Norman M. Sadeh is a Professor in the School of Computer Science at Carnegie Mellon University. He is director of Carnegie Mellon’s e-Supply Chain Management Laboratory, director of its Mobile Commerce Laboratory, and co-Director of the School’s PhD Program in Computation, Organizations and Society. He also co-directs the newly created MBA track in Technology Leadership launched jointly by the Tepper School of Business and the School of Computer Science.
posted by Richard Power
CyLab Chronicles: In the 21st Century, the privacy of the individual is undermined in many ways. Some of them blatant and malicious (e.g., identity theft and Big Brother government), others are subtle and seemingly beneficial. Examples of the latter include the wildly expanding functionality available thru on-line commerce (Amazon knows or thinks it knows your tastes) and on-line culture (Facebook can allow everyone to know where you are all the time). So now it is not so much protecting privacy as it is re-establishing zones of relative privacy, and managing identity. Would you talk about some of the ways your research address these issues?
SADEH: With the Web mediating an ever wider range of interactions between people and organizations, there is also a significant increase in the variety and amount of information users end up disclosing to services and to members of their various social networks. The challenge is to develop solutions that empower them to remain in control over what happens to this information. This includes controlling who has access to it and under what conditions. Our work in this area started in the context of MyCampus, an initiative launched by the Mobile Commerce Laboratory to develop and experiment with mobile, context-aware services aimed at enhancing everyday campus life.
Data collected from a number of pilots has shown that, even in the context of seemingly mundane interactions (e.g. deciding whether or not to share calendar or location information with peers), people tend to have fairly diverse and often rather complex privacy preferences. Our data also indicate that they generally have a hard time articulating what their preferences (or “policies”) are. This is in part because these applications are new. In other words, users don’t know exactly what to expect (e.g. how often will their friends try to access their location and for what purpose). In addition, our experiments show that people are just not very good at articulating complex sets of rules.
Through our work, we are combining user-centered design principles with the development of learning, dialogue and explanation functionality aimed at helping users specify and refine their privacy policies more effectively. Our work focuses primarily on mobile and pervasive computing applications, including social networking applications. One example is a Friend Finder application that allows users to selectively share their location with their peers (e.g. friends, colleagues or family) subject to policies they can refine over time. The technologies we are developing could also be used in the context of enterprise applications. An important trend in the corporate world is a move towards more agile or “flatter” organizations where employees are empowered to configure a growing collection of policies. Unless users can be provided with better policy authoring tools, companies will find that delegation can lead to employee frustration and also be a significant source of vulnerability.
CyLab Chronicles: What technology are you working on?
SADEH: An important part of our work revolves around the development of new policy authoring tools. This includes interfaces to edit policies as well as technologies to audit decisions made by these policies. The latter includes the ability to review decisions, ask questions such as 'Why was this particular request denied/allowed?' or 'What if I were to change this particular element of my policy?'. As users provide feedback on decisions made by their policies, we can also leverage machine learning to see if we can help them refine these policies. While machine learning has traditionally been deployed as a “black box” technology that takes over from the user, we have developed “user-controlled” configurations, where machine learning is used to make suggestions that users can either accept or reject.
Our approach emphasizes suggestions that are easy for users to understand, focusing on incremental modifications of the user’s current policy rather than major modifications that users are unlikely to comprehend. Early experiments with our “user-controlled policy learning” techniques suggest that it might be possible to rapidly converge towards policies that are highly accurate and to do so while allowing users to remain in control. We believe this will help significantly reduce the likelihood of converging towards a policy that looks highly accurate, yet occasionally makes dangerous decisions. Because our pilots have shown that users tend to be conservative, an approach that empowers them to remain in control effectively allows them to err on the safe side as they refine their policies.
CyLab Chronicles: What are the unique attributes of your work?
SADEH: Beyond the technologies I just outlined, we are trying to gain a better understanding of what it takes to empower users to define better policies. This includes looking at tradeoffs between burden on the user and accuracy of the policies they define. This includes evaluating the benefits of different levels of expressiveness in the policies they are allowed to manipulate. Does more expressiveness lead to more accurate policies or is there a point where increased expressiveness creates confusion and leads to less accuracy? In some domains users also seem to have greater tolerance for errors than in others. We would like to better understand how some of these tradeoffs vary from one application domain to another. In the process, we hope to also help inform policy discussions on privacy in emerging mobile, pervasive and social networking applications. Last year for instance, we were invited to present our findings at a panel on Location Privacy organized by the Advisory Committee to the Congressional Internet Caucus.
CyLab Chronicles: What are the most difficult technological challenges in your area of research?
SADEH: I believe I have already outlined some of the technical challenges we are trying to address. A general challenge in conducting research in this area is that many of the applications and scenarios we are exploring are novel. Just asking people how they feel about their privacy under some of these scenarios does not cut it. What people tell you they would do and what they actually do when confronted with these scenarios in real life are often very different. For this reason, we often find ourselves spending significant amounts of time designing experiments that involve building and deploying full-fledged prototypes and piloting them with actual users in the context of real life scenarios. This is a very demanding process and one that often requires multiple iterations before you get things right.
CyLab Chronicles: What are the commercial implications of your work?
SADEH: We believe that this work has a wide range of potential applications. Cell phone operators, social networking sites, and Internet portals are all experimenting with new services that involve the sharing of personal information. Our experiments show that giving users adequate controls over their privacy will be an important element in the adoption of these technologies. As users of social networking sites such as Facebook came to better understand the consequences of some of their early practices, they have increasingly been clamoring for better control over their information. Social networking sites have been struggling to find solutions that provide users with adequate controls while remaining usable. We believe that our technology has the potential to make a difference in this space. But demands for better authoring tools to manage privacy and security is not limited to these types of applications. As noted earlier, there is a significant and growing demand from enterprises too.
See all CyLab Chronicles articles