Jetzabel Serna

Privacy Technologies and Policy

Existing work on privacy by design mostly focus on technologies rather than methodologies and on components rather than architectures. In this paper, we advocate the idea that privacy by design should also be addressed at the architectural level and be associated with suitable methodologies. Among other benefits, architectural descriptions enable a more systematic exploration of the design space. In addition, because privacy is intrinsically a complex notion that can be in tension with other requirements, we believe that formal methods should play a key role in this area. After presenting our position, we provide some hints on how our approach can turn into practice based on ongoing work on a privacy by design environment.

PrivacyGuide: Towards an Implementation of the EU GDPR on Internet Privacy Policy Evaluation

Nowadays Internet services have dramatically changed the way people interact with each other and many of our daily activities are supported by those services. Statistical indicators show that more than half of the worlds population uses the Internet generating about 2.5 quintillion bytes of data on daily basis. While such a huge amount of data is useful in a number of fields, such as in medical and transportation systems, it also poses unprecedented threats for users privacy. This is aggravated by the excessive data collection and user profiling activities of service providers. Yet, regulation require service providers to inform users about their data collection and processing practices. The de facto way of informing users about these practices is through the use of privacy policies. Unfortunately, privacy policies suffer from bad readability and other complexities which make them unusable for the intended purpose. To address this issue, we introduce PrivacyGuide, a privacy policy summarization tool inspired by the European Union (EU) General Data Protection Regulation (GDPR) and based on machine learning and natural language processing techniques. Our results show that PrivacyGuide is able to classify privacy policy content into eleven privacy aspects with a weighted average accuracy of 74% and further shed light on the associated risk level with an accuracy of 90%.

FAIR: Fuzzy Alarming Index Rule for Privacy Analysis in Smartphone Apps

In this paper, we introduce an approach that aims at increasing individuals’ privacy awareness. We perform a privacy risk assessment of the smartphone applications (apps) installed on a user’s device. We implemented an app behaviour monitoring tool that collects information about access to sensitive resources by each installed app. We then calculate a privacy risk score using a fuzzy logic based approach that considers type, number and frequency of access on resources. The combination of these two concepts provides the user with information about the privacy invasiveness level of the monitored apps. Our approach enables users to make informed privacy decisions, i.e. restrict permissions or report an app based on resource access events. We evaluate our approach by analysing the behaviour of selected apps and calculating their associated privacy score. Initial results demonstrate the applicability of our approach, which allows the comparison of apps by reporting to the user the detected events and the resulting privacy risk score.

Easing the Burden of Setting Privacy Preferences: A Machine Learning Approach

Setting appropriate privacy preferences is both a difficult and cumbersome task for users. In this paper, we propose a solution to address users’ privacy concerns by easing the burden of manually configuring appropriate privacy settings at the time of their registration into a new system or service. To achieve this, we implemented a machine learning approach that provides users personalized privacy-by-default settings. In particular, the proposed approach combines prediction and clustering techniques, for modeling and guessing the privacy profiles associated to users’ privacy preferences. This approach takes into consideration the combinations of service providers, types of personal data and usage purposes. Based on a minimal number of questions that users answer at the registration phase, it predicts their privacy preferences and sets an optimal default privacy setting. We evaluated our approach with a data set resulting from a questionnaire administered to 10,000 participants. Results show that with a limited user input of 5 answers the system is able to predict the personalised privacy settings with an accuracy of 85%.

I Read but Don't Agree: Privacy Policy Benchmarking using Machine Learning and the EU GDPR

With the continuing growth of the Internet landscape, users share large amount of personal, sometimes, privacy sensitive data. When doing so, often, users have little or no clear knowledge about what service providers do with the trails of personal data they leave on the Internet. While regulations impose rather strict requirements that service providers should abide by, the defacto approach seems to be communicating data processing practices through privacy policies. However, privacy policies are long and complex for users to read and understand, thus failing their mere objective of informing users about the promised data processing behaviors of service providers. To address this pertinent issue, we propose a machine learning based approach to summarize the rather long privacy policy into short and condensed notes following a risk-based approach and using the European Union (EU) General Data Protection Regulation (GDPR) aspects as assessment criteria. The results are promising and indicate that our tool can summarize lengthy privacy policies in a short period of time, thus supporting users to take informed decisions regarding their information disclosure behaviors.

