoChat: a chat-based negotiation agent , 2014, AAMAS.

[20]  Andreas Krause,et al.  A Utility-Theoretic Approach to Privacy in Online Services , 2010, J. Artif. Intell. Res..

[21]  Yogesh Kalyani,et al.  Privacy Negotiation using a Mobile Agent , 2006, 2006 Canadian Conference on Electrical and Computer Engineering.

[22]  Ya'akov Gal,et al.  The Simple-Meta Agent , 2014, Novel Insights in Agent-based Complex Automated Negotiation.

[23]  Abdulsalam Yassine,et al.  Measuring users' privacy payoff using intelligent agents , 2009, 2009 IEEE International Conference on Computational Intelligence for Measurement Systems and Applications.

[24]  Matteo Cristani,et al.  The Process of Reaching Agreement in Meaning Negotiation , 2012, Trans. Comput. Collect. Intell..

[25]  Hanan El Bakkali,et al.  An approach for privacy policies negotiation in mobile health-Cloud environments , 2015, 2015 International Conference on Cloud Technologies and Applications (CloudTech).

[26]  Bernhard Mitschang,et al.  Privacy Management for Mobile Platforms -- A Review of Concepts and Approaches , 2013, 2013 IEEE 14th International Conference on Mobile Data Management.

[27]  Ariel Rubinstein,et al.  A Course in Game Theory , 1995 .

[28]  Gerhard Weiss,et al.  Optimizing complex automated negotiation using sparse pseudo-input gaussian processes , 2013, AAMAS.

[29]  Tim Moses,et al.  EXtensible Access Control Markup Language (XACML) version 1 , 2003 .

[30]  Enrico Gerding,et al.  Optimal Incremental Preference Elicitation during Negotiation , 2015, IJCAI.

[31]  Ho-fung Leung,et al.  CUHKAgent: An Adaptive Negotiation Strategy for Bilateral Negotiations over Multiple Items , 2014, Novel Insights in Agent-based Complex Automated Negotiation.

[32]  Peter Langendörfer,et al.  Towards automatic negotiation of privacy contracts for Internet services , 2003, The 11th IEEE International Conference on Networks, 2003. ICON2003..

[33]  Michael Mrissa,et al.  Meerkat - A Dynamic Privacy Framework for Web Services , 2011, 2011 IEEE/WIC/ACM International Conferences on Web Intelligence and Intelligent Agent Technology.

[34]  Michael Rovatsos,et al.  Privacy Policy Negotiation in Social Media , 2014, TAAS.

[35]  M. Weitzman Optimal search for the best alternative , 1978 .

[36]  Koen V. Hindriks,et al.  Measuring the Performance of Online Opponent Models in Automated Bilateral Negotiation , 2012, Australasian Conference on Artificial Intelligence.

[37]  Nadin Kökciyan Privacy Management in Agent-Based Social Networks , 2016, AAAI.

[38]  Nicholas R. Jennings,et al.  Multi-issue negotiation under time constraints , 2002, AAMAS '02.

[39]  Katsuhide Fujita,et al.  Compromising Strategy Based on Estimated Maximum Utility for Automated Negotiation Agents Competition (ANAC-10) , 2011, IEA/AIE.

[40]  H. Raiffa,et al.  Decisions with Multiple Objectives , 1993 .

[41]  Koen V. Hindriks,et al.  Learning about the opponent in automated bilateral negotiation: a comprehensive survey of opponent modeling techniques , 2016, Autonomous Agents and Multi-Agent Systems.

[42]  Alessandro Acquisti,et al.  The Effect of Online Privacy Information on Purchasing Behavior: An Experimental Study , 2011, WEIS.

[43]  Sören Preibusch,et al.  Implementing privacy negotiation techniques in e-commerce , 2005, Seventh IEEE International Conference on E-Commerce Technology (CEC'05).

[44]  Nora Cuppens-Boulahia,et al.  Reaching Agreement in Security Policy Negotiation , 2014, 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications.

[45]  Tristan Henderson,et al.  "I Didn't Sign Up for This!": Informed Consent in Social Network Research , 2015, ICWSM.

[46]  A. Rubinstein Perfect Equilibrium in a Bargaining Model , 1982 .

[47]  Patrick C. K. Hung,et al.  Algorithms for automated negotiations and their applications in information privacy , 2004, Proceedings. IEEE International Conference on e-Commerce Technology, 2004. CEC 2004..

[48]  Ilaria Liccardi,et al.  Improving User Choice Through Better Mobile Apps Transparency and Permissions Analysis , 2014, J. Priv. Confidentiality.

[49]  Mark S. Ackerman,et al.  Privacy in e-commerce: examining user scenarios and privacy preferences , 1999, EC '99.

[50]  Alessandro Acquisti,et al.  Uncertainty, Ambiguity and Privacy , 2005, WEIS.

[51]  Sandra G. Hart,et al.  Nasa-Task Load Index (NASA-TLX); 20 Years Later , 2006 .

[52]  Injoo Jang,et al.  Policy Negotiation System Architecture for Privacy Protection , 2008, 2008 Fourth International Conference on Networked Computing and Advanced Information Management.

[53]  Edward Lank,et al.  Privacy Personas: Clustering Users via Attitudes and Behaviors toward Security Practices , 2016, CHI.

[54]  Monica M. C. Schraefel,et al.  Optimal Negotiation Decision Functions in Time-Sensitive Domains , 2015, 2015 IEEE/WIC/ACM International Conference on Web Intelligence and Intelligent Agent Technology (WI-IAT).

[55]  Nicholas R. Jennings,et al.  IAMhaggler: A Negotiation Agent for Complex Environments , 2012, New Trends in Agent-Based Complex Automated Negotiations.

[56]  Eli Pariser,et al.  The Filter Bubble: What the Internet Is Hiding from You , 2011 .

[57]  Sarah Spiekermann Online information search with electronic agents , 2001 .

[58]  Injoo Jang,et al.  Personal Information Classification for Privacy Negotiation , 2009, 2009 Fourth International Conference on Computer Sciences and Convergence Information Technology.