Building a better privacy policy
Speaker
Lorrie Faith Cranor
Associate Professor of Computer Science and of Engineering and Public Policy, Carnegie Mellon University
When
-
Where
Newell-Simon Hall 1305 (Michael Mauldin Auditorium)
Video
Video link
Description
Today’s online privacy policies are failing consumers because they are difficult to understand and take too long to read. At the CyLab Usable Privacy and Security Laboratory at Carnegie Mellon University, we’ve developed and evaluated new ways of making privacy policies more usable for consumers. One approach is to distill privacy policy information into a simple privacy rating, and display this rating as an annotation to search engine results. Our laboratory studies have demonstrated that by including privacy ratings in search results consumers are motivated to seek out websites with better privacy policies and pay a small premium for better privacy. We’ve also conducted studies comparing a number of existing and new privacy policy formats to determine which are most usable, and developed and evaluated a new privacy “nutrition label” format based on concepts from standardized food labels. We’ve developed tools to generate our privacy nutrition labels automatically for websites that have Platform for Privacy Preferences (P3P) computer-readable privacy policies, and integrated this into the privacyfinder.org, a search engine run by our lab. We’ve also collected a large cache of P3P policies, which we’ve been able to mine for data about P3P and privacy policy trends. In this talk, I will review our approach to building a better privacy policy, discuss our studies, and highlight the lessons learned.
Speaker's Bio
Lorrie Faith Cranor is an Associate Professor of Computer Science and of Engineering and Public Policy at Carnegie Mellon University where she is director of the CyLab Usable Privacy and Security Laboratory (CUPS). She is also Chief Scientist of Wombat Security Technologies, Inc. She has authored over 80 research papers on online privacy, phishing and semantic attacks, spam, electronic voting, anonymous publishing, usable access control, and other topics. She has played a key role in building the usable privacy and security research community, having co-edited the seminal book Security and Usability (O'Reilly 2005) and founded the Symposium On Usable Privacy and Security (SOUPS). She also chaired the Platform for Privacy Preferences Project (P3P) Specification Working Group at the W3C and authored the book Web Privacy with P3P (O'Reilly 2002). She has served on a number of boards, including the Electronic Frontier Foundation Board of Directors, and on the editorial boards of several journals. In 2003 she was named one of the top 100 innovators 35 or younger by Technology Review magazine. She was previously a researcher at AT&T-Labs Research and taught in the Stern School of Business at New York University.
Host
Brad Myers