Evaluation of Privacy-ABC Technologies - a Study on the Computational Efficiency

Privacy-enhancing attribute-based credential (Privacy-ABC) technologies use different cryptographic methods to enhance the privacy of the users. This results in important practical differences between these technologies, especially with regard to efficiency, which have not been studied in depth, but is necessary for assessing their suitability for different user devices and for highly dynamic scenarios. In this paper, we compare the computational efficiency of two prominent Privacy-ABC technologies, IBM’s Idemix and Microsoft’s U-Prove, covering all known Privacy-ABC features. The results show that overall presentation is in general is more efficient with Idemix, whereas U-Prove is more efficient for the User side (proving) operations during the presentation, and overall when there are more attributes in a credential. For both technologies we confirmed that inspectability, non-revocation proofs, and inequality predicates are costly operations. Interestingly, the study showed that equality predicates, the number of attributes in a credential, and attribute disclosure are done very efficiently. Finally, we identified a number of specific trust issues regarding Privacy-ABC technologies.

Personalised Privacy by Default Preferences - Experiment and Analysis

In this paper, we present a novel mechanism that provides individuals with personalised privacy by default setting when they register into a new system or service. The proposed approach consists of an intelligent mechanism that learns users’ context and preferences to generate personalised default privacy settings. To achieve this, we used a machine learning approach that requires a minimal number of questions at the registration phase, and, based on users’ responses, sets up privacy settings associated to users’ privacy preferences for a particular service. This is the first attempt to predict general privacy preferences from a minimal number of questions. We propose two approaches. The first scheme is based on the sole use of SVM to predict users’ personalised settings. The second scheme implemented an additional layer that includes clustering. The accuracy of proposed approaches is evaluated by comparing the guessed answers against the answers from a questionnaire administered to 10,000 participants. Results show that, the SVM based scheme is able to guess the the full set of personalised privacy settings with an accuracy of 85%, by using a limited input of only 5 answers from the user.

ARM: ANN-based ranking model for privacy and security analysis in smartphone ecosystems

Smartphone ecosystems are considered as a unique source due to the large number of apps which in turn makes an extensive use of personal data. Currently, there is no privacy and security preservation mechanism in smartphone ecosystems to enable users to compare apps in terms of privacy and security protection level, and to alarm them regarding the invasive issues (in terms of privacy and security) of apps before installing them. In this paper, we exploit user comments on app stores as an important source to extract privacy and security invasive (PSI) claims corresponding to apps. Thus, we propose an artificial neural network (ANN)-based ranking model (ARM) in order to classify user comments with privacy and security concerns. Our ranking model is based on three main features namely privacy and security, sentiment, and lifetime analyses as the input of the ranking model along with a novel mathematical formulation in such a way as to maximise the differentiation between comments. The performance results show that ARM is able to classify and predict PSI user comments with accuracy as high as 93.3%. Our findings confirm that due to the functionality of ARM, it has the potential to be widely adopted in smartphone ecosystems.

Default Privacy Setting Prediction by Grouping User’s Attributes and Settings Preferences

While user-centric privacy settings are important to protect the privacy of users, often users have difficulty changing the default ones. This is partly due to lack of awareness and partly attributed to the tediousness and complexities involved in understanding and changing privacy settings. In previous works, we proposed a mechanism for helping users set their default privacy settings at the time of registration to Internet services, by providing personalised privacy-by-default settings. This paper evolves and evaluates our privacy setting prediction engine, by taking into consideration users’ settings preferences and personal attributes (e.g. gender, age, and type of mobile phone). Results show that while models built on users’ privacy preferences have improved the accuracy of our scheme; grouping users by attributes does not make an impact in the accuracy. As a result, services potentially using our prediction engine, could minimize the collection of user attributes and based the prediction only on users’ privacy preferences.